1SSH_FILTER_BTRBK(1)              Btrbk Manual              SSH_FILTER_BTRBK(1)
2
3
4

NAME

6       ssh_filter_btrbk - ssh command filter script for btrbk
7

SYNOPSIS

9       ssh_filter_btrbk.sh [-s|--source] [-t|--target] [-d|--delete]
10           [-i|--info] [--snapshot] [--send] [--receive]
11           [-p|--restrict-path <path>] [-l|--log] [--sudo]
12

DESCRIPTION

14       ssh_filter_btrbk.sh restricts SSH commands to commands used by btrbk.
15       It examines the SSH_ORIGINAL_COMMAND environment variable (set by sshd)
16       and executes it only if it contains commands used by btrbk.
17
18       The accepted commands are specified by the "--source", "--target",
19       "--delete" and "--info" options.
20
21       The following commands are always allowed:
22
23       •   "btrfs subvolume show" (not affected by "--restrict-path")
24
25       •   "btrfs subvolume list" (not affected by "--restrict-path")
26
27       •   "readlink"
28
29       •   "test -d" (only if "compat busybox" configuration option is set)
30
31       •   "cat /proc/self/mountinfo"
32
33       •   pipes through "gzip", "pigz", "bzip2", "pbzip2", "xz", "lzop",
34           "lz4", "zstd" (stream_compress)
35
36       •   pipes through "mbuffer" (stream_buffer, rate_limit)
37
38       Example line in /root/.ssh/authorized_keys on a backup target host:
39
40           command="ssh_filter_btrbk.sh --target --delete --restrict-path /mnt/btr_backup" ssh-rsa AAAAB3NzaC1...hwumXFRQBL btrbk@mydomain.com
41

OPTIONS

43       -s, --source
44           Allow commands for backup source: "btrfs subvolume snapshot",
45           "btrfs send". Equivalent to "--snapshot --send".
46
47       -t, --target
48           Allow commands for backup and archive target: "btrfs receive",
49           "mkdir".
50
51       -d, --delete
52           Allow commands for subvolume deletion: "btrfs subvolume delete".
53           This is used for backup source if snapshot_preserve_daily is not
54           set to “all”, and for backup targets if target_preserve_daily is
55           not set to “all”.
56
57       -i, --info
58           Allow informative commands: "btrfs subvolume find-new", "btrfs
59           filesystem usage". This is used by btrbk info and diff commands.
60
61       --snapshot
62           Allow btrfs snapshot command: "btrfs subvolume snapshot".
63
64       --send
65           Allow btrfs send command: "btrfs send".
66
67       --receive
68           Allow btrfs receive command: "btrfs receive".
69
70       -p, --restrict-path <path>
71           Restrict commands to <path>. Note that "btrfs subvolume show",
72           "btrfs subvolume list" are NOT affected by this option.
73
74       -l, --log
75           Log ACCEPT and REJECT messages to the system log.
76
77       --sudo
78           Allow btrfs commands to be called via sudo. Enable this if you have
79           "backend btrfs-progs-sudo" in your btrbk configuration file.
80

AVAILABILITY

82       Please refer to the btrbk project page https://digint.ch/btrbk/ for
83       further details.
84

SEE ALSO

86       btrbk(1), btrbk.conf(5), btrfs(8)
87

AUTHOR

89       Axel Burri axel@tty0.ch
90
91
92
93Btrbk 0.32.5                      2022-10-23               SSH_FILTER_BTRBK(1)