On Tue, Jan 10, 2006 at 12:15:53AM -0800, Mark Ferlatte wrote: > Ben Hartshorne said on Mon, Jan 09, 2006 at 08:23:00PM -0800: > > I want to use si_updateclient through an ssh tunnel. I find it improves > > reliability in addition to providing security. > > How does it improve reliability?
Way back when I first tried to get SI up on my network, I had some very annoying behavior - an update (especially if it was very large) would go for a while and then hang. The process would be scrolling by filenames that it was copying, and then it would stop. It wouldn't always stop in the same place, and the spot where it stopped wasn't necessarily a big file or anything complicated. If I cancelled and then restarted, it would get further. I wound up writing a wrapper script that killed the process after 5 minutes and reran it, stopping when the process completed before 5 minutes was up. That symptom never appeared when I was running over ssh. I never tracked down the root cause - it might be the lousy switches we have, or some speed vs. caching difference on the GS or client, or something else entirely. I found my fix and it was good enough... ;) Did you try using ssh on those few servers that were having nic issues completing their transfer? did it make any difference? > Running rsync over ssh certainly slows > you down a lot; in addition to the encryption overhead, ssh screws with I would really like to try running it with '-C none' and see what the speed difference actually is... > the TCP window algorithm[1] which slows you down if you're on fast net. I wonder if that's what fixes it? (btw, was there supposed to be a footnote here?) > > The Golden server (golden) is running rsync but the port is firewalled > > off - you may only connect to it from localhost. The whole ssh thing is > > supposed to create a tunnel from the client to the server and port > > forward some random local port to the rsync server on golden. > > Really? I'd expect it to just use the RSYNC_RSH=ssh variable, and not > require port forwarding or an rsyncd running at all. What can I say - the code speaks for itself... The relevant portions of si_updateclient are lines 210 to 252, with the kicker in line 246. > > Here's my real question - does nobody use ssh support for > > si_updateimage? It's been broken for a *long* time now, and I don't see > > any complaints about it out there on the net. What gives? Is everyone > > happy running their rsync cleartext over their network? Presumably, > > you're running this thing in a protected network, so it's ok to not use > > ssh. > > I use cleartext rsync. Using rsync over ssh has remained firmly in the > class of "nice to have but not required"; I'm not sure how much it > actually gains you in reality. interesting. Can I issue a poll? The rest of you readers out there - do you use rsync plaintext or over ssh or something different? -ben -- Ben Hartshorne email: [EMAIL PROTECTED] http://ben.hartshorne.net
signature.asc
Description: Digital signature
