Re: rsync backup



CptDondo <yan@xxxxxxxxxxxxxxxx> writes:

Tim Southerwood wrote:
Mark Shroyer coughed up some electrons that declared:

This still leaves him tunneling TCP over TCP, though, which he says
is something he'd like to avoid. Having Rsync use SSH as a sort of
transport layer instead of tunneled TCP (using the --rsh parameter)
is a better approach from the networking point of view.

Hi Mark,

Although it's giving me brain cancer to think about it, I'm not convinced
that rsync over an ssh tunnel is in the same category as TCP over a PPP VPN
over SSH.

On balance though, my solution is, I believe, one of the best from the
security POV (it avoids all of the ssh-as-root nastiness), which would lead
me, if it were my problem, to live with the networking issues and try to
tune them down by adjusting the TCP stack at my end, or if necessary, both
ends, or get the customer to fix their broken (IMHO) router.

Amen. I *think* I solved the problem by changing to a UDP based VPN
from their end. (They can connect out using UDP, but the router won't
forward incoming UDP connections - yes, it's broken - but it came free
from their ISP.)

Buy them a new router and put it on y our backup bill.

By this time your time you have spent asking here has been worth far more
than a new router.




At least preliminary testing shows its working. :-)

--Yan
.



Relevant Pages

  • Re: rsync backup
    ... transport layer instead of tunneled TCP ... that rsync over an ssh tunnel is in the same category as TCP over a PPP VPN ...
    (comp.os.linux.security)
  • Re: Safest way of accessing a home computer from outside?
    ... what if I my router doesent have a public IP ... I agree - ssh with no password and then use certificates to ... use for ssh is forwarded to your ssh server. ... You can find Hamachi at ...
    (Fedora)
  • ssh v4.2p1 IPv6 TCP checksum error
    ... repeatedly encounter TCP checksum errors. ... on to the ssh problem... ... Internet Protocol Version 6 ... Transmission Control Protocol, Src Port: 41335, Dst Port: ssh ...
    (SSH)
  • Re: Safest way of accessing a home computer from outside?
    ... what if I my router doesent have a public IP ... use for ssh is forwarded to your ssh server. ... You can find Hamachi at ...
    (Fedora)
  • Re: ipfw and nmap
    ... > even be correct but I have a bsd box that is simply providing me SSH ... add allow tcp from any to me 22 setup in via fxp0 keep-state ... Note too that there is nothing to prevent port scanners simply setting ... the 'SYN' flag in the probe packets they send to your server. ...
    (freebsd-questions)