[Box Backup] SSH/SSL

[Chris Wilson]

Hi Stavros,

On Tue, 5 Nov 2013, Stavros Korokithakis wrote:

> I'm currently evaluating various backup programs, and Box Backup seems 
> very promising. However, trying to set it up is quite the task, as SSL 
> is a pain to install. Is there any way to run it over plain SSH, and, if 
> not, would this be supported in a future version?

That's strange, I've set it up many times and never had a problem with the 
SSL certificate setup. The only thing I can imagine being a problem is if 
you have many clients to configure, in different locations, so sending 
back the certificates to be signed is painful. I did start writing a CGI 
certificate manager which is part of the Box Backup source, and you could 
try it out if you like.

Unfortunately SSL is essential to the security of the system, since the 
SSL certificate is the only thing that ensures that the connecting client 
is actually authorised to connect and access the account that it's trying 
to access. It would theoretically be possible to either (a) mount the 
filesystem over sshfs and do a local backup to it, or (b) remove 
authentication from the protocol and have you assert that you trust all 
the clients and build a network (ssh or vpn) for it to run over, but 
neither mechanism is implemented at the moment.

Cheers, Chris.
-- 
_____ __     _
\  __/ / ,__(_)_  | Chris Wilson <chris+sig at qwirx.com> Cambs UK |
/ (_/ ,\/ _/ /_ \ | Security/C/C++/Java/Ruby/Perl/SQL Developer |
\__/_/_/_//_/___/ | We are GNU : free your mind & your software |