about summary refs log tree commit diff
path: root/configs
diff options
context:
space:
mode:
authorFranck Cuny <franck@fcuny.net>2023-04-23 19:07:47 -0700
committerFranck Cuny <franck@fcuny.net>2023-04-29 15:02:32 -0700
commitf7dc8afeb2ca3bd80984d2b9f7d2a1862f2d116b (patch)
treea03a833f75c1def5477644d9735bc3d6aa6b884b /configs
parenthosts/aptos: do backups over sftp with a dedicated ssh key (diff)
downloadworld-f7dc8afeb2ca3bd80984d2b9f7d2a1862f2d116b.tar.gz
hosts/tahoe: rename account for backup and enable sftp for it
The dedicated account for backup should be named 'backup', as it's more
generic.

While it's a system account, I still need to be able to log in the host
remotely with sftp, so we give it a UID (991).

The account needs to be able to sftp to tahoe in order to store the
backups from remote hosts. However we don't want this user to get a
shell and be able to browse the host, so we configure sshd to chroot the
user to where the backups are stored.
Diffstat (limited to 'configs')
-rw-r--r--configs/ssh-pubkeys.toml3
1 files changed, 3 insertions, 0 deletions
diff --git a/configs/ssh-pubkeys.toml b/configs/ssh-pubkeys.toml
index df9bb25..6f9c980 100644
--- a/configs/ssh-pubkeys.toml
+++ b/configs/ssh-pubkeys.toml
@@ -8,3 +8,6 @@ work="ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINSWhXmnUplM+xltD0sYiJ6AsjkwHvbjTYLA7G
 ykey-laptop="sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIGX4+CuUjiX6Doi4n6RqmznzFUyRrxKhEFvuIxROzXDKAAAABHNzaDo="
 ykey-keyring="sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIDnU4Xd8bElZYVWDbknlIgskR/q7ORrbvO0FLnJMQX+eAAAABHNzaDo="
 ykey-backup="sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAINEGiZpKcXQtB7P7k5puV5OAeMlnB7qRLm+HRI5/OKTbAAAABHNzaDo="
+
+# this key is used to perform backups
+restic="ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB/0b3IjqeCHQ+b4qZoptrmG/twV4Zj4BIH1yl7Y5cW9"