mirror of
https://github.com/borgbackup/borg.git
synced 2025-03-12 07:08:47 +00:00
borg serve: improve ssh forced commands docs (#6083)
borg serve: improve ssh forced commands docs Co-authored-by: Andrey Bienkowski <hexagon-recursion@posteo.net>
This commit is contained in:
parent
dcb1aef5e0
commit
dbfef31783
2 changed files with 11 additions and 7 deletions
|
@ -82,3 +82,4 @@ basis.
|
||||||
|
|
||||||
Refer to the `sshd(8) <https://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/sshd.8>`_
|
Refer to the `sshd(8) <https://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/sshd.8>`_
|
||||||
man page for more details on SSH options.
|
man page for more details on SSH options.
|
||||||
|
See also :ref:`borg_serve`
|
||||||
|
|
|
@ -3,14 +3,16 @@
|
||||||
Examples
|
Examples
|
||||||
~~~~~~~~
|
~~~~~~~~
|
||||||
|
|
||||||
borg serve has special support for ssh forced commands (see ``authorized_keys``
|
``borg serve`` has special support for ssh forced commands (see ``authorized_keys``
|
||||||
example below): it will detect that you use such a forced command and extract
|
example below): if the environment variable SSH_ORIGINAL_COMMAND is set it will
|
||||||
the value of the ``--restrict-to-path`` option(s).
|
ignore some options given on the command line and use the values from the
|
||||||
|
variable instead. This only applies to a carefully controlled allowlist of safe
|
||||||
|
options. This list currently contains:
|
||||||
|
|
||||||
It will then parse the original command that came from the client, makes sure
|
- Options that control the log level and debug topics printed
|
||||||
that it is also ``borg serve`` and enforce path restriction(s) as given by the
|
such as ``--verbose``, ``--info``, ``--debug``, ``--debug-topic``, etc.
|
||||||
forced command. That way, other options given by the client (like ``--info`` or
|
- ``--lock-wait`` to allow the client to control how long to wait before
|
||||||
``--umask``) are preserved (and are not fixed by the forced command).
|
giving up and aborting the operation when another process is holding a lock.
|
||||||
|
|
||||||
Environment variables (such as BORG_XXX) contained in the original
|
Environment variables (such as BORG_XXX) contained in the original
|
||||||
command sent by the client are *not* interpreted, but ignored. If BORG_XXX environment
|
command sent by the client are *not* interpreted, but ignored. If BORG_XXX environment
|
||||||
|
@ -40,6 +42,7 @@ locations like ``/etc/environment`` or in the forced command itself (example bel
|
||||||
``no-port-forwarding,no-X11-forwarding,no-pty,no-agent-forwarding,no-user-rc``
|
``no-port-forwarding,no-X11-forwarding,no-pty,no-agent-forwarding,no-user-rc``
|
||||||
in this case.
|
in this case.
|
||||||
|
|
||||||
|
Details about sshd usage: `sshd(8) <https://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/sshd.8>`_
|
||||||
|
|
||||||
SSH Configuration
|
SSH Configuration
|
||||||
~~~~~~~~~~~~~~~~~
|
~~~~~~~~~~~~~~~~~
|
||||||
|
|
Loading…
Add table
Reference in a new issue