Duplicati ssh using rbash

To restrict ssh user I create a user and changed there shell to use rbash instead of bash.

sudo chsh -s /bin/rbash duplicati-backsups

Only using rbash ( and not bash ) the backup fails with error.

2020-02-20 13:09:11 +13 - [Warning-Duplicati.Library.Main.Operation.RestoreHandler-NoFilesRestored]: Restore completed without errors but no files were restored

No backups were created.

What SSH commands dies duplicati require to run on the shell.

Duplicati uses SFTP : Developer documentation · duplicati/duplicati Wiki · GitHub

“The backends encapsulate the actual communication with a remote host with a simple abstraction, namely that the backend can perform 4 operations: GET, PUT, LIST, DELETE.”

Do you have Subsystem sftp internal-sftp in /etc/sshd_config? It seems that rbash dont work well with sftp.

Also, rbash is not the way you want to go if you want to chroot users. You can checkout jailkit: Jailkit - chroot jail utilities

Thank you. Will look into Jailkit. Havent used that before :slight_smile:

I do this for sftp backend user:

  • create user without password and with /dev/null shell
  • use public key auth
  • isolate sftp folder for the user in sshd_config
    You just need to make sure that folder permissions are set correctly - ssh user folder needs to be owned by root and subfolder created which is owned by user.

Works well.

1 Like