[Sisuite-users] ssh tunneling for si_updateclient

Tue, 11 Oct 2005 17:35:22 -0700 

Hi,

I am trying to use si_updateclient through an ssh tunnel.  

My setup:
[EMAIL PROTECTED] tmp]# rpm -qa | grep systemim
systemimager-common-3.4.1-1
systemimager-server-3.4.1-1
systemimager-client-3.4.1-1
systemimager-i386boot-standard-3.4.1-1

Golden Server (GS) has rsync listening on port 873, which is closed to
all but localhost.  There is an ssh account with a passphraseless key to
gain access.

Golden Client (GC) has a private key to log into GS.

As I see it, GC should run:

# ssh -f -l siuser -i /root/.ssh/updateclient_key -L $port:localhost:873 GS 
sleep 5
# rsync rsync://localhost:$port/...

In the si_updateclient code, it says:

  # Setup the port forwarding
  my $command="ssh -f -l $ssh_user -L $port:$server:" . $port . " $server sleep 
5";

I don't see how this will work, since $port, as referenced here, is
randomly chosen each time si_updateclient runs.  I think the $port on
the server side of the -L should be changed to 873 (or whatever port you
have the GS rsyncd listening on). 

Making the change seems to make things work.

Summary:
[EMAIL PROTECTED] tmp]# diff si_updateclient{,.new}
246c246
<     my $command="ssh -f -l $ssh_user -L $port:$server:" . $port . " $server 
sleep 5";
---
>     my $command="ssh -f -l $ssh_user -L $port:$server:873 $server sleep 5";

or, if you prefer,

[EMAIL PROTECTED] tmp]# diff -c si_updateclient{,.new}
*** si_updateclient     2005-10-11 19:30:36.000000000 -0700
--- si_updateclient.new 2005-10-11 19:31:00.000000000 -0700
***************
*** 243,249 ****
      }

      # Setup the port forwarding
!     my $command="ssh -f -l $ssh_user -L $port:$server:" . $port . " $server 
sleep 5";
      my $rc = 0xffff & system($command);
      if ($rc != 0) { croak "FATAL: Failed to establish secure port forwarding 
to $server!"; }

--- 243,249 ----
      }

      # Setup the port forwarding
!     my $command="ssh -f -l $ssh_user -L $port:$server:873 $server sleep 5";
      my $rc = 0xffff & system($command);
      if ($rc != 0) { croak "FATAL: Failed to establish secure port forwarding 
to $server!"; }


Comments?

-ben

-- 
Ben Hartshorne
email: [EMAIL PROTECTED]
http://ben.hartshorne.net

Attachment: signature.asc
Description: Digital signature

Reply via email to