Re: [Duplicity-talk] adding stronger server-side protections for ssh backups.

[Ben Escoto]

On Sun, Jan 05, 2003 at 12:51:51AM -0600, Rob Browning wrote:
> Apologies for the multiple posts, but after some more thinking and
> looking around, below is what seemed like a possible way to allow for
> safer ssh backups -- safer for the client because it would be less
> likely that the client could clobber their own data, either
> accidentally or maliciously, and safer for the server admin because it
> would allow more precise limits on what the client is allowed to do.
> 
> The approach below may also be more convenient for the admin since (if
> it works) it should allow multiple clients to back up to the server
> using only one ssh account (but different keys), and still not be able
> to access or affect each others' data.

I like this plan because it is relatively simple and kills three birds
with one stone.  I have not thought about the security of it yet
though, so I may be missing something.

> The client invocation might look something like this:
> 
>   duplicity /path/to/back/up \
>             dssh://address@hidden/local/path/to/identity.pub
> 
> Note that in the above, the path to identity.pub would be the path on
> the local machine, not the backup server.

The dssh URL syntax seems a bit non-standard and confusing to me, but
I can't think of a better way offhand.  Maybe I will look at the rfcs
again.

So do you feel like writing this 'duplicity-ssh-agent' command and the
associated documentation?  That will be 90+% of the work probably.
Maybe it would be best to write it in shell, in case python or other
languages aren't available on the server.  Once that is done it should
be pretty trivial to add support for this new "dssh" protocol since,
as you said, a backend only has to implement put, get, list, and
delete.


-- 
Ben Escoto

pgpIAYn5RmgaF.pgp
Description: PGP signature