Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 24 May 2001 11:41:51 -0700
From:      Blake Swensen <blake@pyramus.com>
To:        FreeBSD List <freebsd-questions@freebsd.org>
Subject:   Re: automating dump | ssh
Message-ID:  <3B0D55EF.256722E4@pyramus.com>
References:  <OF1F4A4187.6BC526D4-ON88256A48.00044280@wr.usgs.gov>

next in thread | previous in thread | raw e-mail | index | archive | help
Thanks for the help... the trouble that I was having is that the FBSD
3.5
ports had ssh2 and openssh.  There is a difference between how the keys
are
handled.  My receiving machine on FBSD 4.3 was using OPENSSH.. hence my
frustration.... installed the openssh onto the sending machine and was
able
to connect without a password (with your kind aid, of course).

Now the problem I am having is with the ssh -f  "command".  For
instance, if
I try:

%cat ./etc/hosts | ssh -s -f receivinghost "cat >
/mnt/bigdrive/test.txt"

An empty test.txt is created but the command crashes with a broken pipe
error.  Obviously the same thing happens with dump like:

dump -0af /var | ssh -2 -f receivinghost "cat > /mnt/bigdrive/test.dump"

test.dump is created in the correct spot on receivinghost, but dump
fails
with a broken pipe error.

I have included the ssh session details below (-v).  The only other
thing
that I can think of is that there is some other port I need to forward
on the
firewall of the reciving host network. Any suggestions?

Peace,
Blake

ssh session:
-------------------------------------------------------------------
sendinghost% dump -0af - /var | ssh -2 -v -f receivinghost "cat >
/mnt/backup/sendinghost.var"
  DUMP: Date of this level 0 dump: Thu May 24 08:48:17 2001
  DUMP: Date of last level 0 dump: the epoch
  DUMP: Dumping /dev/rwd0s1e (/var) to standard output
  DUMP: SSH Version OpenSSH_2.2.0, protocol versions 1.5/2.0.
mapping (Pass I) [regular files]
Compiled with SSL (0x0090581f).
debug: Reading configuration data /usr/local/etc/ssh_config
debug: ssh_connect: getuid 0 geteuid 0 anon 0
debug: Connecting to receivinghost.domain.com [ip.addr] port 22.
debug: Allocated local port 966.
debug: Connection established.
debug: Remote protocol version 1.99, remote software version
OpenSSH_2.2.0
Enabling compatibility mode for protocol 2.0
debug: Local version string SSH-2.0-OpenSSH_2.2.0
debug: send KEXINIT
debug: done
debug: wait KEXINIT
debug: got kexinit: diffie-hellman-group1-sha1
debug: got kexinit: ssh-dss
debug: got kexinit: 3des-cbc,blowfish-cbc,arcfour,cast128-cbc
debug: got kexinit: 3des-cbc,blowfish-cbc,arcfour,cast128-cbc
debug: got kexinit: hmac-sha1,hmac-md5,hmac-ripemd160@openssh.com
debug: got kexinit: hmac-sha1,hmac-md5,hmac-ripemd160@openssh.com
debug: got kexinit: zlib,none
debug: got kexinit: zlib,none
debug: got kexinit:
debug: got kexinit:
debug: first kex follow: 0
debug: reserved: 0
debug: done
debug: kex: server->client 3des-cbc hmac-sha1 none
debug: kex: client->server 3des-cbc hmac-sha1 none
debug: Sending SSH2_MSG_KEXDH_INIT.
  DUMP: mapping (Pass II) [directories]
  DUMP: estimated 17843 tape blocks.
  DUMP: dumping (Pass III) [directories]
debug: bits set: 514/1024
debug: Wait SSH2_MSG_KEXDH_REPLY.
debug: Got SSH2_MSG_KEXDH_REPLY.
debug: Host 'receivinghost.domain.com' is known and matches the DSA host
key.

debug: bits set: 522/1024
debug: len 55 datafellows 0
debug: dsa_verify: signature correct
debug: Wait SSH2_MSG_NEWKEYS.
debug: GOT SSH2_MSG_NEWKEYS.
debug: send SSH2_MSG_NEWKEYS.
debug: done: send SSH2_MSG_NEWKEYS.
debug: done: KEX2.
debug: send SSH2_MSG_SERVICE_REQUEST
debug: service_accept: ssh-userauth
debug: got SSH2_MSG_SERVICE_ACCEPT
debug: authentications that can continue: publickey,password
debug: try pubkey: /root/.ssh/id_dsa
debug: read DSA private key done
debug: sig size 20 20
debug: ssh-userauth2 successfull
debug: fd 4 setting O_NONBLOCK
debug: fd 5 setting O_NONBLOCK
debug: no set_nonblock for tty fd 6
debug: channel 0: new [client-session]
debug: send channel open 0
debug: Entering interactive session.
debug: callback start
debug: client_init id 0 arg 0
debug: Sending command: cat > /mnt/backup/sendinghost.var
debug: client_set_session_ident: id 0
debug: callback done
debug: channel 0: open confirm rwindow 0 rmax 16384
debug: channel 0: rcvd adjust 32768
debug: channel 0: read<=0 rfd 4 len 0
debug: channel 0: read failed
debug: channel 0: input open -> drain
debug: channel 0: close_read
debug: channel 0: input: no drain shortcut
debug: channel 0: ibuf empty
debug: channel 0: input drain -> closed
debug: channel 0: send eof
debug: callback start
debug: client_input_channel_req: rtype exit-status reply 0
debug: callback done
debug: channel 0: rcvd eof
debug: channel 0: output open -> drain
debug: channel 0: rcvd close
debug: channel 0: obuf empty
debug: channel 0: output drain -> closed
debug: channel 0: close_write
debug: channel 0: send close
debug: channel 0: full closed2
debug: channel_free: channel 0: status: The following connections are
open:
  #0 client-session (t4 r0 i8/0 o128/0 fd -1/-1)

debug: !channel_still_open.
debug: Transferred: stdin 0, stdout 0, stderr 0 bytes in 0.4 seconds
debug: Bytes per second: stdin 0.0, stdout 0.0, stderr 0.0
debug: Exit status 0
  DUMP: Broken pipe
  DUMP: The ENTIRE dump is aborted.


Robert L Sowders wrote:

> Assuming you want to dump as root try the following, I did this to setup
> cron'd rsync mirror, should work for dump.
>
> You have to make the keys without passphrases ( not real secure ) and then
> move the .pub files to the receiving machine changing the name to
> authorized_keys(2).  The key is one long line so don't open it up on
> windows with anything.  Just move with scp.
>
> Step by step for ssh version 1
>
> 1.  Turn on root logins in /etc/sshd_config on receiving machine
> 2.  Generate key with ssh_keygen , on sending machine, leave passphrase
> blank.
> 3.  if exists in receiver empty authorized_keys of sending machine
> 4.  if exists in receiver empty known_hosts of sending machine
> 5.  connect once from receiving machine to sending machine to establish
> corrected line in known_hosts
> 6.  scp /root/.ssh/identity.pub
> name_of_receiving_machine:.ssh/authorized_keys
> 7.  Try the connection with ssh -v name_of_receiving_machine
>
> Step by step for ssh version 2
>
> 1.  Turn on root logins in /etc/sshd_config on receiving machine
> 2.  Generate key with ssh_keygen -d, on sending machine, leave passphrase
> blank.
> 3.  if exists in receiver empty authorized_keys2 of send machine
> 4.  if exists in receiver empty known_hosts2 of sending machine
> 5.  connect once from receiving machine to sending machine to establish
> corrected line in known_hosts2
> 6.  scp /root/.ssh/id_dsa.pub
> name_of_receiving_machine:.ssh/authorized_keys2
> 7.  Try the connection with ssh -v -2 name_of_receiving_machine
>
> After the initial authorized_keys(2) files are made and subsequent
> additions should scp the .pub files to the receiving machine and then
> append them onto the end of the file like this, cat new_file >>
> authorized_keys
>
> >From the man page:
> SSH 2 provides additional mechanisms for confidentiality (the traffic is
> encrypted using 3DES, Blowfish, CAST128 or Arcfour) and integrity
> (hmac-sha1, hmac-md5).  Note that SSH 1 lacks a strong mechanism for
> ensuring the integrity of the connection.
>
> Step 5 is probably optional.  I usually swap the .pub files both ways
> between machines just so I don't get them mixed up.
>
> Hope this helps.
>
> Blake Swensen <blake@pyramus.com>
> Sent by: owner-freebsd-questions@FreeBSD.ORG
> 05/09/2001 02:20 PM
>
>
>         To:     lucas@slb.to
>         cc:     freebsd-questions@freebsd.org
>         Subject:        Re: automating dump | ssh
>
> Yeah...
>
> That's the same thing that I thought.  After generating the keys,
> placing them in the appropriate directories on both systems, and setting
> the appropriate flags in ssh2_config...
>
> The manual says (please note the big "not yet implemented" notes!):
>       PasswordAuthentication
>               Specifies whether to use  password  authentication.
>               The  argument  must  be  "yes"  or  "no".  (not yet
>               implemented)
>
>        RHostsAuthentication
>               Specifies whether to try rhosts  based  authentica-
>               tion.   Note that this declaration only affects the
>               client side and has no effect whatsoever  on  secu-
>               rity.   Disabling  rhosts authentication may reduce
>               authentication time on slow connections when rhosts
>               authentication  is  not  used.  Most servers do not
>               permit  RhostsAuthentication  because  it  is   not
>               secure (see RhostsRSAAuthentication).  The argument
>               must be "yes" or "no".  (not yet implemented)
>
> FreeBSD 4.0-RELEASE
> SSH Version OpenSSH-1.2.2, protocol version 1.5.
> Compiled with SSL.
>
> Any other ideas?
>
> Peace,
> Blake
>
> Lucas Bergman wrote:
>
> > > Anyone know how to supply the password to ssh in order to automate
> > > x-network dump?
> > >
> > > Like
> > > dump -0af - /filesystem | ssh -f another-machine "cat >
> > > /path/to/dump/file" < password_file
> > >
> > > which doesn't work, btw, but you get the idea.
> >
> > Set up ssh so you don't need a password:
> >
> >   man ssh-keygen
> >   man ssh
> >
> > Lucas
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-questions" in the body of the message

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3B0D55EF.256722E4>