[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Duplicity-talk] duplicity scp vs. sftp
|
From: |
Kenneth Loafman |
|
Subject: |
Re: [Duplicity-talk] duplicity scp vs. sftp |
|
Date: |
Tue, 24 Nov 2009 10:15:31 -0600 |
|
User-agent: |
Thunderbird 2.0.0.23 (X11/20090817) |
Heiko Baumann wrote:
> is scponly (http://www.sublimation.org/scponly/wiki/index.php/Main_Page)
> not the a possible solution to the scp/chroot problem? for me it seems a
> little bit "hard" to force everyone to use sftp!? is there any reason why
> we cannot make it an optional feature via command line option? i really
> would appreciate it :)
I am not trying to force anyone to use duplicity, just to make it more
secure. If that means using sftp over scp, then so be it. I suppose a
commandline option would be the way to go, with the default being the
current configuration. The sftp code is still in the bzr repository and
should still work. If you would, please go to Launchpad and enter a bug
report. I tend to forget the email requests fairly quickly.
> do you have an example of a good tcp-wrapper for rate-limiting with sftp,
> in case there is no way back to scp?
Other than dropping back to a previous version, there's no way back at
the moment. There are conflicting use-cases out there and the current
duplicity supports the ones that make sense. It's all about tradeoffs,
sleep vs development, security vs rate-limiting, etc.. :-)
As to tcp-wrapper, Google 'tcp wrapper rate limt'. Looks like a bunch
of hits. We normally don't get complaints about too high a rate, more
likely a complaint about too slow.
...Ken
signature.asc
Description: OpenPGP digital signature