Re: [Duplicity-talk] Biggest nightmare

[Cristian KLEIN]

Edgar Soldin a écrit :
> Didn't know that. Pretty sure you are welcome to deliver patches ...
> regards ede

Hello,

Just when I finished creating a SFTP-only backend, I observed that
somebody already wrote it before me (this happens to me way to often grrr).

https://savannah.nongnu.org/bugs/?26464

As for the restricted SFTP server, I wrote a paramiko-based one and
would really love to let people look over it and audit it, perhaps
including it in duplicity one day. Where could I post it? Savannah does
not seem to let me post a new patch.

> --
>> Edgar Soldin a écrit :
>>   
>>> could you clear that up for me? ..ede
>>>     
>> Suppose you wanted to implement my solution, that is, protect the
>> backups, by only allowing create new file, read and list operations.
>> Currently, duplicity uses both SFTP and SCP for the „ssh://” URL, which
>> would mean that you would have to implement both a restricted SFTP and a
>> restricted SCP server.
>>
>> In order reduce the effort of coding such a restricted server, I propose
>> creating a „pure” SFTP backend.
>>
>>   
>>>> Edgar Soldin a écrit :
>>>>   
>>>>       
>>>>> A backup repository pulling the backups from the duplicity host seems
>>>>> easier to setup to me.
>>>>> Why would you want a pure sftp backend?
>>>>>     
>>>>>         
>>>> So that you only need to write a resticted SFTP server, without having
>>>> to write a restricted SCP server.
>>>>
>>>>   
>>>>       
>>>>> ... ede
>>>>>     
>>>>>         
>>>>>> I would like to add another idea and know what you're thinking about it.
>>>>>> Everything duplicity needs for „normal” backup operations is to list
>>>>>> files, read files and create new (non-existing) files. So I thought
>>>>>> about creating a restricted SFTP server, which would allow exactly these
>>>>>> three operations. Then an evil attacker could not compromise backups.
>>>>>>
>>>>>> A user who has an SSH account on a backup host, would use two keys:
>>>>>> a) not-password-protected, restricted to SFTP
>>>>>> b) password-protected, restricted to backup maintainance, which he
>>>>>> should actually *never* use
>>>>>>
>>>>>> Unfortunately, I could not find any Restricted SFTP server, but writing
>>>>>> a paramiko-based one should not be too difficult. Also, duplicity does
>>>>>> not currently have a „pure” SFTP backend, but again, this should be
>>>>>> piece of cake.
>>>>>>
>>>>>> So, what do you think?
>>>>>>
>>>>>>
>>>>>>
>>>>>> _______________________________________________
>>>>>> Duplicity-talk mailing list
>>>>>> address@hidden
>>>>>> http://lists.nongnu.org/mailman/listinfo/duplicity-talk
>>>>>>   
>>>>>>       
>>>>>>           
>>>>> _______________________________________________
>>>>> Duplicity-talk mailing list
>>>>> address@hidden
>>>>> http://lists.nongnu.org/mailman/listinfo/duplicity-talk
>>>>>     
>>>>>         
>>>> _______________________________________________
>>>> Duplicity-talk mailing list
>>>> address@hidden
>>>> http://lists.nongnu.org/mailman/listinfo/duplicity-talk
>>>>   
>>>>       
>>> _______________________________________________
>>> Duplicity-talk mailing list
>>> address@hidden
>>> http://lists.nongnu.org/mailman/listinfo/duplicity-talk
>>>     
>>
>>
>> _______________________________________________
>> Duplicity-talk mailing list
>> address@hidden
>> http://lists.nongnu.org/mailman/listinfo/duplicity-talk
>>   
> 
> 
> 
> _______________________________________________
> Duplicity-talk mailing list
> address@hidden
> http://lists.nongnu.org/mailman/listinfo/duplicity-talk