From owner-freebsd-questions Sat May 26 20:15:24 2001 Delivered-To: freebsd-questions@freebsd.org Received: from gscamnlm03.wr.usgs.gov (gscamnlm03.wr.usgs.gov [130.118.4.113]) by hub.freebsd.org (Postfix) with ESMTP id B1B2A37B424; Sat, 26 May 2001 20:15:04 -0700 (PDT) (envelope-from rsowders@usgs.gov) To: FreeBSD List , owner-freebsd-questions@FreeBSD.ORG Subject: Re: automating dump | ssh MIME-Version: 1.0 X-Mailer: Lotus Notes Release 5.0.7 March 21, 2001 From: "Robert L Sowders" Message-ID: Date: Sat, 26 May 2001 20:14:59 -0700 X-MIMETrack: Serialize by Router on gscamnlm03/SERVER/USGS/DOI(Release 5.0.7 |March 21, 2001) at 05/26/2001 08:15:03 PM, Serialize complete at 05/26/2001 08:15:03 PM Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Sorry forgot to post this back to the list, Sorry it don't work like that, your command will only output an empty file that way. Try this instead from the receiving machine, it works for me here. ( ssh CLIENT /sbin/dump 0af - /var ) | cat > /mnt/bigdrive/test.dump You can run the above from a command line or a script, To do this to tape try the following SERVER# (ssh CLIENT /sbin/dump 0af - / ) | dd of=/dev/rsa0 Instead of trying to use dump, I would upgrade the ports on the both machines to the newest version, then I would install the latest rsync. The reasons for this are numerous: rsync uses ssh by default for transfers, after the initial transfer it only sends deltas of changes to files so it speeds up the whole process to seconds instead of minutes, it's tons more easier to use, both in the backup and recovery. Just make sure the rsync port installed on both machines is the same version, to get the default ssh transfer protocol. If not you could use the -e flag to rsync to specify the transfer protocol of ssh ala -e ssh. I assume your dumping to a hard drive anyway, so why not just make a big mirror of your file system there. I back up a 4.5 gig web server every 2 minutes, no sweat, the actual backup lasts approximately 20 seconds, because it's only sending the parts of files that have changed since the last rsync. Also checkout http://www.cs.umd.edu/projects/amanda/index.html it is available in the ports. Blake Swensen Sent by: owner-freebsd-questions@FreeBSD.ORG 05/24/2001 11:41 AM Please respond to blake To: FreeBSD List cc: Subject: Re: automating dump | ssh Thanks for the help... the trouble that I was having is that the FBSD 3.5 ports had ssh2 and openssh. There is a difference between how the keys are handled. My receiving machine on FBSD 4.3 was using OPENSSH.. hence my frustration.... installed the openssh onto the sending machine and was able to connect without a password (with your kind aid, of course). Now the problem I am having is with the ssh -f "command". For instance, if I try: %cat ./etc/hosts | ssh -s -f receivinghost "cat > /mnt/bigdrive/test.txt" An empty test.txt is created but the command crashes with a broken pipe error. Obviously the same thing happens with dump like: dump -0af /var | ssh -2 -f receivinghost "cat > /mnt/bigdrive/test.dump" test.dump is created in the correct spot on receivinghost, but dump fails with a broken pipe error. I have included the ssh session details below (-v). The only other thing that I can think of is that there is some other port I need to forward on the firewall of the reciving host network. Any suggestions? Peace, Blake ssh session: ------------------------------------------------------------------- sendinghost% dump -0af - /var | ssh -2 -v -f receivinghost "cat > /mnt/backup/sendinghost.var" DUMP: Date of this level 0 dump: Thu May 24 08:48:17 2001 DUMP: Date of last level 0 dump: the epoch DUMP: Dumping /dev/rwd0s1e (/var) to standard output DUMP: SSH Version OpenSSH_2.2.0, protocol versions 1.5/2.0. mapping (Pass I) [regular files] Compiled with SSL (0x0090581f). debug: Reading configuration data /usr/local/etc/ssh_config debug: ssh_connect: getuid 0 geteuid 0 anon 0 debug: Connecting to receivinghost.domain.com [ip.addr] port 22. debug: Allocated local port 966. debug: Connection established. debug: Remote protocol version 1.99, remote software version OpenSSH_2.2.0 Enabling compatibility mode for protocol 2.0 debug: Local version string SSH-2.0-OpenSSH_2.2.0 debug: send KEXINIT debug: done debug: wait KEXINIT debug: got kexinit: diffie-hellman-group1-sha1 debug: got kexinit: ssh-dss debug: got kexinit: 3des-cbc,blowfish-cbc,arcfour,cast128-cbc debug: got kexinit: 3des-cbc,blowfish-cbc,arcfour,cast128-cbc debug: got kexinit: hmac-sha1,hmac-md5,hmac-ripemd160@openssh.com debug: got kexinit: hmac-sha1,hmac-md5,hmac-ripemd160@openssh.com debug: got kexinit: zlib,none debug: got kexinit: zlib,none debug: got kexinit: debug: got kexinit: debug: first kex follow: 0 debug: reserved: 0 debug: done debug: kex: server->client 3des-cbc hmac-sha1 none debug: kex: client->server 3des-cbc hmac-sha1 none debug: Sending SSH2_MSG_KEXDH_INIT. DUMP: mapping (Pass II) [directories] DUMP: estimated 17843 tape blocks. DUMP: dumping (Pass III) [directories] debug: bits set: 514/1024 debug: Wait SSH2_MSG_KEXDH_REPLY. debug: Got SSH2_MSG_KEXDH_REPLY. debug: Host 'receivinghost.domain.com' is known and matches the DSA host key. debug: bits set: 522/1024 debug: len 55 datafellows 0 debug: dsa_verify: signature correct debug: Wait SSH2_MSG_NEWKEYS. debug: GOT SSH2_MSG_NEWKEYS. debug: send SSH2_MSG_NEWKEYS. debug: done: send SSH2_MSG_NEWKEYS. debug: done: KEX2. debug: send SSH2_MSG_SERVICE_REQUEST debug: service_accept: ssh-userauth debug: got SSH2_MSG_SERVICE_ACCEPT debug: authentications that can continue: publickey,password debug: try pubkey: /root/.ssh/id_dsa debug: read DSA private key done debug: sig size 20 20 debug: ssh-userauth2 successfull debug: fd 4 setting O_NONBLOCK debug: fd 5 setting O_NONBLOCK debug: no set_nonblock for tty fd 6 debug: channel 0: new [client-session] debug: send channel open 0 debug: Entering interactive session. debug: callback start debug: client_init id 0 arg 0 debug: Sending command: cat > /mnt/backup/sendinghost.var debug: client_set_session_ident: id 0 debug: callback done debug: channel 0: open confirm rwindow 0 rmax 16384 debug: channel 0: rcvd adjust 32768 debug: channel 0: read<=0 rfd 4 len 0 debug: channel 0: read failed debug: channel 0: input open -> drain debug: channel 0: close_read debug: channel 0: input: no drain shortcut debug: channel 0: ibuf empty debug: channel 0: input drain -> closed debug: channel 0: send eof debug: callback start debug: client_input_channel_req: rtype exit-status reply 0 debug: callback done debug: channel 0: rcvd eof debug: channel 0: output open -> drain debug: channel 0: rcvd close debug: channel 0: obuf empty debug: channel 0: output drain -> closed debug: channel 0: close_write debug: channel 0: send close debug: channel 0: full closed2 debug: channel_free: channel 0: status: The following connections are open: #0 client-session (t4 r0 i8/0 o128/0 fd -1/-1) debug: !channel_still_open. debug: Transferred: stdin 0, stdout 0, stderr 0 bytes in 0.4 seconds debug: Bytes per second: stdin 0.0, stdout 0.0, stderr 0.0 debug: Exit status 0 DUMP: Broken pipe DUMP: The ENTIRE dump is aborted. Robert L Sowders wrote: > Assuming you want to dump as root try the following, I did this to setup > cron'd rsync mirror, should work for dump. > > You have to make the keys without passphrases ( not real secure ) and then > move the .pub files to the receiving machine changing the name to > authorized_keys(2). The key is one long line so don't open it up on > windows with anything. Just move with scp. > > Step by step for ssh version 1 > > 1. Turn on root logins in /etc/sshd_config on receiving machine > 2. Generate key with ssh_keygen , on sending machine, leave passphrase > blank. > 3. if exists in receiver empty authorized_keys of sending machine > 4. if exists in receiver empty known_hosts of sending machine > 5. connect once from receiving machine to sending machine to establish > corrected line in known_hosts > 6. scp /root/.ssh/identity.pub > name_of_receiving_machine:.ssh/authorized_keys > 7. Try the connection with ssh -v name_of_receiving_machine > > Step by step for ssh version 2 > > 1. Turn on root logins in /etc/sshd_config on receiving machine > 2. Generate key with ssh_keygen -d, on sending machine, leave passphrase > blank. > 3. if exists in receiver empty authorized_keys2 of send machine > 4. if exists in receiver empty known_hosts2 of sending machine > 5. connect once from receiving machine to sending machine to establish > corrected line in known_hosts2 > 6. scp /root/.ssh/id_dsa.pub > name_of_receiving_machine:.ssh/authorized_keys2 > 7. Try the connection with ssh -v -2 name_of_receiving_machine > > After the initial authorized_keys(2) files are made and subsequent > additions should scp the .pub files to the receiving machine and then > append them onto the end of the file like this, cat new_file >> > authorized_keys > > >From the man page: > SSH 2 provides additional mechanisms for confidentiality (the traffic is > encrypted using 3DES, Blowfish, CAST128 or Arcfour) and integrity > (hmac-sha1, hmac-md5). Note that SSH 1 lacks a strong mechanism for > ensuring the integrity of the connection. > > Step 5 is probably optional. I usually swap the .pub files both ways > between machines just so I don't get them mixed up. > > Hope this helps. > > Blake Swensen > Sent by: owner-freebsd-questions@FreeBSD.ORG > 05/09/2001 02:20 PM > > > To: lucas@slb.to > cc: freebsd-questions@freebsd.org > Subject: Re: automating dump | ssh > > Yeah... > > That's the same thing that I thought. After generating the keys, > placing them in the appropriate directories on both systems, and setting > the appropriate flags in ssh2_config... > > The manual says (please note the big "not yet implemented" notes!): > PasswordAuthentication > Specifies whether to use password authentication. > The argument must be "yes" or "no". (not yet > implemented) > > RHostsAuthentication > Specifies whether to try rhosts based authentica- > tion. Note that this declaration only affects the > client side and has no effect whatsoever on secu- > rity. Disabling rhosts authentication may reduce > authentication time on slow connections when rhosts > authentication is not used. Most servers do not > permit RhostsAuthentication because it is not > secure (see RhostsRSAAuthentication). The argument > must be "yes" or "no". (not yet implemented) > > FreeBSD 4.0-RELEASE > SSH Version OpenSSH-1.2.2, protocol version 1.5. > Compiled with SSL. > > Any other ideas? > > Peace, > Blake > > Lucas Bergman wrote: > > > > Anyone know how to supply the password to ssh in order to automate > > > x-network dump? > > > > > > Like > > > dump -0af - /filesystem | ssh -f another-machine "cat > > > > /path/to/dump/file" < password_file > > > > > > which doesn't work, btw, but you get the idea. > > > > Set up ssh so you don't need a password: > > > > man ssh-keygen > > man ssh > > > > Lucas > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message