Cheers!
Every arrow in our quivers is helpful, but do beware of using SSH
tunnels for intensive TCP traffic. You're wrapping TCP in TCP. So it
might solve some problems really nicely, but may fail in strange ways
for…reasons.
To understand why you might care, remember that TCP brings flow control
to the table. And if you have two layers of flow control regulating one
flow, you might have an interesting time once the inner flow (rsync)
gets throttled by the outer flow (ssh) and inner flows thinks it's
saturated the link - then backs off too aggressively. If you're
equipment suffers from buffer bloat so much the worse.
If using a trivial percentage of the totally-not-at-all-saturated links,
then it doesn't become noticeable. EG a slow disk over a gigbit.
If you're looking for simple, and don't mind SSL, but without strong
key-management (because SSH didn't have it anyway), then tinc-vpn.org -
it prefers UDP, resorts to TCP, but doesn't GRE at all.
With that caveat aside, it's very helpful to see examples like this.
On 15/01/2022 20.21, backu...@kosowsky.org wrote:
When I travel for pleasure or business, my laptop (and Android phone)
are no longer on my local network, so BackupPC no longer is able to
see the devices and back them up.
One could use a VPN, but alternatively, I wrote some perl code that
can be inserted into the corresponding <host>.pl config.pl to backup
over an SSH tunnel on port <tunnel port> if the file
'.sshtunnel-<tunnelport>' exists in the corresponding
$TopDir/pc/<host> directory.
See the following code (and embedded notes).
---------------------------------------------------------------------------------------------------
my $jhost = $_[1]; #Note: $_[1] is the name of the file (as sourced by 'do')
my $SshUser = 'root';
my $SshPort = 22; #Port for sshd server on the remote machine (typically 22, or
2222 if non-priveleged)
$Conf{PingMaxMsec} = 400; #Necessary because otherwise get pings too slow
#Backup over SSH tunnel to allow backup of devices when they are not on local
network...
#Touch: TopDir/pc/<host>/.sshtunnel-<tunnelport> to enable backup over SSH tunnel
using port <tunnelport> (remember to DELETE when done!)
my ($TunnelPort) = map {/\.sshtunnel-([0-9]+)$/ ? $1 : (); }
</var/lib/backuppc/pc/$jhost/.*>;
if(defined $TunnelPort) { #If file containing TunnelPort exists in top level
host directory, then use it
#Rsync to localhost over SshPort = <tunnelport>
$SshPort = $TunnelPort;
$Conf{ClientNameAlias} = 'localhost';
#For backing-up/restoring remote host over port forwarded-reverse SSH
tunnel
#using <tunnelport> (e.g., when using over USB or remote internet)
# <BackupPC server>:<tunnelport> -> <remote host>:<Orig SshPort>
#From the remote host, ssh to BackupPC server using:
# -R <tunnelport>:localhost:<Orig SshPort>
#E.g., ssh -R <tunnelport>:localhost:22 -p 2222 <user>@<BackupPC server>
#Note: My windoze PuTTY app and android 'connectbot' app is configured to
automatically includes this port forward
#Alternatively, On BackupPC servers, ssh to remote host using:
# -L <tunnelport>:localhost:<Orig SshPort>
#E.g., ssh -L <tunnelport>:localhost:22 -p <Orig SshPort> <SshUser>@<remote
host>
#If you want to backup on server2 via server1, then you need to create a double port forward
# server2:<tunnelport> -> server1:<tunnelport> -> <remote host>:<Orig
SshPort>
# From, the remote host, use a proxy Jump:
# ssh -R <tunnelport>:localhost:22 -J <user1>@server1:2222
<user2>@server2
# Alternatively, first create one of the first port forwards to connect
'server1' and the remote host.
# Then create an aiddiontal port forward to connect 'server2' and 'server1'
# Either, ssh from server1 to server2 as follows:
# ssh -R <tunnelport>:localhost:<tunnelport> server2
#Or ssh from server2 to machine1 as follows:
# sudo -u backuppc ssh -L <tunnelport>:localhost:<tunnelport> -l
backuppc-client machine1
#Then you can log into the remote host from machine2 using:
# sudo -u backuppc ssh -p <tunnelport> <remoteUser>@localhost -o
UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no
#Note Start from machine1, combine creating the machine1-machine2 port
with login from machine2 to remote host:
# ssh -t -R <tunnelport>:localhost:<tunnelport> machine2 "sudo -u backuppc ssh -l
backuppc-client -p <tunnelport> localhost -o UserKnownHostsFile=/dev/null -o
StrictHostKeyChecking=no"
#Alternative ping command - ssh to remote client over $SshPort =
<tunnelport> and ping itself (i.e. ping localhost)
#Linux/Android ping: 'ping -c 1'
$Conf{PingCmd} = "$Conf{SshPath} -q -x -p $SshPort -l $SshUser -o
UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no localhost ping -c 1
localhost";
#Windows Cygwin ping: 'ping -n 1'
# $Conf{PingCmd} = "$Conf{SshPath} -q -x -p $SshPort -l $SshUser -o
UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no localhost ping -n 1
localhost";
#Note above needs double quotes since $sshPath for PingCmd is not set at
runtime
#Note: add options to ignore known_hosts and turn off
StrictHostKeyChecking since already running over a known ssh channel
# PLUS the known_hosts and keys will need to be added for every new
<tunnelport> used causing backuppc to wait and fail.
}
$Conf{RsyncSshArgs} = ['-e', "$Conf{SshPath} -p $SshPort -l $SshUser"];
#SshPort is typically 22 (or 2222 if non-privileged)
$Conf{RsyncSshArgs}->[1] .= " -o UserKnownHostsFile=/dev/null -o
StrictHostKeyChecking=no" if $TunnelPort;
#Note above needs double quotes since $sshPath for PingCmd is not set at runtime
#Note: add options to ignore known_hosts and turn off StrictHostKeyChecking
since already running over a known ssh channel
# PLUS the known_hosts and keys will need to be added for every new
<tunnelport> used causing backuppc to wait and fail.
_______________________________________________
BackupPC-users mailing list
BackupPC-users@lists.sourceforge.net
List: https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki: https://github.com/backuppc/backuppc/wiki
Project: https://backuppc.github.io/backuppc/
_______________________________________________
BackupPC-users mailing list
BackupPC-users@lists.sourceforge.net
List: https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki: https://github.com/backuppc/backuppc/wiki
Project: https://backuppc.github.io/backuppc/
