Duplicati ssh using rbash

juddersnz · February 21, 2020, 12:36am

To restrict ssh user I create a user and changed there shell to use rbash instead of bash.

sudo chsh -s /bin/rbash duplicati-backsups

Only using rbash ( and not bash ) the backup fails with error.

2020-02-20 13:09:11 +13 - [Warning-Duplicati.Library.Main.Operation.RestoreHandler-NoFilesRestored]: Restore completed without errors but no files were restored

No backups were created.

What SSH commands dies duplicati require to run on the shell.

Bobo · February 22, 2020, 8:29am

Duplicati uses SFTP : Developer documentation · duplicati/duplicati Wiki · GitHub

“The backends encapsulate the actual communication with a remote host with a simple abstraction, namely that the backend can perform 4 operations: GET, PUT, LIST, DELETE.”

Do you have Subsystem sftp internal-sftp in /etc/sshd_config? It seems that rbash dont work well with sftp.

Also, rbash is not the way you want to go if you want to chroot users. You can checkout jailkit: Jailkit - chroot jail utilities

juddersnz · March 11, 2020, 1:36am

Thank you. Will look into Jailkit. Havent used that before

dgcom · March 12, 2020, 7:05pm

I do this for sftp backend user:

create user without password and with /dev/null shell
use public key auth
isolate sftp folder for the user in sshd_config
You just need to make sure that folder permissions are set correctly - ssh user folder needs to be owned by root and subfolder created which is owned by user.

Works well.