Re: FreeBSD-4.8 -- Strange behavior using dump(8) --

Tue, 28 Oct 2003 07:13:10 -0800 

On Tue, Oct 28, 2003 at 07:12:46AM -0500, nw1 wrote:
> This problem can be viewed @ http://69.3.136.141/freebsd/dump8/dump8_issue-1

Hmmm... I don't see why you couldn't just send that to the list.  In
summary, you're trying to run dump(8) to a remote file, and it's just
hanging:

    dump 0af [EMAIL PROTECTED]:testfile /
    DUMP:  <-- We receive that as a result --and it just sits there.  

This smells to me that the rcmd(3)/rshd(8) facility that remote
dumping uses hasn't been enabled.

Let me say two things about this:

i) One way of making this work is to enable rshd(8) by uncommenting
the appropriate line(s) in /etc/inetd.conf on box1.domain.net -- ie:

    shell  stream  tcp     nowait  root    /usr/libexec/rshd       rshd
    shell  stream  tcp6    nowait  root    /usr/libexec/rshd       rshd

Then you will need to set up /etc/hosts.equiv and/or .rhosts (see
hosts.equiv(5)) in order to permit passwordless access to
box1.domain.com from the machine you want to backup.  Then your remote
dump should proceed as desired.  However, preferably, don't do this
but use the following instead.

ii) Although the man page for rcmd(3) or rcmdsh(3) don't mention it,
you can actually substitute for rsh(1) by setting the RSH environment
variable to the name of the alternate command.  See:

    http://www.freebsd.org/cgi/query-pr.cgi?pr=15830

or look at /usr/src/lib/libc/net/rcmd.c around line 113.  I've ranted
elsewhere in this mailing list about the general desirability of secure
protocols like SSH and their superiority over rsh quite recently, so
I'll spare you a repeat of that.

Suffice it to say that instead of (i) above I would most strongly
suggest that you:

    # setenv RSH /usr/bin/ssh
    # dump 0af ...

and you should read the ssh FAQ entry about unattended login at:

    http://www.snailbook.com/faq/no-passphrase.auto.html

and also make maximum use of the facilities of the
~/.ssh/authorized_keys file as described in the section
"AUTHORIZED_KEYS FILE FORMAT" in the sshd(8) man page -- particularly
'from="..."', 'command="..."', 'no-port-forwarding' and
'no-X11-forwarding', 'no-agent-forwarding'.  [The command you'll be
running in this remote dump case is /usr/sbin/rmt]

        Cheers,

        Matthew

-- 
Dr Matthew J Seaman MA, D.Phil.                       26 The Paddocks
                                                      Savill Way
PGP: http://www.infracaninophile.co.uk/pgpkey         Marlow
Tel: +44 1628 476614                                  Bucks., SL7 1TH UK

Attachment: pgp00000.pgp
Description: PGP signature

Reply via email to