Re: [Duplicity-talk] Biggest nightmare

[Cristian KLEIN]

Edgar Soldin a écrit :
> A backup repository pulling the backups from the duplicity host seems
> easier to setup to me.
> Why would you want a pure sftp backend?

So that you only need to write a resticted SFTP server, without having
to write a restricted SCP server.

> ... ede
>> I would like to add another idea and know what you're thinking about it.
>> Everything duplicity needs for „normal” backup operations is to list
>> files, read files and create new (non-existing) files. So I thought
>> about creating a restricted SFTP server, which would allow exactly these
>> three operations. Then an evil attacker could not compromise backups.
>>
>> A user who has an SSH account on a backup host, would use two keys:
>> a) not-password-protected, restricted to SFTP
>> b) password-protected, restricted to backup maintainance, which he
>> should actually *never* use
>>
>> Unfortunately, I could not find any Restricted SFTP server, but writing
>> a paramiko-based one should not be too difficult. Also, duplicity does
>> not currently have a „pure” SFTP backend, but again, this should be
>> piece of cake.
>>
>> So, what do you think?
>>
>>
>>
>> _______________________________________________
>> Duplicity-talk mailing list
>> address@hidden
>> http://lists.nongnu.org/mailman/listinfo/duplicity-talk
>>   
> 
> 
> 
> _______________________________________________
> Duplicity-talk mailing list
> address@hidden
> http://lists.nongnu.org/mailman/listinfo/duplicity-talk