mirror of
https://github.com/YunoHost-Apps/restic_ynh.git
synced 2024-09-03 20:16:22 +02:00
29 lines
829 B
Markdown
29 lines
829 B
Markdown
You should now allow the following public key on the target server `__SERVER__` :
|
|
|
|
- User: `__SSH_USER__`
|
|
- Public key: `__PUBLIC_KEY__`
|
|
|
|
Do so by running those commands on `__SERVER__` with user `__SSH_USER__` :
|
|
|
|
```
|
|
mkdir ~/.ssh -p
|
|
touch ~/.ssh/authorized_keys
|
|
chmod u=rw,go= ~/.ssh/authorized_keys
|
|
echo "__PUBLIC_KEY__" >> ~/.ssh/authorized_keys
|
|
```
|
|
|
|
Also make sure `__BACKUP_PATH__` exists and is writable by `__SSH_USER__`
|
|
|
|
Optional: to improve security, make sure the user can only connect through SFTP and can only access its home directory on the target server.
|
|
On Debian/Ubuntu, this is done using the following command snippet:
|
|
|
|
```
|
|
cat << EOF>> /etc/ssh/sshd_config
|
|
Match User __SSH_USER__
|
|
ChrootDirectory %h
|
|
ForceCommand internal-sftp
|
|
AllowTcpForwarding no
|
|
X11Forwarding no
|
|
EOF
|
|
systemctl restart ssh
|
|
```
|