From e8f1827dd2764a92b5268e3db2a90fa9d049b377 Mon Sep 17 00:00:00 2001 From: Arthur Normand Date: Wed, 13 Sep 2023 23:26:09 -0400 Subject: [PATCH] Add flag to enable secure SSH features --- README.md | 1 + rsync_tmbackup.sh | 14 ++++++++++++-- 2 files changed, 13 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 15abc30..bdcc6f7 100644 --- a/README.md +++ b/README.md @@ -31,6 +31,7 @@ On macOS, it has a few disadvantages compared to Time Machine - in particular it After 365 days keep one backup every 30 days. --no-auto-expire Disable automatically deleting backups when out of space. Instead an error is logged, and the backup is aborted. + --secure-ssh Enables secure SSH features. ## Features diff --git a/rsync_tmbackup.sh b/rsync_tmbackup.sh index b8fe0c0..4649e66 100755 --- a/rsync_tmbackup.sh +++ b/rsync_tmbackup.sh @@ -51,6 +51,7 @@ fn_display_usage() { echo " After 365 days keep one backup every 30 days." echo " --no-auto-expire Disable automatically deleting backups when out of space. Instead an error" echo " is logged, and the backup is aborted." + echo " --secure-ssh Enables secure SSH features." echo "" echo "For more detailed help, please see the README file:" echo "" @@ -279,6 +280,7 @@ LOG_DIR="$HOME/.$APPNAME" AUTO_DELETE_LOG="1" EXPIRATION_STRATEGY="1:1 30:7 365:30" AUTO_EXPIRE="1" +SECURE_SSH="0" RSYNC_FLAGS="-D --numeric-ids --links --hard-links --one-file-system --itemize-changes --times --recursive --perms --owner --group --stats --human-readable" @@ -321,6 +323,9 @@ while :; do --no-auto-expire) AUTO_EXPIRE="0" ;; + --secure-ssh) + SECURE_SSH="1" + ;; --) shift SRC_FOLDER="$1" @@ -543,13 +548,18 @@ while : ; do fn_log_info "From: $SSH_SRC_FOLDER_PREFIX$SRC_FOLDER/" fn_log_info "To: $SSH_DEST_FOLDER_PREFIX$DEST/" + SSH_FLAGS="" + if [[ $SECURE_SSH == "0" ]]; then + SSH_FLAGS="-o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null" + fi + CMD="rsync" if [ -n "$SSH_CMD" ]; then RSYNC_FLAGS="$RSYNC_FLAGS --compress" if [ -n "$ID_RSA" ] ; then - CMD="$CMD -e 'ssh -p $SSH_PORT -i $ID_RSA -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null'" + CMD="$CMD -e 'ssh -p $SSH_PORT -i $ID_RSA $SSH_FLAGS'" else - CMD="$CMD -e 'ssh -p $SSH_PORT -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null'" + CMD="$CMD -e 'ssh -p $SSH_PORT $SSH_FLAGS'" fi fi CMD="$CMD $RSYNC_FLAGS"