ssh command filter script for btrbk

SYNOPSIS [-s|--source] [-t|--target] [-d|--delete] [-i|--info]
[-p|--restrict-path <path>] [-l|--log] [--sudo]

DESCRIPTION restricts SSH commands to btrfs commands used by btrbk. It examines the SSH_ORIGINAL_COMMAND environment variable (set by sshd) and executes it only if it matches commands used by btrbk. The accepted commands are specified by the "--source", "--target", "--delete" and "--info" options.

Note that the following btrfs commands are always allowed: "btrfs subvolume show", "btrfs subvolume list".

Example line in /root/.ssh/authorized_keys on a backup target host:

command=" --target --delete --restrict-path /mnt/btr_backup" ssh-rsa AAAAB3NzaC1...hwumXFRQBL [email protected]


-s, --source

Allow commands for backup source: "btrfs subvolume snapshot", "btrfs send". Equivalent to "--snapshot --send".

-t, --target

Allow commands for backup target: "btrfs receive", "realpath" and "cat /proc/self/mounts".

-d, --delete

Allow commands for subvolume deletion: "btrfs subvolume delete". This is used for backup source if snapshot_preserve_daily is not set to "all", and for backup targets if target_preserve_daily is not set to "all".

-i, --info

Allow informative commands: "btrfs subvolume find-new", "btrfs filesystem usage". This is used by btrbk info and diff commands.


Allow btrfs snapshot command: "btrfs subvolume snapshot".


Allow btrfs send command: "btrfs send".


Allow btrfs receive command: "btrfs receive".

-p, --restrict-path <path>

Restrict btrfs commands to <path>.

-l, --log

Log ACCEPT and REJECT messages to the system log.




Please refer to the btrbk project page for further details.


Axel Burri <[email protected]>