To restrict ssh user I create a user and changed there shell to use rbash instead of bash.
sudo chsh -s /bin/rbash duplicati-backsups
Only using rbash ( and not bash ) the backup fails with error.
2020-02-20 13:09:11 +13 - [Warning-Duplicati.Library.Main.Operation.RestoreHandler-NoFilesRestored]: Restore completed without errors but no files were restored
No backups were created.
What SSH commands dies duplicati require to run on the shell.
Duplicati uses SFTP : Developer documentation · duplicati/duplicati Wiki · GitHub
“The backends encapsulate the actual communication with a remote host with a simple abstraction, namely that the backend can perform 4 operations: GET, PUT, LIST, DELETE.”
Do you have Subsystem sftp internal-sftp in /etc/sshd_config? It seems that rbash dont work well with sftp.
Also, rbash is not the way you want to go if you want to chroot users. You can checkout jailkit: Jailkit - chroot jail utilities
Thank you. Will look into Jailkit. Havent used that before
I do this for sftp backend user:
- create user without password and with /dev/null shell
- use public key auth
- isolate sftp folder for the user in sshd_config
You just need to make sure that folder permissions are set correctly - ssh user folder needs to be owned by root and subfolder created which is owned by user.