Thanks for the comments and suggestion, Anton. I'm forwarding your ssh suggestion to the sisuite-devel list for others to contemplate too.
Cheers, -Brian Thus spake Anton Smith ([EMAIL PROTECTED]): > Hi again, > > I just posted this on the feature request track system, but thought I'd send > it to you too. [snip] > Regards, > Anton > > Feature request: > > It would be desirable to add the -C flag to the ssh command issued in > getimage. > > The line in question looks to be line 383: > $command="ssh -f -l $ssh_user -L $port:$source_host:873 $source_host sleep > 5"; > > changing this to: > > $command="ssh -C -f -l $ssh_user -L $port:$source_host:873 $source_host > sleep 5"; > > should do the trick. On machines with lots of ascii type files this should > speed things up quite a lot. I note that the ssh documentation states > that -C may slow things down on fast networks, maybe another option could be > added to the getimage command line parameters that allows the user to > specify whether they are on a fast or slow connection? > > -Anton Smith (myfirst.mylastATnzwireless.co.nz) > > ----- Original Message ----- > From: "Brian Elliott Finley" <[EMAIL PROTECTED]> > To: "Anton Smith" <[EMAIL PROTECTED]> > Sent: Sunday, September 14, 2003 6:19 AM > Subject: Re: [Sisuite-users] Re: getting an image through SSH > > > > Anton, > > > > I've put you down as an Official Tester. > > > > Look for more email soon! > > > > Thanks, -Brian > > > > > > Thus spake Anton Smith ([EMAIL PROTECTED]): > > > Hi Brian, > > > > > > Yes I would love to help the project :). Let me know what I need and how > to > > > get involved. > > > > > > Regards, > > > Anton > > > > > > ----- Original Message ----- > > > From: "Brian Elliott Finley" <[EMAIL PROTECTED]> > > > To: "dann frazier" <[EMAIL PROTECTED]> > > > Cc: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>; "Anton Smith" > > > <[EMAIL PROTECTED]>; "SISuite Users" > > > <[EMAIL PROTECTED]> > > > Sent: Saturday, July 26, 2003 3:10 AM > > > Subject: Re: [Sisuite-users] Re: getting an image through SSH > > > > > > > > > > Thus spake dann frazier ([EMAIL PROTECTED]): > > > > > There is definitely a lacking of ssh information in the manual, so > > > > > how about I add this in the Usage chapter, in its own section? > > > > > > > > Yes, yes, yes! > > > > > > > > I really like going in the direction similar to the Flamethrower > > > > chapter. Something like "HOWTO Use SSH for Secure Installs". > > > > > > > > > Brian: is what Anton describes currently the recommended procedure? > > > > > > > > > > On Thu, Jul 17, 2003 at 11:22:41PM +1200, Anton Smith wrote: > > > > > > Solved this for myself, and thought I'd post it here for everyone > > > else. > > > > > > > > > > > > (just a reminder, this is for pulling images across to your server > via > > > ssh). > > > > > > > > > > > > 1) run prepareclient on your goldenclient as you usually do. > > > > > > > > Yes. > > > > > > > > > > > > > Immediately after it starts, ps -ef | grep for rsync and kill the > daemon > > > it started. Take note of the config file it used, most likely it will be > in > > > /tmp. > > > > > > 2) edit the rsync config file from above, and under [root], change > it > > > so it looks like this: > > > > > > > > > > > > auth users root > > > > > > path = / > > > > > > hosts allow = clientsiphere > > > > > > hosts deny = * > > > > > > > > > > > > This locks it down so that only root can log in and so that the > only > > > host that can connect is the client itself (we will be ssh tunneling so > the > > > packets will appear to come from the client itself, which is why this > > > works). > > > > > > > > > > > > 3) run "rsync --daemon --config-file /tmp/rsyncd.conf.xxxxx". Tail > > > /var/log/syslog to make sure the daemon came up okay and didn't complain > > > about any of your new config changes (if it ignores any of your security > > > lines then it will be listening for any host, which is a bad [tm] > thing). > > > > > > > > This is not the intended use, but certainly you could do it this way. > > > > It is assumed that the client is firewalling everything but ssh to > > > > itself. Running the rsync daemon wide open is ok in this case, > assuming > > > > that there are no malicious local users on the golden client. > > > > > > > > When you rung getimage, use the --ssh-user option, and the image will > be > > > > retrieved using rsync over ssh. > > > > > > > > > > All of the following is on your image server: > > > > > > > > > > > > 4) Bring up the ssh tunnel: ssh -C -L > localport:goldenclients_ip:873 > > > [EMAIL PROTECTED] and enter the root password. > > > > > > 5) Switch to another terminal on your imageserver (make sure you > leave > > > the ssh session you opened in step 4 open), and run > getimage -golden-client > > > localhost:localport -image imagename (make sure you use the same value > for > > > localport here as you did in step 4. It can be any port but ideally > should > > > be an ephemereal and not already in use. As an example I use 15000 but > you > > > could use whatever you like). > > > > > > 6) From here, it should be just like a normal getimage. When its > all > > > finished you can log out of your ssh session/tunnel, and you can also > kill > > > the rsync daemon on your golden client. > > > > > > > > All of the above is handled for you by getimage if you use the > > > > --ssh-user option. Also look at the details at the bottom of the > > > > local.cfg file for autoinstall related details. > > > > > > > > Anton, > > > > > > > > This was a clever way to figure out how to do this, and I wonder if > the > > > > hosts allow and hosts deny options are something we should consider > > > > adding to prepareclient. > > > > > > > > Dann, what do you think? prepareclient --server HOSTNAME (option to > > > > add the host allow/deny params)? > > > > > > > > Also, Anton, can we put you down as an OFFICIAL_TESTER? And have you > do > > > > the ssh testing when we do new releases? > > > > > > > > Cheers, -Brian > > > > > > > > > > > > > > > > > > > > Voila :) > > > > > > > > > > > > Regards, > > > > > > Anton > > > > > > > > > > > > > > > > > > > > -- > > > > --------------------------------------------------------- > > > > Brian Elliott Finley Phone: 630.803.8183 > > > > GPG: 3FF8 D096 0E0C D3F3 29B7 6518 D20B 1931 10F8 EE52 > > > > --------------------------------------------------------- > > > > > > > > > > > -- > > --------------------------------------------------------- > > Brian Elliott Finley Phone: 630.803.8183 > > GPG: 3FF8 D096 0E0C D3F3 29B7 6518 D20B 1931 10F8 EE52 > > --------------------------------------------------------- > > > > -- --------------------------------------------------------- Brian Elliott Finley Phone: 630.803.8183 GPG: 3FF8 D096 0E0C D3F3 29B7 6518 D20B 1931 10F8 EE52 --------------------------------------------------------- ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Sisuite-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/sisuite-devel
