Hi,
I’m trying to setup automated backups for all clients at our union.
We use a central identity provider for authentication of all applications and there must not be any other credentials to be managed, so using the htaccess method isn’t possible.
It would be possible to use machine certificates/TLS for authentication which is already done with VPN, but unfortunately client authentication does not seem to be implemented yet in rest-server.
We do have client based ssh keys though and one of the cleanest solution I found with restic, was the use of rclone serve restic --append-only as ForcedCommand through ssh, allowing only restic backups on the remote hosts.
Is it possible to use the same approach with rest-server?
The only way I got working so far is to use ssh with port forwarding to bind the rest server to the clients localhost port and run resting against that (with no additional authentication)
Is there a way to have a similar setup like with rclone serve, that allows to use of ssh (keys) for authentication while allowing the users/machines to run only restic append-only against the remote rest-server?