I think I have found the problem. My apologies for not submitting version numbers - bad bug reporting style. ;)
Here's the scoop - I'm running a Fedora system, so used the RPM-install download instructions for the 'stable' release. They say to download an installation script from http://sisuite.org/install and run it. It downloads the packages for you. (source http://www.systemimager.org/download) The version it retrieves is 3.4.1: [EMAIL PROTECTED] ~]$ rpm -qa systemimager-client systemimager-client-3.4.1-1 [EMAIL PROTECTED] ~]$ si_updateclient --version si_updateclient (part of SystemImager) v3.4.1 The CVS (or SVN) tag for the si_updateclient file is # $Id: si_updateclient,v 1.4 2004/09/29 18:26:24 brianfinley Exp $ The fix was applied in October of 2004. I guess there was a code freeze or something because 3.4.1 was actually released 2005.04.20 (according to sourceforge - http://sourceforge.net/project/showfiles.php?group_id=259 I guess my lesson here is that I should just download the current stable tarball 3.6.2 instead of using the 'install' client. Perhaps the website maintainer could take this opportunity to change the installation instructions for RPM-based installations and just say 'don't do it' because it's too old? -ben On Wed, Jan 11, 2006 at 09:51:23AM +0100, Andrea Righi wrote: > This should be fixed from some time ago (reV p923): > > http://svn.sisuite.org/listing.php?repname=systemimager&path=%2Ftrunk%2Fsbin%2F&rev=2923&sc=1 > > Anyway, which version are you using? I suppose with the last 3.6.2 > si_updateclient with ssh should work fine... > > Regards, > -Andrea > > Ben Hartshorne wrote: > >Hi, > > > >I asked this question months ago and got no answer. SI has gone through > >a version upgrade since then, but the functionality hasn't changed. I > >wonder if someone couldn't answer the question (or submit a patch to the > >tree) now. > > > >I want to use si_updateclient through an ssh tunnel. I find it improves > >reliability in addition to providing security. > > > >The command I run from the command line is: > >[EMAIL PROTECTED] ~]$ sudo si_updateclient --server golden --image testing > >--ssh-user 'siuser -i /root/.ssh/updateclient_key' > > > >the file /root/.ssh/updateclient_key is a passphraseless key so that the > >process may run without user intervention. > > > >The Golden server (golden) is running rsync but the port is firewalled > >off - you may only connect to it from localhost. The whole ssh thing is > >supposed to create a tunnel from the client to the server and port > >forward some random local port to the rsync server on golden. > > > >Problem is this - it fails. The ssh connection is made, but rsync fails > >to connect to the locally opened port. > > > >The reason: the si_updateclient script is creating a tunnel using the > >following lines: > > > >$port = int(rand 60000); > >... > >my $command="ssh -f -l $ssh_user -L $port:$server:" . $port . " $server > >sleep 5"; > > > >In essense, it is saying ssh -L12345:golden:12345 golden sleep 5 > > > >This will never work - the rsync daemon on golden is running on port 873 > >(or whatever port you choose), not a port randomly chosen by the client. > > > >The following patch fixes it: > > > >[EMAIL PROTECTED] ~]$ diff -c si_updateclient /usr/sbin/si_updateclient > >-----------8<----------- cut here -----------8<------------ > >*** si_updateclient 2006-01-09 20:08:58.542650000 -0800 > >--- /usr/sbin/si_updateclient 2005-10-11 17:40:07.000000000 -0700 > >*************** > >*** 243,249 **** > > } > > > > # Setup the port forwarding > >! my $command="ssh -f -l $ssh_user -L $port:$server:" . $port . " > >$server sleep 5"; > > my $rc = 0xffff & system($command); > > if ($rc != 0) { croak "FATAL: Failed to establish secure port > > forwarding to $server!"; } > > > >--- 243,249 ---- > > } > > > > # Setup the port forwarding > >! my $command="ssh -f -l $ssh_user -L $port:$server:873 $server sleep > >5"; > > my $rc = 0xffff & system($command); > > if ($rc != 0) { croak "FATAL: Failed to establish secure port > > forwarding to $server!"; } > > > >-----------8<---------- cut here ------------8<------------ > > > >unfortunately, it assumes you're running on port 873 instead of making > >it configurable. > > > >Here's my real question - does nobody use ssh support for > >si_updateimage? It's been broken for a *long* time now, and I don't see > >any complaints about it out there on the net. What gives? Is everyone > >happy running their rsync cleartext over their network? Presumably, > >you're running this thing in a protected network, so it's ok to not use > >ssh. > > > > > >-ben > > > > > > > ------------------------------------------------------- > This SF.net email is sponsored by: Splunk Inc. Do you grep through log files > for problems? Stop! Download the new AJAX search engine that makes > searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! > http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click > _______________________________________________ > Sisuite-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/sisuite-users -- Ben Hartshorne email: [EMAIL PROTECTED] http://ben.hartshorne.net
signature.asc
Description: Digital signature
