mirror of
https://github.com/borgbackup/borg.git
synced 2024-12-24 08:45:13 +00:00
Suggest to use forced command when using remote-fowarding via ssh
This commit is contained in:
parent
d2ff0a3aab
commit
753419d506
1 changed files with 11 additions and 0 deletions
|
@ -481,6 +481,17 @@ Security Considerations
|
|||
Opening up SSH access this way can pose a security risk as it effectively opens remote access to your
|
||||
backup server on the client even if it is located outside of your company network.
|
||||
|
||||
To reduce the chances of compromise, you should configure a forced command in ``authorized_keys`` to prevent
|
||||
anyone from performing any other action on the backup server.
|
||||
|
||||
This can be done e.g. by adding the following in ``$HOME/.ssh/authorized_keys`` on ``mybackup`` with proper
|
||||
path and client-fqdn:
|
||||
|
||||
::
|
||||
|
||||
command="cd /home/backup/repos/<client fqdn>;borg serve --restrict-to-path /home/backup/repos/<client fqdn>"
|
||||
|
||||
|
||||
All the additional security considerations for borg should be applied, see :ref:`central-backup-server` for some additional
|
||||
hints.
|
||||
|
||||
|
|
Loading…
Reference in a new issue