Rsync: Difference between revisions
imported>Tom Add rsync page with how to restrict access |
imported>Tom rsync: suggest the usage of restrict command, to prevent client using things like port forwarding |
||
| Line 12: | Line 12: | ||
isNormalUser = true; | isNormalUser = true; | ||
openssh.authorizedKeys.keys = [ | openssh.authorizedKeys.keys = [ | ||
''command="${pkgs.rrsync}/bin/rrsync /home/backup/dir/" ssh-ed25519 AAAAC3NzaCetcetera/etceteraJZMfk3QPfQ'' | ''command="${pkgs.rrsync}/bin/rrsync /home/backup/dir/",restrict ssh-ed25519 AAAAC3NzaCetcetera/etceteraJZMfk3QPfQ'' | ||
]; | ]; | ||
}; | }; | ||
Revision as of 00:50, 30 April 2023
rsync is a utility for efficiently transferring and synchronizing files between a computer and an external hard drive and across networked computers by comparing the modification times and sizes of files.
Running a server
Running rsync via SSH is recommended for security reasons.
You can restrict an SSH user to rsync command using pkgs.rrsync:
users.users.backup = {
isNormalUser = true;
openssh.authorizedKeys.keys = [
''command="${pkgs.rrsync}/bin/rrsync /home/backup/dir/",restrict ssh-ed25519 AAAAC3NzaCetcetera/etceteraJZMfk3QPfQ''
];
};
Now you should be able to backup to your directory with the rsync client:
$ rsync -Pav -e "ssh -i $HOME/.ssh/somekeys" photos backup@server:
See rrsync.1 for additional options, such as enforcing read-only or write-only access.