I have one question regarding rclone security when using hubic storage.
I didn't find an exact answer after doing some searching in rclone doc and forum, in the offical hubic doc, or by using the -vv (super verbose) parameter.
I installed rclone 1.52.0 on Windows 10. I setup an hubic connection with default options and autoconfigure as indicated in the rclone doc. It's working fine and I'm able to manage my remote storage.
Now I have some basic question regarding security of the connection in order to avoid a "man in the middle" interception.
1- When rclone first requested the hubic token, was the connection secured (for ex tls, https or ssh) from beginning to end ? It seems to be the case since the URL used in browser to grant access to hubic was in https; but Firefox told me that some part of the page were not protected by https so I'm not 100% sure.
2- When rclone connects to hubic and sends its credentials, is the connection also secured ? Or are the credentials sent in visible format ?
3- When rclone is sending files to hubic, is the connection also encrypted as it is when using the official hubic client ? Or should I add a protected tunnel (such as ssh) by myself ?
Many thanks for your answer.
What is your rclone version (output from rclone version)
1.52.0
Which OS you are using and how many bits (eg Windows 7, 64 bit)
Windows 10 64 bit
Which cloud storage system are you using? (eg Google Drive)
Hubic
The command you were trying to run (eg rclone copy /tmp remote:tmp)
I tested with below command :
``lsd -vv --dump headers MYREMOTE:
I pasted below the debug result I got.
Unless I'm mistaken, I see only HTTP requests, not HTTPS.
Am I wrongly interpretating the debut output or is there a missing security parameter that I should configure somewhere ?
Thanks for your feedback.
DEBUG OUTPUT :
2020/06/22 07:46:49 DEBUG : You have specified to dump information. Please be noted that the Accept-Encoding as shown may not be correct in the request and the response may not show Content-Encoding if the go standard libraries auto gzip encoding was in effect. In this case the body of the request will be gunzipped before showing it.
2020/06/22 07:46:49 DEBUG : >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
2020/06/22 07:46:49 DEBUG : HTTP REQUEST (req xxxxxxxxxxxx)
2020/06/22 07:46:49 DEBUG : GET /1.0/account/credentials HTTP/1.1
Host: api.hubic.com
User-Agent: rclone/v1.52.0
Authorization: XXXXXXXXXXXXXXX
Accept-Encoding: gzip
2020/06/22 07:46:49 DEBUG : >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
2020/06/22 07:46:50 DEBUG : <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
2020/06/22 07:46:50 DEBUG : HTTP RESPONSE (req xxxxxxxxxxxx)
2020/06/22 07:46:50 DEBUG : HTTP/1.1 200 OK
Transfer-Encoding: chunked
Access-Control-Allow-Origin: *
Cache-Control: private
Content-Type: application/json; charset=utf8
Date: Mon, 22 Jun 2020 05:46:49 GMT
Server: nginx/1.4.7
Set-Cookie: SERVERID403=xxxxxxxx|xxxxx|xxxxx; path=/
Strict-Transport-Security: max-age=xxxxxxxx
X-Iplb-Instance: xxxxx
2020/06/22 07:46:50 DEBUG : <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
2020/06/22 07:46:50 DEBUG : Hubic: Got swift credentials (expiry 2020-06-23 07:29:22 +0200 CEST in 23h42m31.9137101s)
2020/06/22 07:46:50 DEBUG : >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
2020/06/22 07:46:50 DEBUG : HTTP REQUEST (req xxxxxxxxxxxx)
2020/06/22 07:46:50 DEBUG : GET /v1/AUTH_xxxxxxxxxxxx?format=json&limit=xxxxx HTTP/1.1
Host: xxxxxx.hubic.ovh.net
User-Agent: rclone/v1.52.0
X-Auth-Token: XXXXXXXXX
Accept-Encoding: gzip
2020/06/22 07:46:50 DEBUG : >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
2020/06/22 07:46:50 DEBUG : <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
2020/06/22 07:46:50 DEBUG : HTTP RESPONSE (req xxxxxxxxxxxx)
2020/06/22 07:46:50 DEBUG : HTTP/1.1 200 OK
Content-Length: xxxxx
Accept-Ranges: bytes
Content-Type: application/json; charset=utf-8
Date: Mon, 22 Jun 2020 05:46:50 GMT
X-Account-Bytes-Used: xxxxxxxxxxxxx
X-Account-Container-Count: xx
X-Account-Meta-Quota: xxxxxxxxxxxx
X-Account-Meta-Temp-Url-Key: xxxxxxxxxxxx
X-Account-Object-Count: xxxxx
X-Account-Storage-Policy-Policy-1-Bytes-Used: xxxxxxxxxxxxx
X-Account-Storage-Policy-Policy-1-Container-Count: xx
X-Account-Storage-Policy-Policy-1-Object-Count: xxxxx
X-Iplb-Instance: xxxxx
X-Openstack-Request-Id: xxxxxxxxxxxx-xxxxxxxx
X-Timestamp: xxxxxxxxxxxx.xxxxx
X-Trans-Id: xxxxxxxxxxxx-xxxxxxxx
2020/06/22 07:46:50 DEBUG : <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<