Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 26 May 2001 20:14:59 -0700
From:      "Robert L Sowders" <rsowders@usgs.gov>
To:        FreeBSD List <freebsd-questions@freebsd.org>, owner-freebsd-questions@FreeBSD.ORG
Subject:   Re: automating dump | ssh
Message-ID:  <OF87D34C0D.D6D2B355-ON88256A59.000ED51A@wr.usgs.gov>

next in thread | raw e-mail | index | archive | help
Sorry forgot to post this back to the list,


Sorry it don't work like that,

your command will only output an empty file that way.
Try this instead from the receiving machine, it works for me here.
( ssh CLIENT  /sbin/dump 0af - /var ) | cat > /mnt/bigdrive/test.dump
You can run the above from a command line or a script,  To do this to tape 
 try the following
SERVER# (ssh CLIENT /sbin/dump 0af  - / ) | dd of=/dev/rsa0

Instead of trying to use dump, I would upgrade the ports on the both 
machines to the newest version, then I would install the latest rsync. The 
reasons for this are numerous:  rsync uses ssh by default for transfers, 
after the initial transfer it only sends deltas of changes to files so it 
speeds up the whole process to seconds instead of minutes, it's tons more 
easier to use, both in the backup and recovery. 

Just make sure the rsync port installed on both machines is the same 
version, to get the default ssh transfer protocol.  If not you could use 
the -e flag to rsync to specify the transfer protocol of ssh ala -e ssh.

I assume your dumping to a hard drive anyway, so why not just make a big 
mirror of your file system there.  I back up a 4.5 gig web server every 2 
minutes, no sweat, the actual backup lasts approximately 20 seconds, 
because it's only sending the parts of files that have changed since the 
last rsync.

Also checkout http://www.cs.umd.edu/projects/amanda/index.html it is available in the ports.






Blake Swensen <blake@pyramus.com>
Sent by: owner-freebsd-questions@FreeBSD.ORG
05/24/2001 11:41 AM
Please respond to blake

 
        To:     FreeBSD List <freebsd-questions@freebsd.org>
        cc: 
        Subject:        Re: automating dump | ssh

Thanks for the help... the trouble that I was having is that the FBSD
3.5
ports had ssh2 and openssh.  There is a difference between how the keys
are
handled.  My receiving machine on FBSD 4.3 was using OPENSSH.. hence my
frustration.... installed the openssh onto the sending machine and was
able
to connect without a password (with your kind aid, of course).

Now the problem I am having is with the ssh -f  "command".  For
instance, if
I try:

%cat ./etc/hosts | ssh -s -f receivinghost "cat >
/mnt/bigdrive/test.txt"

An empty test.txt is created but the command crashes with a broken pipe
error.  Obviously the same thing happens with dump like:

dump -0af /var | ssh -2 -f receivinghost "cat > /mnt/bigdrive/test.dump"

test.dump is created in the correct spot on receivinghost, but dump
fails
with a broken pipe error.

I have included the ssh session details below (-v).  The only other
thing
that I can think of is that there is some other port I need to forward
on the
firewall of the reciving host network. Any suggestions?

Peace,
Blake

ssh session:
-------------------------------------------------------------------
sendinghost% dump -0af - /var | ssh -2 -v -f receivinghost "cat >
/mnt/backup/sendinghost.var"
  DUMP: Date of this level 0 dump: Thu May 24 08:48:17 2001
  DUMP: Date of last level 0 dump: the epoch
  DUMP: Dumping /dev/rwd0s1e (/var) to standard output
  DUMP: SSH Version OpenSSH_2.2.0, protocol versions 1.5/2.0.
mapping (Pass I) [regular files]
Compiled with SSL (0x0090581f).
debug: Reading configuration data /usr/local/etc/ssh_config
debug: ssh_connect: getuid 0 geteuid 0 anon 0
debug: Connecting to receivinghost.domain.com [ip.addr] port 22.
debug: Allocated local port 966.
debug: Connection established.
debug: Remote protocol version 1.99, remote software version
OpenSSH_2.2.0
Enabling compatibility mode for protocol 2.0
debug: Local version string SSH-2.0-OpenSSH_2.2.0
debug: send KEXINIT
debug: done
debug: wait KEXINIT
debug: got kexinit: diffie-hellman-group1-sha1
debug: got kexinit: ssh-dss
debug: got kexinit: 3des-cbc,blowfish-cbc,arcfour,cast128-cbc
debug: got kexinit: 3des-cbc,blowfish-cbc,arcfour,cast128-cbc
debug: got kexinit: hmac-sha1,hmac-md5,hmac-ripemd160@openssh.com
debug: got kexinit: hmac-sha1,hmac-md5,hmac-ripemd160@openssh.com
debug: got kexinit: zlib,none
debug: got kexinit: zlib,none
debug: got kexinit:
debug: got kexinit:
debug: first kex follow: 0
debug: reserved: 0
debug: done
debug: kex: server->client 3des-cbc hmac-sha1 none
debug: kex: client->server 3des-cbc hmac-sha1 none
debug: Sending SSH2_MSG_KEXDH_INIT.
  DUMP: mapping (Pass II) [directories]
  DUMP: estimated 17843 tape blocks.
  DUMP: dumping (Pass III) [directories]
debug: bits set: 514/1024
debug: Wait SSH2_MSG_KEXDH_REPLY.
debug: Got SSH2_MSG_KEXDH_REPLY.
debug: Host 'receivinghost.domain.com' is known and matches the DSA host
key.

debug: bits set: 522/1024
debug: len 55 datafellows 0
debug: dsa_verify: signature correct
debug: Wait SSH2_MSG_NEWKEYS.
debug: GOT SSH2_MSG_NEWKEYS.
debug: send SSH2_MSG_NEWKEYS.
debug: done: send SSH2_MSG_NEWKEYS.
debug: done: KEX2.
debug: send SSH2_MSG_SERVICE_REQUEST
debug: service_accept: ssh-userauth
debug: got SSH2_MSG_SERVICE_ACCEPT
debug: authentications that can continue: publickey,password
debug: try pubkey: /root/.ssh/id_dsa
debug: read DSA private key done
debug: sig size 20 20
debug: ssh-userauth2 successfull
debug: fd 4 setting O_NONBLOCK
debug: fd 5 setting O_NONBLOCK
debug: no set_nonblock for tty fd 6
debug: channel 0: new [client-session]
debug: send channel open 0
debug: Entering interactive session.
debug: callback start
debug: client_init id 0 arg 0
debug: Sending command: cat > /mnt/backup/sendinghost.var
debug: client_set_session_ident: id 0
debug: callback done
debug: channel 0: open confirm rwindow 0 rmax 16384
debug: channel 0: rcvd adjust 32768
debug: channel 0: read<=0 rfd 4 len 0
debug: channel 0: read failed
debug: channel 0: input open -> drain
debug: channel 0: close_read
debug: channel 0: input: no drain shortcut
debug: channel 0: ibuf empty
debug: channel 0: input drain -> closed
debug: channel 0: send eof
debug: callback start
debug: client_input_channel_req: rtype exit-status reply 0
debug: callback done
debug: channel 0: rcvd eof
debug: channel 0: output open -> drain
debug: channel 0: rcvd close
debug: channel 0: obuf empty
debug: channel 0: output drain -> closed
debug: channel 0: close_write
debug: channel 0: send close
debug: channel 0: full closed2
debug: channel_free: channel 0: status: The following connections are
open:
  #0 client-session (t4 r0 i8/0 o128/0 fd -1/-1)

debug: !channel_still_open.
debug: Transferred: stdin 0, stdout 0, stderr 0 bytes in 0.4 seconds
debug: Bytes per second: stdin 0.0, stdout 0.0, stderr 0.0
debug: Exit status 0
  DUMP: Broken pipe
  DUMP: The ENTIRE dump is aborted.


Robert L Sowders wrote:

> Assuming you want to dump as root try the following, I did this to setup
> cron'd rsync mirror, should work for dump.
>
> You have to make the keys without passphrases ( not real secure ) and 
then
> move the .pub files to the receiving machine changing the name to
> authorized_keys(2).  The key is one long line so don't open it up on
> windows with anything.  Just move with scp.
>
> Step by step for ssh version 1
>
> 1.  Turn on root logins in /etc/sshd_config on receiving machine
> 2.  Generate key with ssh_keygen , on sending machine, leave passphrase
> blank.
> 3.  if exists in receiver empty authorized_keys of sending machine
> 4.  if exists in receiver empty known_hosts of sending machine
> 5.  connect once from receiving machine to sending machine to establish
> corrected line in known_hosts
> 6.  scp /root/.ssh/identity.pub
> name_of_receiving_machine:.ssh/authorized_keys
> 7.  Try the connection with ssh -v name_of_receiving_machine
>
> Step by step for ssh version 2
>
> 1.  Turn on root logins in /etc/sshd_config on receiving machine
> 2.  Generate key with ssh_keygen -d, on sending machine, leave 
passphrase
> blank.
> 3.  if exists in receiver empty authorized_keys2 of send machine
> 4.  if exists in receiver empty known_hosts2 of sending machine
> 5.  connect once from receiving machine to sending machine to establish
> corrected line in known_hosts2
> 6.  scp /root/.ssh/id_dsa.pub
> name_of_receiving_machine:.ssh/authorized_keys2
> 7.  Try the connection with ssh -v -2 name_of_receiving_machine
>
> After the initial authorized_keys(2) files are made and subsequent
> additions should scp the .pub files to the receiving machine and then
> append them onto the end of the file like this, cat new_file >>
> authorized_keys
>
> >From the man page:
> SSH 2 provides additional mechanisms for confidentiality (the traffic is
> encrypted using 3DES, Blowfish, CAST128 or Arcfour) and integrity
> (hmac-sha1, hmac-md5).  Note that SSH 1 lacks a strong mechanism for
> ensuring the integrity of the connection.
>
> Step 5 is probably optional.  I usually swap the .pub files both ways
> between machines just so I don't get them mixed up.
>
> Hope this helps.
>
> Blake Swensen <blake@pyramus.com>
> Sent by: owner-freebsd-questions@FreeBSD.ORG
> 05/09/2001 02:20 PM
>
>
>         To:     lucas@slb.to
>         cc:     freebsd-questions@freebsd.org
>         Subject:        Re: automating dump | ssh
>
> Yeah...
>
> That's the same thing that I thought.  After generating the keys,
> placing them in the appropriate directories on both systems, and setting
> the appropriate flags in ssh2_config...
>
> The manual says (please note the big "not yet implemented" notes!):
>       PasswordAuthentication
>               Specifies whether to use  password  authentication.
>               The  argument  must  be  "yes"  or  "no".  (not yet
>               implemented)
>
>        RHostsAuthentication
>               Specifies whether to try rhosts  based  authentica-
>               tion.   Note that this declaration only affects the
>               client side and has no effect whatsoever  on  secu-
>               rity.   Disabling  rhosts authentication may reduce
>               authentication time on slow connections when rhosts
>               authentication  is  not  used.  Most servers do not
>               permit  RhostsAuthentication  because  it  is   not
>               secure (see RhostsRSAAuthentication).  The argument
>               must be "yes" or "no".  (not yet implemented)
>
> FreeBSD 4.0-RELEASE
> SSH Version OpenSSH-1.2.2, protocol version 1.5.
> Compiled with SSL.
>
> Any other ideas?
>
> Peace,
> Blake
>
> Lucas Bergman wrote:
>
> > > Anyone know how to supply the password to ssh in order to automate
> > > x-network dump?
> > >
> > > Like
> > > dump -0af - /filesystem | ssh -f another-machine "cat >
> > > /path/to/dump/file" < password_file
> > >
> > > which doesn't work, btw, but you get the idea.
> >
> > Set up ssh so you don't need a password:
> >
> >   man ssh-keygen
> >   man ssh
> >
> > Lucas
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-questions" in the body of the message

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?OF87D34C0D.D6D2B355-ON88256A59.000ED51A>