Re: rsync backup

CptDondo <yan@xxxxxxxxxxxxxxxx> writes:

Tim Southerwood wrote:
Mark Shroyer coughed up some electrons that declared:

This still leaves him tunneling TCP over TCP, though, which he says
is something he'd like to avoid. Having Rsync use SSH as a sort of
transport layer instead of tunneled TCP (using the --rsh parameter)
is a better approach from the networking point of view.

Hi Mark,

Although it's giving me brain cancer to think about it, I'm not convinced
that rsync over an ssh tunnel is in the same category as TCP over a PPP VPN
over SSH.

On balance though, my solution is, I believe, one of the best from the
security POV (it avoids all of the ssh-as-root nastiness), which would lead
me, if it were my problem, to live with the networking issues and try to
tune them down by adjusting the TCP stack at my end, or if necessary, both
ends, or get the customer to fix their broken (IMHO) router.

Amen. I *think* I solved the problem by changing to a UDP based VPN
from their end. (They can connect out using UDP, but the router won't
forward incoming UDP connections - yes, it's broken - but it came free
from their ISP.)

Buy them a new router and put it on y our backup bill.

By this time your time you have spent asking here has been worth far more
than a new router.

At least preliminary testing shows its working. :-)