2
1
I have an ssh key without a paraphrase that allows a user to log in to a remote server.
This key is used to mount a folder in the remote server using sshfs and backup the files in my laptop.
I would like this key to have sufficient privileges to the backup only. So, since sshfs uses sftp, I thought putting:
command="path to sftp in the server"
in the server's authorized_keys file would work.
Now, when I log in via ssh, I get this:
usage: sftp [-1246Cpqrv] [-B buffer_size] [-b batchfile] [-c cipher]
[-D sftp_server_path] [-F ssh_config] [-i identity_file] [-l limit] [-o ssh_option] [-P port] [-R num_requests] [-S program] [-s subsystem | sftp_server] host sftp [user@]host[:file ...] sftp [user@]host[:dir[/]] sftp -b batchfile [user@]hostConnection to "my server's name" closed.
I take this to mean that this key can only use sftp, which is what I wanted.
However, when I use sshfs, I get the following:
remote host has disconnected
The server is a Synology NAS DS212j with DSM 4.2 and there is no sftp-server program. The following is what the subsystem section looks like in the sshd_config file:
# override default of no subsystems
#Subsystem sftp /usr/libexec/sftp-server
#Subsystem sftp internal-sftp -f DAEMON -l VERBOSE -u 000Subsystem sftp internal-sftp -f DAEMON -u 000
#Subsystem sftp /usr/syno/sbin/sftp-server -l DEBUG3
sshfs using a key without any restrictions on the commands works fine.
Please advise. Are there more commands I should include in the "command" variable in the authorized_keys file?
Thank you in advance for any help provided.
mauna
Posted 2013-08-06T13:44:18.727
Reputation: 169
The output you show with the ssh login makes me think you have the path to the sftp in the command string, not the path to the sftp server. The string should be something like command="/usr/libexec/openssh/sftp-server" – Ciclamino – 2013-08-06T17:08:13.947
@Ciclamino yes, I actually put the path to sftp. I've edited my question to include more details. – mauna – 2013-08-06T22:36:20.203