To restrict ssh user I create a user and changed there shell to use rbash instead of bash.
sudo chsh -s /bin/rbash duplicati-backsups
Only using rbash ( and not bash ) the backup fails with error.
2020-02-20 13:09:11 +13 - [Warning-Duplicati.Library.Main.Operation.RestoreHandler-NoFilesRestored]: Restore completed without errors but no files were restored
No backups were created.
What SSH commands dies duplicati require to run on the shell.
“The backends encapsulate the actual communication with a remote host with a simple abstraction, namely that the backend can perform 4 operations: GET, PUT, LIST, DELETE.”
Do you have Subsystem sftp internal-sftp in /etc/sshd_config? It seems that rbash dont work well with sftp.
Also, rbash is not the way you want to go if you want to chroot users. You can checkout jailkit: Jailkit - chroot jail utilities
create user without password and with /dev/null shell
use public key auth
isolate sftp folder for the user in sshd_config
You just need to make sure that folder permissions are set correctly - ssh user folder needs to be owned by root and subfolder created which is owned by user.