Hi All,
I did little work on this and I have something to share with you. Your
comments are more than welcome :-).
Method-1
Let's say machine A is rsync server, B and C are rsync client, who are
pushing data periodically to A.
In this method, A is like stunnel client and B is stunnel server.
At B,
# stunnel -d 2424 -f -L ./rsync1 # rsync1 is the script with
options, rsync_password and modules ...I am using ->
rsync --stats -avz
/home A::backup
#B got the
certificate (stunnel.pem) in his local directory, otherwise need to use -p
option.
At A
rsync entry in inetd.conf.
#stunnel -c -r B:2424
I checked the "netstat" ..let see the truncated output ...
At A
local address : A:socks
foreign address: B:2424
state : ESTABLISHED
At B
local address : linx:2424
foreign address: A:socks
state : ESTABLISHED
Method2 : - rsync server is behaving as stunnel server. rsync client will
connect through the established tunnel.
At A :
# rsync --daemon # I did use inetd this time.
# stunnel -d 2424 -p /path/to/stunnel.pem -r A:rsync
At B:
#stunnel -c -d 873 -r A:2424
# ./rsync1 # script with rsync_passwd and like this ->
rsync --stats -avz /home localhost::backup
Now see the netstat output as truncated.
At A:
tcp 0 0 localhost.localdo:rsync localhost.localdom:1117
ESTABLISHED root 21358
tcp 0 0 localhost.localdom:1117 localhost.localdo:rsync
ESTABLISHED root 21357
tcp 0 0 A:1234 B:1283 ESTABLISHED root
21340
At B:-
tcp 0 0 localhost.localdo:rsync localhost.localdom:1282
ESTABLISHED
tcp 17832 1841 localhost.localdom:1282 localhost.localdo:rsync
ESTABLISHED
tcp 0 0 *:rsync *:* LISTEN
(you can explain the output better) --- Now the MAJOR PROBLEM ---
I did same at C that I did at B (only module was different).
While B is trasferriung the files, C can't. Getting error message from rsync
server side "@ERROR: max connections (10) reached -try again later". And C
can transfer the file when B is in sleeping mode for waiting to invoke rsync
again. (I don't know, if you will say it a bug ??)
Anyway, this is all I have to share with you. Any
suggestion/remedy/improvement/comments are welcome. Security and performance
are the main issue foe me.
Special thanks to BENNETT TODD for his suggestions.
-Sanjeev
> -----Original Message-----
> From: Sanjeev Jha
> Sent: Monday, September 18, 2000 12:24 PM
> To: Openssl-Users (E-mail)
> Subject: stunnel for remote copy
>
> Hi All,
>
> Just wondering if any of you had used "rsync" or similar program through
> stunnel using OpenSSL. I will appreciate, if you wanna share your thoughts
> on this.
>
> Thanks,
> Sk
