Hi, I'd like to share files with friends, to do so we need a shared server to exchange the files. I could setup an ssh access on one of my servers but I don't want others to have a full access. I assume I can restrict this using a command='wrapper-around-git' prefix in .ssh/authorized_keys, where wrapper-around-git is simply a script that checks if SSH_ORIGINAL_COMMAND is an authorised command and runs it. This is exactly the approach used with Mercurial (hg-ssh) and presumably git also relies on this mechanism.
But to do so, I need to know what commands can be executed over ssh when using git-annex assistant. Could you document about this? Thanks!
The git-annex assistant automatically sets up a ssh key that is locked down this way when you select "ssh server" in the webapp.
The command you need to allow to run is git-annex-shell. This has been designed to be secure.
Thanks for your quick answer! But this is true only for servers where git-annex is installed. On a server that just does SSH, things must be different. So, I've started to use the SSH
command=mechanism to log the commands and discovered so far four of them:sh -c 'echo git-annex-probe...andsh -c 'mkdir -p ...when the server is first connected by a clientrsync --server -vre.iLsf --partial-dir .rsync-partial . DIR/andrsync --server --sender -e31.14 --inplace . DIR//bd1/469/TEXTwhen files are transfered between clientsI want to derive patterns from this but if you could give them to me (ie, tell me which parts are fixed and which are variable) this will be safer. Moreover, I'm quite sure there are somme commands missing from my logs... By the way, parameter
-e31.14torsyncsurprises me because-eis supposed to set the remote shell (like--rsh).Cheers, Franck
I am confident that it will be easier to install git-annex-shell on your ssh server than it will be to lock down rsync.
All you need to do is go get the standalone linux tarball of git-annex, untar it, and add its directory to PATH.
You can google for perl scripts that lock down rsync, but I have never been happy with any of the ones I found.
Thanks, but my server is a synology nas and as you know from another thread of comments, having git-annex work on it is not that simple.
Moreover, I'd like to be able to use ssh accounts where I don't have a root access and not necessarily git. So, a general method to restrict ssh would interest me.
But your answer seems to suggest that almost arbitrary rsync commands may be given. If so, I agree that there are few hopes to build a secured jail around this... But if really a limited subset of commands is used, I think it should be possible to check them securely.
Now on I'm focused on having git-annex work because this looks like the most promising way. But I'll have another question regarding it: I noticed that we can restrict access to a specific repository using an appropriate environnement variable. But it's it possible to provide a list of repositories instead of just one? My collaborators will typically have access to several shares but not to all of them.
Thanks for your responsiveness, after trying tens of candidates git-annex appears to be the only serious solution to replace Dropbox and I'm really glad that you actively help your users!
I can't say what options rsync will choose to pass to the server, when the rsync special remote uses rsync. It's up to that command.
GIT_ANNEX_SHELL_DIRECTORYcurrently only supports specifying one directory.OK, I understand now why it is complicated to secure rsync, the best I can hope is to chroot it on a restricted account. Thanks! And the "currently" regarding ˋGIT_ANNEX_SHELL_DIRECTORYˋ gives me hope about a future change.
Cheers, Franck