[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Duplicity-tracker] [bug #26464] use only sftp, not scp too?
From: |
Colin Watson |
Subject: |
[Duplicity-tracker] [bug #26464] use only sftp, not scp too? |
Date: |
Wed, 06 May 2009 12:18:03 +0000 |
User-agent: |
Mozilla/5.0 (X11; U; Linux i686; en-GB; rv:1.9.0.10) Gecko/2009042523 Ubuntu/9.04 (jaunty) Firefox/3.0.10 |
URL:
<http://savannah.nongnu.org/bugs/?26464>
Summary: use only sftp, not scp too?
Project: duplicity
Submitted by: cjwatson
Submitted on: Wed 06 May 2009 13:18:01 BST
Category: None
Severity: 3 - Normal
Item Group: None
Status: None
Privacy: Public
Assigned to: None
Originator Email:
Open/Closed: Open
Discussion Lock: Any
_______________________________________________________
Details:
I started setting up a secure environment for making backups to my server
using duplicity over SFTP; I created a specialised user for it, used a forced
command in authorized_keys to limit it to sftp only, and used 'Match User' and
'ChrootDirectory' in sshd_config to limit sftp to a single directory. This all
looked quite promising until I realised that duplicity uses sftp for some
operations but scp for others.
Is there any reason why this couldn't be simplified to use sftp across the
board for everything? It seems as if it would just be a matter of sending
appropriate "get" and "put" commands, possibly fiddling with quoting a bit
(but the quoting issues with sftp can surely be no worse than the utter
quoting nightmare that is scp).
I know that restricted shells such as rssh exist, but I would prefer my
security boundary to be as small and easily-comprehensible as possible.
Thanks in advance.
_______________________________________________________
Reply to this item at:
<http://savannah.nongnu.org/bugs/?26464>
_______________________________________________
Message sent via/by Savannah
http://savannah.nongnu.org/
- [Duplicity-tracker] [bug #26464] use only sftp, not scp too?,
Colin Watson <=