If a host on the LAN has UrBackup client installed, and it has been discovered by UrBackup server, it knows server credentials (server_idents.txt).
Are those credentials enough to install a “rogue” UrBackup server and steal/backup files from other clients on the LAN?
Hi, details are described in the admin manual under Client Security…
http://urbackup.sourceforge.net/administration_manual.html#x1-110003.3
Basically the client will automatically accept the first server it sees, once it has connected to this server it will not be able to connect
to a 2nd server (ie “rogue” server). There are a couple of expections for running multiple servers or moving installs which the guide describes.
[quote=“bjharper”]the client will automatically accept the first server it sees, once it has connected to this server it will not be able to connect
to a 2nd server (ie “rogue” server).[/quote]
Why not?
“rogue” host learned server_ident.key content when its client was discovered by “legit” server. Now both server (“legit” and “rogue”) have the same server_ident.key.
Am I missing something?
Thanks
[quote=“superceu”]If a host on the LAN has UrBackup client installed, and it has been discovered by UrBackup server, it knows server credentials (server_idents.txt).
Are those credentials enough to install a “rogue” UrBackup server and steal/backup files from other clients on the LAN?[/quote]
Yes. I have fixed this now in 1.4 by adding additional public/private keys to the server, but this is currentyl being tested.
Great news! I’ll test 1.4
Okay. Just uploaded the version which includes this.