I need an automated program on machine "seq" to rsync to machine "four" as user "miseq". To maintain security, I only want to allow this automated process to run rsync - nothing else.
On "seq", run
enter NO passphrase - just hit return both times. Do NOT use "id_rsa" as the name of the private key file - name it something like "id_rsa.seq2four". Note that this also creates the file id_rsa.pub - you will need the line inside this file for the next step on "four".
On "four", create or append to the file ~.ssh/authorized_keys the single line key that was in id_rsa.pub on "seq" generated in step 1, or use "ssh-copy-id -i id_rsa.seq2four <user>@<four>.
Create an executable shell script on "four" that contains this simple script - let's call it "~/bin/validate-rsync-ssh.sh":
Don't forget to make this file executable (chmod +x validate-rsync-ssh.sh).
- Pre-pend the text: command="~/bin/validate-rsync-ssh.sh" to your ssh-rsa key in the file ~/.ssh/authorized_keys, with a space between this and the text "ssh-rsa".
Now test everything by doing this command back on "seq":
This should give you the message from your "validate-rsync-ssh.sh" script, "You successfully connected to four". Commands other than "testconnect" should give you the, "Sorry, command... is not allowed" error message.
Now try your rsync from "seq" to "four" - it should work smoothly:
Note that the path to your "id_rsa.seq2four" must be absolute - the shell and rsync get confused about who's expanding what when if you try using variables or "~".
ssh is VERY picky about the permissions of the .ssh directory on "four" - they MUST be:
IN ADDITION - the .ssh directory should be tight:
AND your home dir must be at least 775: