Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'A detailed walkthrough on creating backups using rsync' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
A detailed walkthrough on creating backups using rsync
Authored by: gustou on Oct 28, '03 01:38:06PM

Since you can use ssh under (over ?) rsync I was wondering how you can use rsync where both of the host are behind a firewall (ie : you need to connect to a firewall before connecting to the host)

There is a trick for CVS when the database is inside a non directly reacheable network using a connexion script instead of ssh.

Is it possible to use the same kind of trick for rsync ?



[ Reply to This | # ]
A detailed walkthrough on creating backups using rsync
Authored by: migurski on Oct 28, '03 08:40:40PM
Since you can use ssh under (over ?) rsync I was wondering how you can use rsync where both of the host are behind a firewall (ie : you need to connect to a firewall before connecting to the host)

To connect between two hosts separated by firewalls, you can use an SSH tunnel. For example, if host_A is living behind firewall_A, and host_B is living behind firewall_B, and you need to rsync from A to B, you can do something like the following (from host_A):

ssh -g -N -L 7777:host_B:22 user@firewall_B

This maps your local (host_A) port 7777 to host_B's port 22 (ssh) within firewall_B. Note that '7777' can be any unused, unprivileged port, and 'host_B' is any hostname meaningful within firewall_B, including internal IP's in the 192.168.0.0 range.

Test this connection by connecting to host_B:

ssh -p 7777 user@localhost

...that should get you into host_B, even though it looks like you're connecting to localhost. Now modify your rsync command to use the same:

rsync -e "ssh -p 7777" local_dir/ user@localhost:remote_dir/

There are a number of caveats and shortcuts involving conflicting entries for localhost in ~/.ssh/known_hosts and the use of & with ssh-agent to make the first step more transparent.



[ Reply to This | # ]