Re: [Duplicity-talk] duplicity scp vs. sftp

[Heiko Baumann]

On Tue, 24 Nov 2009 10:15:31 -0600, Kenneth Loafman <address@hidden>
wrote:
> Heiko Baumann wrote:
>> is scponly (http://www.sublimation.org/scponly/wiki/index.php/Main_Page)
>> not the a possible solution to the scp/chroot problem? for me it seems a
>> little bit "hard" to force everyone to use sftp!? is there any reason
why
>> we cannot make it an optional feature via command line option? i really
>> would appreciate it :)
> 
> I am not trying to force anyone to use duplicity, just to make it more
> secure.  If that means using sftp over scp, then so be it.  I suppose a
> commandline option would be the way to go, with the default being the
> current configuration.  The sftp code is still in the bzr repository and
> should still work.  If you would, please go to Launchpad and enter a bug
> report.  I tend to forget the email requests fairly quickly.
> 
>> do you have an example of a good tcp-wrapper for rate-limiting with
sftp,
>> in case there is no way back to scp?
> 
> Other than dropping back to a previous version, there's no way back at
> the moment.  There are conflicting use-cases out there and the current
> duplicity supports the ones that make sense.  It's all about tradeoffs,
> sleep vs development, security vs rate-limiting, etc..  :-)
> 
> As to tcp-wrapper, Google 'tcp wrapper rate limt'.  Looks like a bunch
> of hits.  We normally don't get complaints about too high a rate, more
> likely a complaint about too slow.
> 
> ...Ken

yeah, upstream is always to low ;) but if duplicity runs it may affect
other internet traffic so rate limiting its traffic is a valid use case in
some situations :)

i've created bug report https://bugs.launchpad.net/duplicity/+bug/487686

thanks for all help. hope to see an scp command line option in one of the
next releases :)