duplicity-talk
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Duplicity-talk] Biggest nightmare


From: Edgar Soldin
Subject: Re: [Duplicity-talk] Biggest nightmare
Date: Sun, 31 May 2009 12:01:12 +0200
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.21) Gecko/20090302 Thunderbird/2.0.0.21 Mnenhy/0.7.5.0

could you clear that up for me? ..ede
> Edgar Soldin a écrit :
>   
>> A backup repository pulling the backups from the duplicity host seems
>> easier to setup to me.
>> Why would you want a pure sftp backend?
>>     
>
> So that you only need to write a resticted SFTP server, without having
> to write a restricted SCP server.
>
>   
>> ... ede
>>     
>>> I would like to add another idea and know what you're thinking about it.
>>> Everything duplicity needs for „normal” backup operations is to list
>>> files, read files and create new (non-existing) files. So I thought
>>> about creating a restricted SFTP server, which would allow exactly these
>>> three operations. Then an evil attacker could not compromise backups.
>>>
>>> A user who has an SSH account on a backup host, would use two keys:
>>> a) not-password-protected, restricted to SFTP
>>> b) password-protected, restricted to backup maintainance, which he
>>> should actually *never* use
>>>
>>> Unfortunately, I could not find any Restricted SFTP server, but writing
>>> a paramiko-based one should not be too difficult. Also, duplicity does
>>> not currently have a „pure” SFTP backend, but again, this should be
>>> piece of cake.
>>>
>>> So, what do you think?
>>>
>>>
>>>
>>> _______________________________________________
>>> Duplicity-talk mailing list
>>> address@hidden
>>> http://lists.nongnu.org/mailman/listinfo/duplicity-talk
>>>   
>>>       
>>
>> _______________________________________________
>> Duplicity-talk mailing list
>> address@hidden
>> http://lists.nongnu.org/mailman/listinfo/duplicity-talk
>>     
>
>
>
> _______________________________________________
> Duplicity-talk mailing list
> address@hidden
> http://lists.nongnu.org/mailman/listinfo/duplicity-talk
>   





reply via email to

[Prev in Thread] Current Thread [Next in Thread]