diff options
Diffstat (limited to 'sshd')
-rw-r--r-- | sshd/borg_sshd | 27 | ||||
-rw-r--r-- | sshd/includes/borg_restrictions.sh | 5 |
2 files changed, 32 insertions, 0 deletions
diff --git a/sshd/borg_sshd b/sshd/borg_sshd new file mode 100644 index 0000000..b48901d --- /dev/null +++ b/sshd/borg_sshd @@ -0,0 +1,27 @@ +# Alternate sshd for borg use only, to be run aside a normal sshd process +Port 2222 +Protocol 2 +SyslogFacility AUTHPRIV +PermitRootLogin no +PasswordAuthentication no +ChallengeResponseAuthentication no +GSSAPIAuthentication yes +GSSAPICleanupCredentials yes +UsePAM yes +AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES +AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT +AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE +AcceptEnv XMODIFIERS +AllowAgentForwarding no +AllowTcpForwarding no +X11Forwarding no +PrintMotd no +PrintLastLog no +PermitUserEnvironment no +ClientAliveInterval 10 +ClientAliveCountMax 3 +UseDNS no +PidFile /var/run/sshd_backups.pid +MaxStartups 100:60:200 +DenyUsers root +ForceCommand /usr/local/scripts/borg-restricted.sh diff --git a/sshd/includes/borg_restrictions.sh b/sshd/includes/borg_restrictions.sh new file mode 100644 index 0000000..684f8b1 --- /dev/null +++ b/sshd/includes/borg_restrictions.sh @@ -0,0 +1,5 @@ +#!/bin/bash +set -e +cd /home/${USER}/ +borg serve --restrict-to-path /home/${USER}/ + |