On Sat, 31 Jan 2015 18:06:30 +1300, Francois Marier writes: >I backup my files using duplicity onto an ssh server. The user account I use >on that server has a shell of "/usr/bin/rssh". Unfortunately, 0.7 no longer >works in that configuration: > >------------------------------------------------------------ >$ duplicity cleanup --ssh-options="-oIdentityFile=id_rsa" --force scp://user@ho >stname/backup > >BackendException: scp mkdir failed(1): >This account is restricted by rssh. >Allowed commands: scp sftp
well, if duplicity needs to create a directory but isn't allowed to by the remote shell then that's hardly duplicity's fault. as the scp program doesn't offer making directories, duplicity will open an interactive channel to run mkdir, ditto for listing files with ls. (this is true for both ssh backends, paramiko and ssh+pexpect). the simplest solution is to ditch the legacy scp access and use sftp, ie. change your url to sftp://user@hostname/backup. this works fine with rssh (tested this here, and your rssh also indicates that it does allow sftp). the real advantage is that the sftp protocol provides all the needed commands by itself, ie. no separate channels for mkdir/ls/whatever required. >Downgrading to 0.6.24-2 solves the problem. most likely because 0.6 doesn't attempt to create any directories on the fly, or doesn't catch the error. the commands that duplicity runs to create necessary dirs is "test -d SOMEDIR || mkdir -p SOMEDIR", which clearly requires that there's a full shell there that understands test, || and mkdir -p. the only alternative would be to run "ls" as a remote command to determine the dir's existence, parse the output (brittle) then create another remote session to run "mkdir". clearly that can't work with rssh ever either, because rssh doesn't let you run ls or mkdir. net result: there are fundamental limitations of the (misnamed) scp access mechanism, which preclude its use with a massively restrictive shell like rssh. use sftp, which works fine with rssh. regards az -- Alexander Zangerl + GPG Key 0xB963BD5F (or 0x42BD645D) + http://snafu.priv.at/ You possess a mind not merely twisted, but actually sprained. -- BSD fortune file
signature.asc
Description: Digital Signature
