diff options
author | Franck Cuny <franck@fcuny.net> | 2023-04-23 19:07:47 -0700 |
---|---|---|
committer | Franck Cuny <franck@fcuny.net> | 2023-04-29 15:02:32 -0700 |
commit | f7dc8afeb2ca3bd80984d2b9f7d2a1862f2d116b (patch) | |
tree | a03a833f75c1def5477644d9735bc3d6aa6b884b /configs | |
parent | hosts/aptos: do backups over sftp with a dedicated ssh key (diff) | |
download | world-f7dc8afeb2ca3bd80984d2b9f7d2a1862f2d116b.tar.gz |
hosts/tahoe: rename account for backup and enable sftp for it
The dedicated account for backup should be named 'backup', as it's more generic. While it's a system account, I still need to be able to log in the host remotely with sftp, so we give it a UID (991). The account needs to be able to sftp to tahoe in order to store the backups from remote hosts. However we don't want this user to get a shell and be able to browse the host, so we configure sshd to chroot the user to where the backups are stored.
Diffstat (limited to 'configs')
-rw-r--r-- | configs/ssh-pubkeys.toml | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/configs/ssh-pubkeys.toml b/configs/ssh-pubkeys.toml index df9bb25..6f9c980 100644 --- a/configs/ssh-pubkeys.toml +++ b/configs/ssh-pubkeys.toml @@ -8,3 +8,6 @@ work="ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINSWhXmnUplM+xltD0sYiJ6AsjkwHvbjTYLA7G ykey-laptop="sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIGX4+CuUjiX6Doi4n6RqmznzFUyRrxKhEFvuIxROzXDKAAAABHNzaDo=" ykey-keyring="sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIDnU4Xd8bElZYVWDbknlIgskR/q7ORrbvO0FLnJMQX+eAAAABHNzaDo=" ykey-backup="sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAINEGiZpKcXQtB7P7k5puV5OAeMlnB7qRLm+HRI5/OKTbAAAABHNzaDo=" + +# this key is used to perform backups +restic="ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB/0b3IjqeCHQ+b4qZoptrmG/twV4Zj4BIH1yl7Y5cW9" |