[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Duplicity-talk] Biggest nightmare
From: |
Cristian KLEIN |
Subject: |
Re: [Duplicity-talk] Biggest nightmare |
Date: |
Sun, 31 May 2009 22:04:48 +0200 |
User-agent: |
Thunderbird 2.0.0.21 (X11/20090409) |
Edgar Soldin a écrit :
> Didn't know that. Pretty sure you are welcome to deliver patches ...
> regards ede
Hello,
Just when I finished creating a SFTP-only backend, I observed that
somebody already wrote it before me (this happens to me way to often grrr).
https://savannah.nongnu.org/bugs/?26464
As for the restricted SFTP server, I wrote a paramiko-based one and
would really love to let people look over it and audit it, perhaps
including it in duplicity one day. Where could I post it? Savannah does
not seem to let me post a new patch.
> --
>> Edgar Soldin a écrit :
>>
>>> could you clear that up for me? ..ede
>>>
>> Suppose you wanted to implement my solution, that is, protect the
>> backups, by only allowing create new file, read and list operations.
>> Currently, duplicity uses both SFTP and SCP for the „ssh://” URL, which
>> would mean that you would have to implement both a restricted SFTP and a
>> restricted SCP server.
>>
>> In order reduce the effort of coding such a restricted server, I propose
>> creating a „pure” SFTP backend.
>>
>>
>>>> Edgar Soldin a écrit :
>>>>
>>>>
>>>>> A backup repository pulling the backups from the duplicity host seems
>>>>> easier to setup to me.
>>>>> Why would you want a pure sftp backend?
>>>>>
>>>>>
>>>> So that you only need to write a resticted SFTP server, without having
>>>> to write a restricted SCP server.
>>>>
>>>>
>>>>
>>>>> ... ede
>>>>>
>>>>>
>>>>>> I would like to add another idea and know what you're thinking about it.
>>>>>> Everything duplicity needs for „normal” backup operations is to list
>>>>>> files, read files and create new (non-existing) files. So I thought
>>>>>> about creating a restricted SFTP server, which would allow exactly these
>>>>>> three operations. Then an evil attacker could not compromise backups.
>>>>>>
>>>>>> A user who has an SSH account on a backup host, would use two keys:
>>>>>> a) not-password-protected, restricted to SFTP
>>>>>> b) password-protected, restricted to backup maintainance, which he
>>>>>> should actually *never* use
>>>>>>
>>>>>> Unfortunately, I could not find any Restricted SFTP server, but writing
>>>>>> a paramiko-based one should not be too difficult. Also, duplicity does
>>>>>> not currently have a „pure” SFTP backend, but again, this should be
>>>>>> piece of cake.
>>>>>>
>>>>>> So, what do you think?
>>>>>>
>>>>>>
>>>>>>
>>>>>> _______________________________________________
>>>>>> Duplicity-talk mailing list
>>>>>> address@hidden
>>>>>> http://lists.nongnu.org/mailman/listinfo/duplicity-talk
>>>>>>
>>>>>>
>>>>>>
>>>>> _______________________________________________
>>>>> Duplicity-talk mailing list
>>>>> address@hidden
>>>>> http://lists.nongnu.org/mailman/listinfo/duplicity-talk
>>>>>
>>>>>
>>>> _______________________________________________
>>>> Duplicity-talk mailing list
>>>> address@hidden
>>>> http://lists.nongnu.org/mailman/listinfo/duplicity-talk
>>>>
>>>>
>>> _______________________________________________
>>> Duplicity-talk mailing list
>>> address@hidden
>>> http://lists.nongnu.org/mailman/listinfo/duplicity-talk
>>>
>>
>>
>> _______________________________________________
>> Duplicity-talk mailing list
>> address@hidden
>> http://lists.nongnu.org/mailman/listinfo/duplicity-talk
>>
>
>
>
> _______________________________________________
> Duplicity-talk mailing list
> address@hidden
> http://lists.nongnu.org/mailman/listinfo/duplicity-talk
- [Duplicity-talk] Biggest nightmare, Cristian KLEIN, 2009/05/30
- Re: [Duplicity-talk] Biggest nightmare, Kenneth Loafman, 2009/05/30
- Re: [Duplicity-talk] Biggest nightmare, Cristian KLEIN, 2009/05/31
- Re: [Duplicity-talk] Biggest nightmare, Edgar Soldin, 2009/05/31
- Re: [Duplicity-talk] Biggest nightmare, Cristian KLEIN, 2009/05/31
- Re: [Duplicity-talk] Biggest nightmare, Edgar Soldin, 2009/05/31
- Re: [Duplicity-talk] Biggest nightmare, Cristian KLEIN, 2009/05/31
- Re: [Duplicity-talk] Biggest nightmare, Edgar Soldin, 2009/05/31
- Re: [Duplicity-talk] Biggest nightmare,
Cristian KLEIN <=
- Re: [Duplicity-talk] Biggest nightmare, Sieker Adi Jörg, 2009/05/31
- Re: [Duplicity-talk] Biggest nightmare, Sieker Adi Jörg, 2009/05/31
- Re: [Duplicity-talk] Biggest nightmare, rsync.net, 2009/05/31
- Re: [Duplicity-talk] Biggest nightmare, Cristian KLEIN, 2009/05/31
Re: [Duplicity-talk] Biggest nightmare, Edgar Soldin, 2009/05/30
Re: [Duplicity-talk] Biggest nightmare, Robin Smidsrød, 2009/05/30