From f7dc8afeb2ca3bd80984d2b9f7d2a1862f2d116b Mon Sep 17 00:00:00 2001 From: Franck Cuny Date: Sun, 23 Apr 2023 19:07:47 -0700 Subject: hosts/tahoe: rename account for backup and enable sftp for it The dedicated account for backup should be named 'backup', as it's more generic. While it's a system account, I still need to be able to log in the host remotely with sftp, so we give it a UID (991). The account needs to be able to sftp to tahoe in order to store the backups from remote hosts. However we don't want this user to get a shell and be able to browse the host, so we configure sshd to chroot the user to where the backups are stored. --- configs/ssh-pubkeys.toml | 3 +++ 1 file changed, 3 insertions(+) (limited to 'configs') diff --git a/configs/ssh-pubkeys.toml b/configs/ssh-pubkeys.toml index df9bb25..6f9c980 100644 --- a/configs/ssh-pubkeys.toml +++ b/configs/ssh-pubkeys.toml @@ -8,3 +8,6 @@ work="ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINSWhXmnUplM+xltD0sYiJ6AsjkwHvbjTYLA7G ykey-laptop="sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIGX4+CuUjiX6Doi4n6RqmznzFUyRrxKhEFvuIxROzXDKAAAABHNzaDo=" ykey-keyring="sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIDnU4Xd8bElZYVWDbknlIgskR/q7ORrbvO0FLnJMQX+eAAAABHNzaDo=" ykey-backup="sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAINEGiZpKcXQtB7P7k5puV5OAeMlnB7qRLm+HRI5/OKTbAAAABHNzaDo=" + +# this key is used to perform backups +restic="ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB/0b3IjqeCHQ+b4qZoptrmG/twV4Zj4BIH1yl7Y5cW9" -- cgit 1.4.1