duplicity-talk
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Duplicity-talk] Biggest nightmare

From: Edgar Soldin
Subject: Re: [Duplicity-talk] Biggest nightmare
Date: Sun, 31 May 2009 10:52:15 +0200
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.21) Gecko/20090302 Thunderbird/2.0.0.21 Mnenhy/0.7.5.0 
A backup repository pulling the backups from the duplicity host seems
easier to setup to me.
Why would you want a pure sftp backend?

... ede
> I would like to add another idea and know what you're thinking about it.
> Everything duplicity needs for „normal” backup operations is to list
> files, read files and create new (non-existing) files. So I thought
> about creating a restricted SFTP server, which would allow exactly these
> three operations. Then an evil attacker could not compromise backups.
>
> A user who has an SSH account on a backup host, would use two keys:
> a) not-password-protected, restricted to SFTP
> b) password-protected, restricted to backup maintainance, which he
> should actually *never* use
>
> Unfortunately, I could not find any Restricted SFTP server, but writing
> a paramiko-based one should not be too difficult. Also, duplicity does
> not currently have a „pure” SFTP backend, but again, this should be
> piece of cake.
>
> So, what do you think?
>
>
>
> _______________________________________________
> Duplicity-talk mailing list
> address@hidden
> http://lists.nongnu.org/mailman/listinfo/duplicity-talk
>
reply via email to
[Prev in Thread] Current Thread [Next in Thread]