README: add note about rrsync setup on the remote

This commit is contained in:
Oystein Kristoffer Tveit 2024-05-01 13:44:13 +02:00
parent a90559a94a
commit cb05b550f9
Signed by: oysteikt
GPG Key ID: 9F2F7D8250F35146
1 changed files with 12 additions and 0 deletions

View File

@ -33,4 +33,16 @@ Advanced usage:
known-hosts-content: "[hostname]:2222 ssh-ed25519 AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
```
## Recommended setup on the remote server
To force the action to only write to a specific directory,
and to prevent excessive damage should the SSH key be compromised,
it is recommended to force the command in the `authorized_keys` file.
```shell
command="rrsync -wo /directory/to/write/to",restrict,no-agent-forwarding,no-port-forwarding,no-pty,no-X11-forwarding ssh-ed25519 AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
```
The path specified in `target` will now be relative to `/directory/to/write/to`.
[rsync]: https://rsync.samba.org/