ExternalVendorCode/tahoe-lafs
1
0
Fork 0
mirror of https://github.com/tahoe-lafs/tahoe-lafs.git synced 2024-12-19 13:07:56 +00:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

link to Twisted ticket #4633

Browse Source
This commit is contained in:
Zooko Wilcox-O'Hearn 2014-07-22 05:16:04 +00:00
parent 99479226ed
commit 78503591d7
1 changed files with 10 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
docs/frontends/FTP-and-SFTP.rst
View File

@ -119,12 +119,16 @@ Exercise caution when connecting to the SFTP server remotely. The AES
implementation used by the SFTP code does not have defenses against timing
attacks. The code for encrypting the SFTP connection was not written by the
Tahoe-LAFS team, and we have not reviewed it as carefully as we have reviewed
the code for encrypting files and directories in Tahoe-LAFS itself. If you
can connect to the SFTP server (which is provided by the Tahoe-LAFS gateway)
only from a client on the same host, then you would be safe from any problem
with the SFTP connection security. The examples given below enforce this
policy by including ":interface=127.0.0.1" in the "port" option, which causes
the server to only accept connections from localhost.
the code for encrypting files and directories in Tahoe-LAFS itself. (See
`Twisted ticket #4633`_ for a possible fix to this issue.)
.. _Twisted ticket #4633: https://twistedmatrix.com/trac/ticket/4633
If you can connect to the SFTP server (which is provided by the Tahoe-LAFS
gateway) only from a client on the same host, then you would be safe from any
problem with the SFTP connection security. The examples given below enforce
this policy by including ":interface=127.0.0.1" in the "port" option, which
causes the server to only accept connections from localhost.
You will use directives in the tahoe.cfg file to tell the SFTP code where to
find these keys. To create one, use the ``ssh-keygen`` tool (which comes with