Re: [Nbd] client-server via non TCP socket

Sat, 05 May 2012 05:04:18 -0700 

Tschaeche IT-Services <servi...@tschaeche.com> writes:

> Hi,
>
> i searched around in the archive without success for my wish:
>
> i would like to backup data over unsecure network on an host with
> secure user authentication using nbd with dmcrypt. from my point
> of view, something like this would be nice:
>
> # nbd-client ssh://myuser@backup.server/my/home/image /dev/nbd0
>
> in the background i would expect something like:
>
>       socat TCP-LISTEN:1234 'EXEC:ssh myuser@backup.server nbd-server 0 
> /my/home/image -d'
>       nbd-client localhost 1234 /dev/nbd0
>       ...(my local) crypt setup...mount filesystem...
>
> unfortunately, nbd-server fails on the sshd-pipes with the getpeername() call
> (for evaluating the IP-address to replace the %s in the filename). On the 
> other
> side it would be nice if nbd-client directly works on stdio handles without
> wrapping communication through TCP.

Have you tried making the getpeername() optional? If you don't use %s in
the filename then there is no need to replace it so it makes no sense to
getpeername(). If you fix that maybe the server side already works. It
should since nbd-server should still work when started by inetd.

> Key issue for me:
>
> i don't want to have open TCP ports (opening race conditions when connecting)
> on the local as well as on the remote host
>
> did i miss an already existent solution?
>
> Best regards,
>
>       Olli

You will have to patch the nbd-client to initiate the ssh connection to
start the server instead of using socat or use some LD_PRELOAD lib that
changes socket() calls into opening a ssh connection. One problem there
might be that the kernel nbd module might expect a socket.

MfG
        Goswin

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Nbd-general mailing list
Nbd-general@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nbd-general

Reply via email to