table of contents
other versions
- buster 0.27.1-1
- testing 0.27.1-1.1
- unstable 0.27.1-2
- experimental 0.29.1-1
SSH_FILTER_BTRBK(1) | Btrbk Manual | SSH_FILTER_BTRBK(1) |
NAME¶
ssh_filter_btrbk - ssh command filter script for btrbkSYNOPSIS¶
ssh_filter_btrbk.sh [-s|--source] [-t|--target] [-d|--delete] [-i|--info] [--snapshot] [--send] [--receive] [-p|--restrict-path <path>] [-l|--log] [--sudo]
DESCRIPTION¶
ssh_filter_btrbk.sh restricts SSH commands to commands used by btrbk. It examines the SSH_ORIGINAL_COMMAND environment variable (set by sshd) and executes it only if it contains commands used by btrbk.The accepted commands are specified by the "--source", "--target", "--delete" and "--info" options.
The following commands are always allowed:
•"btrfs subvolume show"
•"btrfs subvolume list"
•"readlink"
•"cat /proc/self/mountinfo"
•pipes through "gzip", "pigz",
"bzip2", "pbzip2", "xz", "lzop",
"lz4" (stream_compress)
•pipes through "mbuffer"
(stream_buffer)
•pipes through "pv -L"
(rate_limit)
Example line in /root/.ssh/authorized_keys on a backup target host:
command="ssh_filter_btrbk.sh --target --delete --restrict-path /mnt/btr_backup" ssh-rsa AAAAB3NzaC1...hwumXFRQBL btrbk@mydomain.com
OPTIONS¶
-s, --sourceAllow commands for backup source: "btrfs subvolume
snapshot", "btrfs send". Equivalent to "--snapshot
--send".
-t, --target
Allow commands for backup target: "btrfs
receive".
-d, --delete
Allow commands for subvolume deletion: "btrfs
subvolume delete". This is used for backup source if
snapshot_preserve_daily is not set to “all”, and for
backup targets if target_preserve_daily is not set to
“all”.
-i, --info
Allow informative commands: "btrfs subvolume
find-new", "btrfs filesystem usage". This is used by btrbk
info and diff commands.
--snapshot
Allow btrfs snapshot command: "btrfs subvolume
snapshot".
--send
Allow btrfs send command: "btrfs send".
--receive
Allow btrfs receive command: "btrfs
receive".
-p, --restrict-path <path>
Restrict btrfs commands to <path>.
-l, --log
Log ACCEPT and REJECT messages to the system log.
--sudo
Allow btrfs commands to be called via sudo. Enable this
if you have "backend btrfs-progs-sudo" in your btrbk configuration
file.
AVAILABILITY¶
Please refer to the btrbk project page <https://digint.ch/btrbk/> for further details.SEE ALSO¶
btrbk(1), btrbk.conf(5), btrfs(8)AUTHOR¶
Axel Burri < <axel@tty0.ch>>2018-12-05 | Btrbk |