Is this port forwarding or something else - SSH

This is a discussion on Is this port forwarding or something else - SSH ; I have a tricky problem... at least to me it seems complicated. I want to run an rsnapshot backup from one remote host to another. Rsnapshot uses ssh for networking and has allowance for passing commands to ssh in its ...

+ Reply to Thread
Results 1 to 5 of 5

Thread: Is this port forwarding or something else

  1. Is this port forwarding or something else

    I have a tricky problem... at least to me it seems complicated.
    I want to run an rsnapshot backup from one remote host to another.
    Rsnapshot uses ssh for networking and has allowance for passing
    commands to ssh in its conf file.

    In order for this to work, a password has to be given at some point.
    If ssh-agent is setup and used to avoid a password still a password or
    phrase is needed at some time to start the agent and ssh-add your
    key.

    If both machines are remote how can this be managed from the local
    machine?

    I mean, I can setup a forwarded port and talk to the second remote as
    if from remote1 with something like:

    ssh -L 2219:rhost2:22 rhost1
    then in rsnapshot config.
    ssh -p 2219 [rhost2 will be stipulated in rsnapshot.conf]

    And if I've setup authorized_keys all around. There will be no login
    prompt, using the ssh-agent on localhost.

    But then of course the backup data would come to localhost, and it
    needs to go to rhost1

    So I'm drawing a blank in man ssh as to syntax to get an rsnaphot
    backup run between rhost1 and rhost2 using the ssh-agent on locahost?

    All these machinations are coming up because I can't think of a way to
    automate rsnaphsot backups between rhost1 and rhost2 without having to
    login on rhost1 to either run the command or start the ssh-agent and
    add the necessary key with ssh-add so a cron job can access the
    socket.

    I have user privs on rhost1 and rhost2 but root on localhost.
    Things could be automated from localhost since I have the agent setup
    when X starts. That is, on locahost the ENV variables can always be
    acessed by scripting thru cron, since the agent is running and has had
    my key added. The socket is available.

    So to get to it, is it possible to tell ssh to setup a three way
    tunnel and move data from rhost2 to rhost1 using ssh-agent from
    localhost? If so does anyone have a stab examples of the requred
    syntax?

  2. Re: Is this port forwarding or something else

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    reader@newsguy.com writes:

    >All these machinations are coming up because I can't think of a way to
    >automate rsnaphsot backups between rhost1 and rhost2 without having to
    >login on rhost1 to either run the command or start the ssh-agent and
    >add the necessary key with ssh-add so a cron job can access the
    >socket.


    Why not:

    run ssh-agent on your local machine, and add a key there.

    ssh into rhost1, using agent forwarding.
    from there, run the remote command on rhost2

    The agent forwarding should handle your problem for you.

    >I have user privs on rhost1 and rhost2 but root on localhost.


    This does depend on agent-forwarding being allowed by sshd on rhost1.

    Another possibility is to use host-based authentication between
    rhost1 and rhost2. That's what I plan to do if I ever get around to
    automating my backups. This depends on sshd allowing host-based.

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.2 (SunOS)

    iD8DBQFD9zxevmGe70vHPUMRAtEuAJ9lbUcxT1tAf9VVX9k7V4 aKVMjfEwCeP1RJ
    m+qNQkhUG/K2tSZixytdSOo=
    =tAds
    -----END PGP SIGNATURE-----


  3. Re: Is this port forwarding or something else

    Neil W Rickert writes:

    >>All these machinations are coming up because I can't think of a way to
    >>automate rsnaphsot backups between rhost1 and rhost2 without having to
    >>login on rhost1 to either run the command or start the ssh-agent and
    >>add the necessary key with ssh-add so a cron job can access the
    >>socket.

    >
    > Why not:
    >
    > run ssh-agent on your local machine, and add a key there.
    >
    > ssh into rhost1, using agent forwarding.
    > from there, run the remote command on rhost2


    I guess it wasn't clear in OP that I want this automated.

    >> I have user privs on rhost1 and rhost2 but root on localhost.


    > This does depend on agent-forwarding being allowed by sshd on rhost1.


    All subject hosts allow it.

    > Another possibility is to use host-based authentication between
    > rhost1 and rhost2. That's what I plan to do if I ever get around to
    > automating my backups. This depends on sshd allowing host-based.


    What do you mean above? Is it something that requres root on remotes?
    Is it something you setup once and it can run unattended (from cron).

  4. Re: Is this port forwarding or something else

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    reader@newsguy.com writes:
    >Neil W Rickert writes:


    >> Another possibility is to use host-based authentication between
    >> rhost1 and rhost2. That's what I plan to do if I ever get around to
    >> automating my backups. This depends on sshd allowing host-based.


    >What do you mean above? Is it something that requres root on remotes?
    >Is it something you setup once and it can run unattended (from cron).


    I'll assume openssh for ease of discussion.

    You will need "sshd_config" to allow host based authentication. That's
    the only part that requires root access.

    You also need ssh_config to allow host-based. But you can set this
    in $HOME/.ssh/config . The host key of each of "rhost1" and "rhost2"
    needs to be in $HOME/.ssh/known_hosts on both systems. You also need
    an entry in $HOME/.shosts on rhost1 to allow access from rhost2 and
    on rhost2 to allow access from rhost1.

    You might need to experiment a little to get the hostname that
    each knows the other by. Once setup, it should work smoothly.

    Relevant entries from my "sshd_config"

    # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
    RhostsRSAAuthentication yes
    # similar for protocol version 2
    HostbasedAuthentication yes
    # Change to yes if you don't trust ~/.ssh/known_hosts for
    # RhostsRSAAuthentication and HostbasedAuthentication
    #IgnoreUserKnownHosts no
    # Don't read the user's ~/.rhosts and ~/.shosts files
    IgnoreRhosts no

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.2 (SunOS)

    iD8DBQFD90z1vmGe70vHPUMRAs83AJ49YqXX4Yo1xXgBypXlnr epPmVL9gCeNmsW
    oKEk9lyZgDSXQJZe5BKLX14=
    =qedy
    -----END PGP SIGNATURE-----


  5. Re: Is this port forwarding or something else

    Neil W Rickert writes:

    > You will need "sshd_config" to allow host based authentication. That's
    > the only part that requires root access.


    That is the kicker right there. I can't even grep that file.

    But is there no way to set up somekind of threeway transfer where
    control info comes from localhost using ssh-agent and data info is
    moved between the 2 remotes? (A way that does not requre root privs)

    As described in OP I can setup simple tunnels from local to either
    remote.

    So I'm asking how to setup a tunnel between rhost1 rhost2 and talk to
    it from localhost.

+ Reply to Thread