|
From: | AJ Weber |
Subject: | Re: [Duplicity-talk] Scp calls |
Date: | Mon, 4 Jan 2010 10:13:09 -0500 |
Thus, my comment about openvpn was not that it's more-or-less secure, but that I could open one tunnel to the target (after one port-knock), run all my duplicity backups, then exit the vpn connection, leaving the server with zero open ports while it's not consuming backups (or restoring). But, as you said, I'm not sure it's worth the extra setup; it's not _that_ much work, but the KISS principle applies with backup/restore scenarios, IMHO.
Thanks again, AJ
Port knocking should add very little overhead, one connection every 200MB if you set volsize=200. Besides, its not the guys on the outside you need to worry about, most data theft is internal. ...Ken
AJ Weber wrote: I was considering using port knocking to stealth all ports on the target until I open the connection, but that won't work right with that M.O. Can't be too careful these days. -AJ On Jan 3, 2010, at 6:28 AM, Kenneth Loafman <address@hidden> wrote:It's as secure as any ssh target, nothing is sent in the clear. I don't think openvpn would be any more secure. ...Ken AJ Weber wrote:Hmm. That seems like a lot of overhead, and I wonder if it increases the ability of hacking the target server (because the username and password are sent repeatedly)? I wonder if I should setup an openvpn pipe and use straight FTP inside that instead? -AJ On Jan 2, 2010, at 8:10 PM, Kenneth Loafman <address@hidden> wrote:Unless you run the --asyncronous-upload option, it's just one connection at a time, very serial. With --async, it's 2 at a time. ...Ken AJ Weber wrote:I guess I could try to trace this, but figure someone might already know... When using scp URL for target, how many ssh or scp sessions are run? Is it one per duplicity invocation, or closer to one per 25M archive file transferred (plus sig and other files)? I ask, because I might try to get fancy with firewall rules to protect the target server, and if it's one session, it'll be more straightforward to implement. Thanks! -AJ _______________________________________________ Duplicity-talk mailing list address@hidden http://lists.nongnu.org/mailman/listinfo/duplicity-talk_______________________________________________ Duplicity-talk mailing list address@hidden http://lists.nongnu.org/mailman/listinfo/duplicity-talk_______________________________________________ Duplicity-talk mailing list address@hidden http://lists.nongnu.org/mailman/listinfo/duplicity-talk_______________________________________________ Duplicity-talk mailing list address@hidden http://lists.nongnu.org/mailman/listinfo/duplicity-talk_______________________________________________ Duplicity-talk mailing list address@hidden http://lists.nongnu.org/mailman/listinfo/duplicity-talk
----- Original Message ----- From: "Kenneth Loafman" <address@hidden>
To: "Discussion of the backup program duplicity" <address@hidden> Sent: Sunday, January 03, 2010 3:23 PM Subject: Re: [Duplicity-talk] Scp calls
_______________________________________________ Duplicity-talk mailing list address@hidden http://lists.nongnu.org/mailman/listinfo/duplicity-talk
[Prev in Thread] | Current Thread | [Next in Thread] |