Hi, I have been trying to get systemimager to run my setup, and because I wanted to only tackle one problem at a time, I used it through open rsync. I'm now trying to swich to using ssh as my transport.
I should say up front that I installed the systemimager packages instead of the systemimager-ssh packages because I could onyl find .debs of those and there were rpms of the normal setup. I'm also lazy so wanted to use the rpm instead of either unpacking the .deb or compiling it from source. :) I often use rsync from the command line (and have seen rsnapshot do the same) like this: rsync [EMAIL PROTECTED]:/path/to/file /destination/ and it uses ssh as its default transport. All's well. I am trying to understand how to get my updateclient connections to run over ssh. I saw there's an '--ssh-user' flag in the options. This flag runs "ssh -f -l $ssh_user -L $port:$server:" . $port . " $server sleep 5". $port is set to a random number (generated by the script and then checked to make sure it is available), and $server comes from the command line. An example of how this command would look with the values filled in (my server is gs and my user is gsuser): ssh -f -l gsuser -L 33274:gs:33274 gs sleep 5 The ssh-user function also changes the server you originally passed in (with --server) to 127.0.0.1, and the $port to 33274, so the final rsync line becomes rsync://127.0.0.1:33274/image_name/etc.etc.etc. This command works just fine, and I have an ssh key in the right places so it can connect without a passphrase. But what is this connection really doing? It opens port 33274 on the client, and forwards connections to that port to the server port 33274. Now here's my problem - there's nothing running on the server port 33274! Nor should there be, since that number was randomly generated by the updateclient script. Is there something I'm missing here? On the server, rsyncd is running with the /etc/systemimager/rsyncd.conf as its configuration file, but it's listening on port 873 like a normal rsync daemon. It's not suing any of the built in rsync-over-ssh stuff, as described in the rsync.conf man page. My iptables rules forbid anybody but localhost from connection to port 873 so that the world can't ask my golden server for my password file. I am used to using ssh tunnels for other things, so I went into updateclient and fiddled a bit. I replaced line 224: [EMAIL PROTECTED]:~$ diff updateclient.orig updateclient.new 244c244 < my $command="ssh -f -l $ssh_user -L $port:$server:" . $port . " $server sleep 5"; --- > my $command="ssh -f -l $ssh_user -L $port:localhost:" . 873 . " $server > sleep 5"; Now, the ssh command will open a tunnel from $port on the client to port 873 on the server. When it launches the rsync connection to localhost:$port, that will appear on the golden server at port 873. With this change, it seems to work. So my question becomes: is this a bug? Did I fix it with my magical one-line change? or is it supposed to be doing something that I don't quite understand? Thanks, -ben -- Ben Hartshorne email: [EMAIL PROTECTED] http://ben.hartshorne.net
pgpwmBk35JiFv.pgp
Description: PGP signature
