Re: [Duplicity-talk] Biggest nightmare

[Sieker Adi Jörg]

Hi,

On 31.05.2009, at 12:50, Sieker Adi Jörg wrote:

> Hi,
>
> On 31.05.2009, at 12:07, Cristian KLEIN wrote:
>
> > Edgar Soldin a écrit :
> > > could you clear that up for me? ..ede
> >
> > Suppose you wanted to implement my solution, that is, protect the
> > backups, by only allowing create new file, read and list operations.
> > Currently, duplicity uses both SFTP and SCP for the „ssh://” URL,  
> > which
> > would mean that you would have to implement both a restricted SFTP  
> > and a
> > restricted SCP server.
> >
> > In order reduce the effort of coding such a restricted server, I  
> > propose
> > creating a „pure” SFTP backend.
>
> Why not just configure your FTP server to disallow cerain commands?
> ProFTPd seems to support this:
> http://www.proftpd.org/docs/directives/linked/config_ref_DenyFilter.html
> or Limits http://www.proftpd.org/docs/howto/Limit.html

doh, sorry.
This only makes sense if you are using ftp and not if you are using  
ssh as in your case.

Adi


> Regards
>   Adi
>
>
> > > > Edgar Soldin a écrit :
> > > >
> > > > > A backup repository pulling the backups from the duplicity host  
> > > > > seems
> > > > > easier to setup to me.
> > > > > Why would you want a pure sftp backend?
> > > > So that you only need to write a resticted SFTP server, without  
> > > > having
> > > > to write a restricted SCP server.
> > > >
> > > >
> > > > > ... ede
> > > > >
> > > > > > I would like to add another idea and know what you're thinking  
> > > > > > about it.
> > > > > > Everything duplicity needs for „normal” backup operations is to  
> > > > > > list
> > > > > > files, read files and create new (non-existing) files. So I  
> > > > > > thought
> > > > > > about creating a restricted SFTP server, which would allow  
> > > > > > exactly these
> > > > > > three operations. Then an evil attacker could not compromise  
> > > > > > backups.
> > > > > >
> > > > > > A user who has an SSH account on a backup host, would use two  
> > > > > > keys:
> > > > > > a) not-password-protected, restricted to SFTP
> > > > > > b) password-protected, restricted to backup maintainance, which  
> > > > > > he
> > > > > > should actually *never* use
> > > > > >
> > > > > > Unfortunately, I could not find any Restricted SFTP server, but  
> > > > > > writing
> > > > > > a paramiko-based one should not be too difficult. Also,  
> > > > > > duplicity does
> > > > > > not currently have a „pure” SFTP backend, but again, this  
> > > > > > should be
> > > > > > piece of cake.
> > > > > >
> > > > > > So, what do you think?