Page MenuHomePhabricator
Create Task
Maniphest T277899

Move away from rssh in fundraising environment
Closed, ResolvedPublic
Actions

Description

We currently use rssh to restrict connections for backups and some data copies in the fundraising rig. We have been using the stretch package on buster. Since we have shifted off of stretch and wish to clean it from the rig, we need to find an alternative to use for this.

Please investigate the options and shift the current rssh usage to a new method.

Related Objects

Event Timeline

Dwisehaupt created this task.Mar 19 2021, 5:49 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptMar 19 2021, 5:49 PM
Dwisehaupt mentioned this in T277215: Remove fundraising puppet stretch exceptions.Mar 19 2021, 5:51 PM
Jgreen subscribed.Mar 25 2021, 7:28 PM

We already use openssh's built in sftp server and chroot where applicable. For rsync, after a whole bunch of research and testing a reasonable way to handle this is with script that runs via openssh's ForceCommand. This is similar to rrsync which is bundled with rsync, but without it's additional layer of filesystem access controls. We would also like to support unison. To that end I wrote nopeshell.

Jgreen claimed this task.Mar 25 2021, 7:28 PM
Jgreen triaged this task as Medium priority.
Jgreen moved this task from Triage to In Progress on the fundraising-tech-ops board.
Jgreen closed this task as Resolved.Mar 26 2021, 7:58 PM
Jgreen moved this task from In Progress to Done on the fundraising-tech-ops board.

Done!

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL