On 19-05-29 05 h 13, Hector Oron via RT wrote: > Sobre Dis 25 Mai 2019 15:07:52, po...@debian.org ha escrit: >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA512 >> >> Hi! >> >> I'm following up on issue #13 in our ansible bug tracker [1] about >> setting up a semi-automated sync to vittoria. >> >> During confs and mini-confs, we need to be able to sync files from the >> voctomix (live video mixer) machines in the rooms to Vittoria. >> >> Currently, the way we do it is that a member of the videoteam group adds >> temporary SSH keys to their Debian account for that machine. >> >> What we would like to do is to be able to add restricted SSH keys, >> allowed to access the sreview user, in the form of: >> >> - ---------------------------------------------------------------------- >> command="/srv/sreview.debian.org/home/bin/rrsync -wo >> /srv/sreview.debian.org/input",no-agent-forwarding,no-port-forwarding,no >> - -pty,no-user-rc,no-X11-forwarding >> ssh-rsa AAAAB[...]KYl videoteam@voctomixXY >> - ---------------------------------------------------------------------- >> >> The actual sync is done via a CLI script (which is a basic rsync >> wrapper) that can be found here [2]. The rrsync script is directly >> gunzipped from rsync's documentation. >> >> It seems that 1 year ago when Wouter approached DSA on IRC, you seemed >> open to the ideas as long as the authorized keys changes were done >> through a command line interface rather than through a webinterface. >> >> Modifying the authorized_keys file would be done manually by a member of >> the team at the beginning of each conference. > > What do you exactly need from DSA?
The current /etc/ssh/sshd_config file uses: AuthorizedKeysFile /etc/ssh/userkeys/%u /var/lib/misc/userkeys/%u /etc/ssh/userkeys/%u.more This means /home/sreview/.ssh/authorized_keys isn't read by openssh-server. If DSA agrees to what were proposing, this file would need to be read by the openssh-server to let us sync files via rrsync. -- ⢀⣴⠾⠻⢶⣦⠀ ⣾⠁⢠⠒⠀⣿⡁ Louis-Philippe Véronneau ⢿⡄⠘⠷⠚⠋ po...@debian.org / veronneau.org ⠈⠳⣄
signature.asc
Description: OpenPGP digital signature