rohityadavcloud · July 31, 2025 04:26
diff --git a/check-ssh.sh b/check-ssh.sh
 #!/bin/bash
 # only rsync allowed via ssh
 # add the following in the users's ~/.ssh/authorised_keys:
 # command="/root/checkssh.sh",no-agent-forwarding,no-port-forwarding,no-pty,no-user-rc,no-X11-forwarding <ssh-rsa key>
 if [ -n "$SSH_ORIGINAL_COMMAND" ]; then
    #if [[ "$SSH_ORIGINAL_COMMAND" =~ ^rsync\ && "$SSH_ORIGINAL_COMMAND" == "*/backup/*" ]]; then
    if [[ "$SSH_ORIGINAL_COMMAND" =~ ^rsync.*backup.* ]]; then
        echo "`/bin/date`: $SSH_ORIGINAL_COMMAND" >> $HOME/rsync-ssh.log
        exec $SSH_ORIGINAL_COMMAND
    else
        echo "`/bin/date`: DENIED $SSH_ORIGINAL_COMMAND" >> $HOME/rsync-ssh.log
 	echo "Access denied for command '$SSH_ORIGINAL_COMMAND'; only rsync to /backup allowed"
    fi
 fi
	#!/bin/bash
	# only rsync allowed via ssh
	# add the following in the users's ~/.ssh/authorised_keys:
	# command="/root/checkssh.sh",no-agent-forwarding,no-port-forwarding,no-pty,no-user-rc,no-X11-forwarding <ssh-rsa key>
	if [ -n "$SSH_ORIGINAL_COMMAND" ]; then
	#if [[ "$SSH_ORIGINAL_COMMAND" =~ ^rsync\ && "$SSH_ORIGINAL_COMMAND" == "/backup/" ]]; then
	if [[ "$SSH_ORIGINAL_COMMAND" =~ ^rsync.backup. ]]; then
	echo "`/bin/date`: $SSH_ORIGINAL_COMMAND" >> $HOME/rsync-ssh.log
	exec $SSH_ORIGINAL_COMMAND
	else
	echo "`/bin/date`: DENIED $SSH_ORIGINAL_COMMAND" >> $HOME/rsync-ssh.log
	echo "Access denied for command '$SSH_ORIGINAL_COMMAND'; only rsync to /backup allowed"
	fi
	fi