Created
December 23, 2022 11:33
-
-
Save lmas/22efff024858e21a615a3ca5d9854e2e to your computer and use it in GitHub Desktop.
Reject anything but rsync through ssh
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| # Script to reject anything but rsync through ssh. | |
| # Source: https://troy.jdmz.net/rsync/index.html | |
| # | |
| # To force run it on new ssh connections, add: | |
| # command="/home/USER/force_rsync.sh" | |
| # to /home/USER/.ssh/authorized_keys, at the start | |
| # of the key line of enforced user. | |
| case "$SSH_ORIGINAL_COMMAND" in | |
| *\&*) | |
| echo "Rejected" | |
| ;; | |
| *\(*) | |
| echo "Rejected" | |
| ;; | |
| *\{*) | |
| echo "Rejected" | |
| ;; | |
| *\;*) | |
| echo "Rejected" | |
| ;; | |
| *\<*) | |
| echo "Rejected" | |
| ;; | |
| *\>*) | |
| echo "Rejected" | |
| ;; | |
| *\`*) | |
| echo "Rejected" | |
| ;; | |
| *\|*) | |
| echo "Rejected" | |
| ;; | |
| rsync\ --server*) | |
| $SSH_ORIGINAL_COMMAND | |
| ;; | |
| *) | |
| echo "Rejected" | |
| ;; | |
| esac |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment