[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Duplicity-talk] Biggest nightmare
|
From: |
Cristian KLEIN |
|
Subject: |
Re: [Duplicity-talk] Biggest nightmare |
|
Date: |
Sun, 31 May 2009 12:07:17 +0200 |
|
User-agent: |
Thunderbird 2.0.0.21 (X11/20090409) |
Edgar Soldin a écrit :
> could you clear that up for me? ..ede
Suppose you wanted to implement my solution, that is, protect the
backups, by only allowing create new file, read and list operations.
Currently, duplicity uses both SFTP and SCP for the „ssh://” URL, which
would mean that you would have to implement both a restricted SFTP and a
restricted SCP server.
In order reduce the effort of coding such a restricted server, I propose
creating a „pure” SFTP backend.
>> Edgar Soldin a écrit :
>>
>>> A backup repository pulling the backups from the duplicity host seems
>>> easier to setup to me.
>>> Why would you want a pure sftp backend?
>>>
>> So that you only need to write a resticted SFTP server, without having
>> to write a restricted SCP server.
>>
>>
>>> ... ede
>>>
>>>> I would like to add another idea and know what you're thinking about it.
>>>> Everything duplicity needs for „normal” backup operations is to list
>>>> files, read files and create new (non-existing) files. So I thought
>>>> about creating a restricted SFTP server, which would allow exactly these
>>>> three operations. Then an evil attacker could not compromise backups.
>>>>
>>>> A user who has an SSH account on a backup host, would use two keys:
>>>> a) not-password-protected, restricted to SFTP
>>>> b) password-protected, restricted to backup maintainance, which he
>>>> should actually *never* use
>>>>
>>>> Unfortunately, I could not find any Restricted SFTP server, but writing
>>>> a paramiko-based one should not be too difficult. Also, duplicity does
>>>> not currently have a „pure” SFTP backend, but again, this should be
>>>> piece of cake.
>>>>
>>>> So, what do you think?
>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> Duplicity-talk mailing list
>>>> address@hidden
>>>> http://lists.nongnu.org/mailman/listinfo/duplicity-talk
>>>>
>>>>
>>> _______________________________________________
>>> Duplicity-talk mailing list
>>> address@hidden
>>> http://lists.nongnu.org/mailman/listinfo/duplicity-talk
>>>
>>
>>
>> _______________________________________________
>> Duplicity-talk mailing list
>> address@hidden
>> http://lists.nongnu.org/mailman/listinfo/duplicity-talk
>>
>
>
>
> _______________________________________________
> Duplicity-talk mailing list
> address@hidden
> http://lists.nongnu.org/mailman/listinfo/duplicity-talk
- [Duplicity-talk] Biggest nightmare, Cristian KLEIN, 2009/05/30
- Re: [Duplicity-talk] Biggest nightmare, Kenneth Loafman, 2009/05/30
- Re: [Duplicity-talk] Biggest nightmare, Cristian KLEIN, 2009/05/31
- Re: [Duplicity-talk] Biggest nightmare, Edgar Soldin, 2009/05/31
- Re: [Duplicity-talk] Biggest nightmare, Cristian KLEIN, 2009/05/31
- Re: [Duplicity-talk] Biggest nightmare, Edgar Soldin, 2009/05/31
- Re: [Duplicity-talk] Biggest nightmare,
Cristian KLEIN <=
- Re: [Duplicity-talk] Biggest nightmare, Edgar Soldin, 2009/05/31
- Re: [Duplicity-talk] Biggest nightmare, Cristian KLEIN, 2009/05/31
- Re: [Duplicity-talk] Biggest nightmare, Sieker Adi Jörg, 2009/05/31
- Re: [Duplicity-talk] Biggest nightmare, Sieker Adi Jörg, 2009/05/31
- Re: [Duplicity-talk] Biggest nightmare, rsync.net, 2009/05/31
- Re: [Duplicity-talk] Biggest nightmare, Cristian KLEIN, 2009/05/31
Re: [Duplicity-talk] Biggest nightmare, Edgar Soldin, 2009/05/30
Re: [Duplicity-talk] Biggest nightmare, Robin Smidsrød, 2009/05/30