|
|
2533b56549
|
feat(security): modernize SSH key algorithm support with Ed25519
Replace deprecated DSA key support with modern SSH key algorithms,
prioritizing Ed25519 as the most secure option.
Changes:
- Add load_ssh_private_key() helper function in common.py
- Support Ed25519 (preferred), ECDSA, and RSA key types
- Remove deprecated and insecure DSA key support
- Update all SSH key loading across backup drivers:
* common.py: do_preexec, do_postexec, run_remote_command
* backup_mysql.py
* backup_pgsql.py
* backup_sqlserver.py
* backup_oracle.py
* backup_samba4.py
- Add ssh_port parameter to preexec/postexec connections
- Update README.md with SSH key generation instructions
- Document supported algorithms and migration path
Algorithm priority:
1. Ed25519 (most secure, modern, fast, timing-attack resistant)
2. ECDSA (secure, widely supported)
3. RSA (legacy support, requires 2048+ bits)
Security improvements:
- Eliminates vulnerable DSA algorithm (1024-bit limit, FIPS deprecated)
- Prioritizes elliptic curve cryptography (Ed25519, ECDSA)
- Provides clear error messages for unsupported key types
- Maintains backward compatibility with existing RSA keys
Documentation:
- Add SSH key generation examples to README.md
- Update expected directory structure to show Ed25519 keys
- Add migration notes in SECURITY_IMPROVEMENTS.md
- Include key generation commands for all supported types
Breaking change:
- DSA keys are no longer supported and will fail with clear error message
- Users must migrate to Ed25519, ECDSA, or RSA (4096-bit recommended)
Migration:
```bash
# Generate new Ed25519 key
ssh-keygen -t ed25519 -f ~/.ssh/id_ed25519
# Copy to remote servers
ssh-copy-id -i ~/.ssh/id_ed25519.pub user@remote
```
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
|
2025-10-05 01:39:17 +02:00 |
|
|
|
b805f8387e
|
Fix re.compile / re.match warnings
lint / docker (push) Has been cancelled
|
2025-03-07 22:51:20 +01:00 |
|
|
|
737f9bea38
|
fix iniparse
lint / docker (push) Successful in 9m14s
fix code passing ruff linter
pre-commit ruff
pre-commit ruff format
|
2024-11-29 23:45:40 +01:00 |
|
|
|
99dc6e0abf
|
fix import
|
2024-11-28 23:46:48 +01:00 |
|
roondar
|
b9a3ad755a
|
fix: Not use binary string in subprocess command
|
2023-03-08 17:58:06 +01:00 |
|
Francois PINOT
|
c74cc3802b
|
Set errors=ignore in the decode method, to avoid utf-8 codec errors on filenames with non-ascii characters
|
2022-12-26 14:02:49 +01:00 |
|
htouvet
|
bc4b9811ed
|
migrate to Python3 (from alejeune)
|
2022-04-25 10:02:43 +02:00 |
|
Kévin Guérineau
|
d079b542be
|
comment DSSKey and add ed25519
|
2020-11-20 14:13:27 +01:00 |
|
Vincent MAUGER
|
82ca9dfa35
|
changement du path btrfs
|
2020-11-20 14:13:25 +01:00 |
|
htouvet
|
b082796a87
|
fix register_existingbackups
fix tmp gzip for pgsqldump
|
2018-02-09 09:55:33 +01:00 |
|
htouvet
|
1190eb4d9d
|
Take per section maximum_backup_age in account
|
2018-01-30 12:29:16 +01:00 |
|
ssamson-tis
|
0e3892b755
|
remove duplicate coe
|
2016-04-14 14:32:04 +02:00 |
|
ssamson-tis
|
ba022d64d3
|
Use new based theme on bootstrap
|
2015-07-03 16:18:48 +02:00 |
|
Jérémie Courrèges-Anglas
|
cde133eadd
|
str2bool is not only useful in backup_xva, make it avail. elsewhere.
|
2014-11-20 15:59:29 +01:00 |
|
ssamson-tis
|
f7056732f4
|
Possibilité de choisir les backups à exporter sur disque dur externe
|
2014-07-25 15:06:51 +02:00 |
|
ssamson-tis
|
bd05ae8f25
|
Fist commit
|
2013-05-23 10:19:43 +02:00 |
|
