1SSH_FILTER_BTRBK(1)              Btrbk Manual              SSH_FILTER_BTRBK(1)
2
3
4

NAME

6       ssh_filter_btrbk - ssh command filter script for btrbk
7

SYNOPSIS

9       ssh_filter_btrbk.sh [-s|--source] [-t|--target] [-d|--delete]
10           [-i|--info] [--snapshot] [--send] [--receive]
11           [-p|--restrict-path <path>] [-l|--log] [--sudo]
12

DESCRIPTION

14       ssh_filter_btrbk.sh restricts SSH commands to commands used by btrbk.
15       It examines the SSH_ORIGINAL_COMMAND environment variable (set by sshd)
16       and executes it only if it contains commands used by btrbk.
17
18       The accepted commands are specified by the "--source", "--target",
19       "--delete" and "--info" options.
20
21       The following commands are always allowed:
22
23       •   "btrfs subvolume show" (not affected by "--restrict-path")
24
25       •   "btrfs subvolume list" (not affected by "--restrict-path")
26
27       •   "readlink"
28
29       •   "test -d" (only if "compat busybox" configuration option is set)
30
31       •   "cat /proc/self/mountinfo"
32
33       •   pipes through "gzip", "pigz", "bzip2", "pbzip2", "bzip3", "xz",
34           "lzop", "lz4", "zstd" (stream_compress)
35
36       •   pipes through "mbuffer" (stream_buffer, rate_limit)
37
38       Example line in /root/.ssh/authorized_keys on a backup target host:
39
40           command="ssh_filter_btrbk.sh --target --delete --restrict-path /mnt/btr_backup",restrict ssh-rsa AAAAB3NzaC1...hwumXFRQBL btrbk@example.org
41

OPTIONS

43       -s, --source
44           Allow commands for backup source: "btrfs subvolume snapshot",
45           "btrfs send". Equivalent to "--snapshot --send".
46
47       -t, --target
48           Allow commands for backup and archive target: "btrfs receive",
49           "mkdir".
50
51       -d, --delete
52           Allow commands for subvolume deletion: "btrfs subvolume delete".
53           This is used for backup source if snapshot_preserve_daily is not
54           set to “all”, and for backup targets if target_preserve_daily is
55           not set to “all”.
56
57       -i, --info
58           Allow informative commands: "btrfs subvolume find-new", "btrfs
59           filesystem usage". This is used by btrbk info and diff commands.
60
61       --snapshot
62           Allow btrfs snapshot command: "btrfs subvolume snapshot".
63
64       --send
65           Allow btrfs send command: "btrfs send".
66
67       --receive
68           Allow btrfs receive command: "btrfs receive".
69
70       -p, --restrict-path <path>
71           Restrict commands to <path>. Note that "btrfs subvolume show",
72           "btrfs subvolume list" are NOT affected by this option.
73
74           It is not possible to restrict commands to exact subvolume names,
75           as btrfs-receive(8) takes a <path> as argument (directory, not
76           including the subvolume file name to be created, this is encoded in
77           the send-stream).
78
79       -l, --log
80           Log ACCEPT and REJECT messages to the system log.
81
82       --sudo
83           Allow btrfs commands to be called via sudo. Enable this if you have
84           "backend btrfs-progs-sudo" in your btrbk configuration file.
85

AVAILABILITY

87       Please refer to the btrbk project page https://digint.ch/btrbk/ for
88       further details.
89

SEE ALSO

91       btrbk(1), btrbk.conf(5), btrfs(8)
92

AUTHOR

94       Axel Burri axel@tty0.ch
95
96
97
98Btrbk 0.32.6                      2023-03-25               SSH_FILTER_BTRBK(1)
Impressum