|
|
2533b56549
|
feat(security): modernize SSH key algorithm support with Ed25519
Replace deprecated DSA key support with modern SSH key algorithms,
prioritizing Ed25519 as the most secure option.
Changes:
- Add load_ssh_private_key() helper function in common.py
- Support Ed25519 (preferred), ECDSA, and RSA key types
- Remove deprecated and insecure DSA key support
- Update all SSH key loading across backup drivers:
* common.py: do_preexec, do_postexec, run_remote_command
* backup_mysql.py
* backup_pgsql.py
* backup_sqlserver.py
* backup_oracle.py
* backup_samba4.py
- Add ssh_port parameter to preexec/postexec connections
- Update README.md with SSH key generation instructions
- Document supported algorithms and migration path
Algorithm priority:
1. Ed25519 (most secure, modern, fast, timing-attack resistant)
2. ECDSA (secure, widely supported)
3. RSA (legacy support, requires 2048+ bits)
Security improvements:
- Eliminates vulnerable DSA algorithm (1024-bit limit, FIPS deprecated)
- Prioritizes elliptic curve cryptography (Ed25519, ECDSA)
- Provides clear error messages for unsupported key types
- Maintains backward compatibility with existing RSA keys
Documentation:
- Add SSH key generation examples to README.md
- Update expected directory structure to show Ed25519 keys
- Add migration notes in SECURITY_IMPROVEMENTS.md
- Include key generation commands for all supported types
Breaking change:
- DSA keys are no longer supported and will fail with clear error message
- Users must migrate to Ed25519, ECDSA, or RSA (4096-bit recommended)
Migration:
```bash
# Generate new Ed25519 key
ssh-keygen -t ed25519 -f ~/.ssh/id_ed25519
# Copy to remote servers
ssh-copy-id -i ~/.ssh/id_ed25519.pub user@remote
```
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
|
2025-10-05 01:39:17 +02:00 |
|
|
|
b805f8387e
|
Fix re.compile / re.match warnings
lint / docker (push) Has been cancelled
|
2025-03-07 22:51:20 +01:00 |
|
|
|
737f9bea38
|
fix iniparse
lint / docker (push) Successful in 9m14s
fix code passing ruff linter
pre-commit ruff
pre-commit ruff format
|
2024-11-29 23:45:40 +01:00 |
|
|
|
99dc6e0abf
|
fix import
|
2024-11-28 23:46:48 +01:00 |
|
htouvet
|
bc4b9811ed
|
migrate to Python3 (from alejeune)
|
2022-04-25 10:02:43 +02:00 |
|
Kévin Guérineau
|
d079b542be
|
comment DSSKey and add ed25519
|
2020-11-20 14:13:27 +01:00 |
|
Jeremie Courreges-Anglas
|
26c45f3fe6
|
Stoopid unicode
|
2020-11-20 14:11:17 +01:00 |
|
Jeremie Courreges-Anglas
|
5a1e984a0b
|
Use pg_dump -Z to compress the output on the fly
Less temp files overhead, less space used in tmp_dir, and less code.
-Z is supported since PostgreSQL 7.1.
|
2020-11-20 14:11:16 +01:00 |
|
Jeremie Courreges-Anglas
|
e2c0e7e516
|
Respect tmp_dir, fixes temp files removal
|
2020-11-20 14:11:15 +01:00 |
|
htouvet
|
e701575525
|
typo in gzipped pgsql dump filename
|
2018-02-21 09:38:52 +01:00 |
|
htouvet
|
b082796a87
|
fix register_existingbackups
fix tmp gzip for pgsqldump
|
2018-02-09 09:55:33 +01:00 |
|
htouvet
|
c29ad67075
|
ajout paramètres tmp_dir = '/tmp' et encoding = 'UTF8' pour le driver backup pgsql
|
2018-02-06 15:21:55 +01:00 |
|
ssamson-tis
|
dc53354ea2
|
- Suppress warning output
- Escape special character
|
2015-10-30 10:53:38 +01:00 |
|
ssamson-tis
|
44a4b5ea15
|
remove leading character in postgres databases
|
2015-09-30 16:28:34 +02:00 |
|
ssamson-tis
|
fe4081c7d3
|
change method to list all postgres databases
|
2015-09-30 16:14:25 +02:00 |
|
ssamson-tis
|
169602758e
|
Postgres database is optional
|
2015-09-24 16:57:49 +02:00 |
|
ssamson-tis
|
bd05ae8f25
|
Fist commit
|
2013-05-23 10:19:43 +02:00 |
|
