duplicity-tracker
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Duplicity-tracker] [bug #26464] use only sftp, not scp too?


From: Colin Watson
Subject: [Duplicity-tracker] [bug #26464] use only sftp, not scp too?
Date: Wed, 06 May 2009 12:18:03 +0000
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-GB; rv:1.9.0.10) Gecko/2009042523 Ubuntu/9.04 (jaunty) Firefox/3.0.10

URL:
  <http://savannah.nongnu.org/bugs/?26464>

                 Summary: use only sftp, not scp too?
                 Project: duplicity
            Submitted by: cjwatson
            Submitted on: Wed 06 May 2009 13:18:01 BST
                Category: None
                Severity: 3 - Normal
              Item Group: None
                  Status: None
                 Privacy: Public
             Assigned to: None
        Originator Email: 
             Open/Closed: Open
         Discussion Lock: Any

    _______________________________________________________

Details:

I started setting up a secure environment for making backups to my server
using duplicity over SFTP; I created a specialised user for it, used a forced
command in authorized_keys to limit it to sftp only, and used 'Match User' and
'ChrootDirectory' in sshd_config to limit sftp to a single directory. This all
looked quite promising until I realised that duplicity uses sftp for some
operations but scp for others.

Is there any reason why this couldn't be simplified to use sftp across the
board for everything? It seems as if it would just be a matter of sending
appropriate "get" and "put" commands, possibly fiddling with quoting a bit
(but the quoting issues with sftp can surely be no worse than the utter
quoting nightmare that is scp).

I know that restricted shells such as rssh exist, but I would prefer my
security boundary to be as small and easily-comprehensible as possible.

Thanks in advance.




    _______________________________________________________

Reply to this item at:

  <http://savannah.nongnu.org/bugs/?26464>

_______________________________________________
  Message sent via/by Savannah
  http://savannah.nongnu.org/





reply via email to

[Prev in Thread] Current Thread [Next in Thread]