You can just empty the core.askpass param:

git config --global core.askpass ''

See also man git config

It uses rsync for file transfers, find to generate filelist snapshots, and ssh for remote transfers.

bsync is an alternative to Unison, written in Python 3. A big strength of bsync: it can detect and apply moved files from one side to the other (Unison uses some copy calls to handle moved files).

I developped it to be able to synchronize my music directory from my laptop to my Raspberry Pi in an efficient way, and to sync with my girlfriend laptop too.

Bsync is released under GPL. Feel free to report any bugs/wishes in GitHub issues.

More info, Download and Install on the GitHub repo.

Waiting for automatic ssh-add in OpenSSH, you can add this to your .bashrc:

ssh-add -l >/dev/null || alias ssh='ssh-add -l >/dev/null || ssh-add && unalias ssh; ssh'

The alias is created only if the identity is not added, and the alias destroys itself once run.

This way the regular ssh command is used after the identity has been added.

http://superuser.com/questions/325662/how-to-make-ssh-agent-automatically-add-the-key-on-demand/471640#471640

Very simply, you can use:

backup.example.com# rsync -avz --numeric-ids --delete root@myserver.example.com:/path/ /backup/myserver/

To do the backup, you have to be root on the remote server, because some files are only root readable.

Problem: you will allow backup.example.com to do anything on myserver.example.com, where just read only access on the directory is sufficient.

To solve it, you can use the command="" directive in the authorized_keys file to filter the command.

To find this command, start rsync adding the -e'ssh -v' option:

rsync -avz -e'ssh -v' --numeric-ids --delete root@myserver.example.com:/path/ /backup/myserver/ 2>&1 | grep "Sending command"

You get a result like:

debug1: Sending command: rsync --server --sender -vlogDtprze.iLsf --numeric-ids . /path/

Now, just add the command before the key in /root/.ssh/authorized_keys:

command="rsync --server --sender -vlogDtprze.iLsf --numeric-ids . /path/" ssh-rsa AAAAB3NzaC1in2EAAAABIwAAABio......

And for even more security, you can add an IP filter, and other options:

from="backup.example.com",command="rsync --server --sender -vlogDtprze.iLsf --numeric-ids . /path/",no-agent-forwarding,no-port-forwarding,no-pty,no-user-rc,no-X11-forwarding ssh-rsa AAAAB3NzaC1in2EAAAABIwAAABio......

Now try to open a ssh shell on the remote server.. and try some unauthorized rsync commands…

Notes:

• Beware that if you change rsync command options, change also the authorized_keys file.
• No need for complex chroot anymore. Forget my previous article: sftp-chroot-rsync

See also:

• man ssh #/AUTHORIZED_KEYS FILE FORMAT
• man rsync
• view /usr/share/doc/rsync/scripts/rrsync.gz (restricted rsync, allows you to manage allowed options precisely)

We use a reverse SSH tunnel:

nated-host$ ssh -R 2222:localhost:22 anyuser@public-host
anyuser@public-host$

This command opens 2222 port on public-host, forwarding it to local 22 port on nated-host.

Finally, from public-host we connect to 2222 local port with SSH, to end on nated-host:

public-host$ ssh -p2222 localhost
nated-host$

References:

• man ssh
• http://articles.techrepublic.com.com/5100-10878_11-5779944.html?tag=nl.e011
• http://www.howtoforge.com/reverse-ssh-tunneling

I want to create a server-www alias that connects me to the SSH server and change the directory to /var/www/ right after the connection.

There it is :

ssh -t server 'cd /var/www && $SHELL'

And for the alias, add this in your ~/.bashrc:

alias server-www="ssh -t server 'cd /var/www && $SHELL'"
server-www # test it !

References :

• http://groups.google.com/group/comp.security.ssh/browse_thread/thread/ab8981e1c8df2929
• http://ubuntuforums.org/archive/index.php/t-395113.html
• man ssh
• ssh -t server set

In /etc/ssh/sshd_config:

# we use openssh internal sftp
# because /usr/lib/openssh/sftp-server won't be available in chroot
Subsystem sftp internal-sftp

Match group sftp
        ChrootDirectory %h
        X11Forwarding no
        AllowTcpForwarding no
        ForceCommand internal-sftp

UPDATE 17/06/2010: Beware with the syntax! Comments must start at the line beginning, and no spaces at the end of the ForceCommand internal-sftp line.

Now just create users belonging to sftp group, and that’s it.
Test it with:

sftp user@myserver.com

Problem: we cannot use the rsync command to send files, because rsync is not available in the chroot.

First, we allow other commands, commenting the line:

#ForceCommand internal-sftp

Then, we build the following tree in the chroot directory:

bin/
bin/bash
bin/rsync
lib/
lib/libncurses.so.5
lib/ld-linux.so.2
lib/libacl.so.1
lib/libpopt.so.0
lib/libattr.so.1
lib/i686
lib/i686/cmov
lib/i686/cmov/libdl.so.2
lib/i686/cmov/libc.so.6

We must put both bash and rsync commands, and all their librairies (you can display them with the ldd command).

Note: the user must have /bin/bash as default shell.

Note2: the chroot dir must belong to root, even if it’s the user’s folder. To allow the user to write in it, you have to create a subfolder with appropriate permissions. According to OpenSSH programers, it’s a big constraint, but very important for a chroot’s security.

References :

• man sshd_config
• http://www.debian-administration.org/articles/590
• http://www.howtoforge.org/chrooted-ssh-sftp-tutorial-debian-lenny
• http://www.fuschlberger.net/programs/ssh-scp-sftp-chroot-jail/

The simpler is to use an IP restriction rule in your iptables firewall, or in /etc/hosts.deny

If you don’t want or can’t use this restriction, use Fail2ban:

aptitude install fail2ban

The default install blocks SSH connection tries.

You can tune the config a bit or activate Fail2ban for other services. Example:

vi /etc/fail2ban/jail.conf
bantime  = 86400
maxretry = 10 # pour ssh
enabled  = true # pour vsftpd
maxretry = 10 # pour vsftpd

Then, the iptables -L command gives you all banned IP addresses.