command= in authorized_keys

[chri2]

Thanks for the wonderful script!

I successfully setup the script and wanted to secure the setup for production.

I reach my source via ssh and backup all of the system. Therefore I wanted to set a forced command in the authorized keys file on the source side to only allow the needed rsync-command.

This doesn't work, because the script tries to execute some other commands beforehand.

It would be nice if this use case could be covered by the script as well.

I helped myself for the time being by changing the script to not run other commands via ssh for the time being:

fn_run_cmd_src() {
        if [ -n "$SSH_SRC_FOLDER_PREFIX" ]
        then
                # eval "$SSH_CMD '$1'"
                true
        else
                eval $1
        fi
}

If there should be no need for a script on the source side to put into command= to check the commands to be run, the only option I see is something like letting the user create a keypair for each operation that is needed.

These keys could be given on the command line like rsync_tmbackup.sh -i <rsync-key> --test-key <test command key> --df-key <key to run df command> ... or the script could just look for these keys at <rsync-key>.<command-name>.

Maybe there's no good way to solve this for the general usage of the script...