So here's my scenario.
* I have a home server (HostB) which is completely within my control.
* I have an off-site machine that can potentially be physically accessed by other people I don't trust (HostA).
I want to do off-site backups (encrypted of course) via `duplicity` from HostB to HostA. Because HostA is behind firewall, it can't provide direct ssh access. So I'll have to do a reverse port forwarding to expose HostA:22. In order to reliably do the reverse port forwarding without password, I will add HostA's public key to HostB's authorized_keys file. Now that can potentially be bad, because the pub key could be stolen.
However, since the ssh login from HostA -> HostB is **only** to establish the port forwarding tunnel so HostB can access HostA:22, is there any good way I can restrict the HostA -> HostB ssh connection to **only** provide the tunnel and nothing else??
The most straightforward way I'm aware of is sshd's chroot jail support, via `ChrootDirectory` in `sshd.config`. But that feels still providing more functionality to the connection than what it needs. Or is this actually the correct direction and I just need to properly set up the chroot environment?
What about a FreeBSD jail for this purpose? Feels too heavy weight on the system to create a jail just for reverse port forwarding though. Any other approaches?
Thanks!
* I have a home server (HostB) which is completely within my control.
* I have an off-site machine that can potentially be physically accessed by other people I don't trust (HostA).
I want to do off-site backups (encrypted of course) via `duplicity` from HostB to HostA. Because HostA is behind firewall, it can't provide direct ssh access. So I'll have to do a reverse port forwarding to expose HostA:22. In order to reliably do the reverse port forwarding without password, I will add HostA's public key to HostB's authorized_keys file. Now that can potentially be bad, because the pub key could be stolen.
However, since the ssh login from HostA -> HostB is **only** to establish the port forwarding tunnel so HostB can access HostA:22, is there any good way I can restrict the HostA -> HostB ssh connection to **only** provide the tunnel and nothing else??
The most straightforward way I'm aware of is sshd's chroot jail support, via `ChrootDirectory` in `sshd.config`. But that feels still providing more functionality to the connection than what it needs. Or is this actually the correct direction and I just need to properly set up the chroot environment?
What about a FreeBSD jail for this purpose? Feels too heavy weight on the system to create a jail just for reverse port forwarding though. Any other approaches?
Thanks!