当有人连接到 rsync 时,它应该停止他们,并且(错误地)回显错误消息,我得到了来自 rsync 的输出,如下:
protocol version mismatch -- is your shell clean?
或者
rsync error: protocol incompatibility (code 2) at compat.c(600) [sender=v3.2.3]
对于 sftp,它会说类似这样的话:
Received message too long 796226418
Ensure the remote shell produces no output for non-interactive sessions.
与我发现的其他所有相关问题和答案不同,输出是故意的;rsync 和 sftp 不应该工作。我知道为什么会有这条消息,但我不想删除它。我只是希望它符合协议,以便用户看到它。我怎样才能向用户传递一条消息,让他们知道该怎么做?
想象一下,我有一个简单的 shell:
#!/bin/bash
#
# just an example denying all... in reality, you allow something
# for testing, send output to this file too
exec &> >(tee "/tmp/shell-test.${USER}.out")
if grep -q "sftp" <<< "$SSH_ORIGINAL_COMMAND" || grep -q "sftp" <<< "$@"; then
echo "sftp access is denied"
exit 1
elif grep -q "rsync" <<< "$SSH_ORIGINAL_COMMAND" || grep -q "rsync" <<< "$@"; then
echo "rsync access is denied"
exit 1
else
echo "I'm sorry Dave; I'm afraid I can't do that."
exit 1
fi
以下是测试和输出:
root@testserver # echo /usr/local/bin/test-shell >> /etc/shells
root@testserver # useradd -s /usr/local/bin/test-shell testuser
root@testserver # mkdir ~testuser/.ssh
root@testserver # echo "$yourkeyhere" > ~testuser/.ssh/authorized_keys
root@testserver # passwd testuser
you@workstation $ rsync -avP src/ testuser@testserver:bla/
protocol version mismatch -- is your shell clean?
(see the rsync man page for an explanation)
rsync error: protocol incompatibility (code 2) at compat.c(600) [sender=v3.2.3]
root@testserver # cat /tmp/shell-test.testuser.out
rsync access is denied
you@workstation $ sftp testuser@testserver
Received message too long 796226418
Ensure the remote shell produces no output for non-interactive sessions.
root@testserver # cat /tmp/shell-test.testuser.out
sftp access is denied
you@workstation $ ssh testuser@testserver
PTY allocation request failed on channel 0
I'm sorry Dave, I'm afraid I can't do that.
Connection to testserver closed.
root@testserver # cat /tmp/shell-test.testuser.out
I'm sorry Dave, I'm afraid I can't do that.
那么对于 rsync 和 sftp,为了向用户传递错误消息,我除了简单地回显之外还能做什么?