- Référence externe : https://borgbackup.readthedocs.io/en/stable/usage/serve.html
- Référence externe : https://borgbackup.readthedocs.io/en/stable/usage/init.html
borg serve has special support for ssh forced commands (see authorized_keys example below): it will detect that you use such a forced command and extract the value of the –restrict-to-path option(s).
Allow an SSH keypair to only run borg, and only have access to /path/to/repo.
$ cat ~/.ssh/authorized_keys command=“borg serve –restrict-to-path /path/to/repo”,restrict ssh-rsa AAAAB3[…]
$ cat ~/.ssh/authorized_keys command=“export BORG_XXX=value; borg serve […]",restrict
For remote backups the encryption is done locally - the remote machine never sees your passphrase, your unencrypted key or your unencrypted files.