Re: [Bacula-users] Backups via SSHv2 tunnels

On Mon, Mar 24, 2008 at 5:35 PM, David Gardner <djgardner AT yahoo DOT com> 
wrote:
> I'm having some difficulty getting my backups to occur via SSHv2. Please 
> clarify if I've missed an important step.
>
>
> This is a logical network diagram of the backup situation. (Diagrams work 
> best in my learning process.)
>
>
>         LAN           LAN-SD
> |----+------------+-----------+-----+--|
>  LAN-FD1   |   LAN-FD3    |
>            LAN-FD2          Firewall
>                                      \
>                                       V\   (<-- T1 link)
>                                          \
>                                   Firewall
>       Remote site               |
> |----+------+------+------+-----+--|
>                Remote-FD
>
>
> The LAN-FDs will be running when the Remote-FD will be scheduled for backup. 
> Having gone through the manual (v.2.2.5), I know that the director will 
> initiate a connection with the clients via TCP 9102 and that the clients will 
> send their 'data' to the Storage Deamon via TCP 9103.
>
> My installation's Director can only handle one connection at a time. In 
> theory, I should be able to issue the following command just before the 
> remote backup job commences:
>
> sudo ssh -24N -i /home/bacula/.ssh/id_rsa \
>    -l bacula \
>    -R 9102:ip.of.remote.FD:9102 \
>    -L 9103:ip.of.LAN.SD:9103 \
>    ip.of.remote.FD
>
> (The command in /usr/src/bacula-2.2.5/examples/ssh-tunnel.sh will not work 
> for me with "PreferredAuthentications=publickey" in the command line.) After 
> opening both of these ports on both of the firewalls, the above command bails 
> out indicating that ports 9102 and 9103 are already in use (by Bacula of 
> course.)
>
> The SSH command I'd like to use requires two parts. The first is that the 
> initiating traffic is directed at a different port than the one used. In my 
> case, I want the SD to send commands to ip.of.remote.FD:19102 and the remote 
> FD to send data to ip.of.LAN.SD:19103. I think these could happen with a 
> command in the respective configuration file. {Two (good) things happen here: 
> only one port opened on each firewall and two, the director does not need to 
> be reloaded each time.}
>
> The second part of my desired solution is to issue the following tunnel 
> command before the remote backup session:
>
> sudo ssh -24N -i /home/bacula/.ssh/id_rsa \
>    -l bacula \
>    -R 19102:ip.of.remote.FD:9102 \
>    -L 19103:ip.of.LAN.SD:9103 \
>    ip.of.remote.FD
>
>
>
> Questions:
> 1) Do I understand all the pieces correctly?
> 2) Does the Bacula-SD.conf have a way to direct commands to another port as 
> part of a job description?
> 3) For SSHv2 gurus: why does the later 'ssh' command only show up as 
> localhost port-forwarding on the respective machines?
>
>
Did you get this working or did you choose to use the vpn option. I
can not use a VPN since I work in a hospital system and the network
security regulations will not allow that (well not to my home).

John

-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
Bacula-users mailing list
Bacula-users AT lists.sourceforge DOT net
https://lists.sourceforge.net/lists/listinfo/bacula-users