Konubinix' opinionated web of thoughts



[2021-01-02 Sat 10:59]

borg serve has special support for ssh forced commands (see authorized_keys example below): it will detect that you use such a forced command and extract the value of the –restrict-to-path option(s).

[2021-01-02 Sat 10:59]

Allow an SSH keypair to only run borg, and only have access to /path/to/repo.

$ cat ~/.ssh/authorized_keys command=“borg serve –restrict-to-path /path/to/repo”,restrict ssh-rsa AAAAB3[…]

$ cat ~/.ssh/authorized_keys command=“export BORG_XXX=value; borg serve […]",restrict

Notes pointant ici