#!/bin/bash ## ## code ## chmod 440 /etc/sudoers.d/* -R KEYS=/etc/rsync/keys RSYNC_HOME=/var/lib/rsync mkdir -p "$RSYNC_HOME/.ssh" for f in "$KEYS"/*.pub; do [ -e "$f" ] || continue content=$(cat "$f") ident="${f##*/}" ident="${ident%.pub}" if ! [[ "$ident" =~ ^[a-zA-Z0-9._-]+$ ]]; then echo "bad: '$ident'" continue fi echo "command=\"/usr/local/sbin/ssh-cmd-validate \\\"$ident\\\"\",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty $content" done > "$RSYNC_HOME"/.ssh/authorized_keys chown rsync:rsync -R "$RSYNC_HOME"/.ssh -R ## Give back PID 1 so that ssh can receive signals exec /usr/sbin/sshd -D