Patrick Stingley wrote:
>
> We have a tape machine on our secure network and it makes sense to reach
> out to the non-secure DMZ and yank back backups through the firewall. That
> way the connection is established from the inside out.
Something like this might work:
ssh -l root machine-to-be-backed-up tar -c / | my_backup_software
This will run "tar -c" on the machine to be backed up. The output
(the tarball) will be piped to the backup software on the machine
where the ssh command is run. (So run this from the machine with
the tape)
This way you get inside-out only, no back channels, and you don't
need to store the tarball anywhere before writing it to your tape.
(Wee!)
The only caveat is that you probably need to automate your logon somehow.
".shosts" might work, but I don't recommend it. (no one does :)
Your best bet would be with DSA/RSA signature logon.
/Mike
--
Mikael Olsson, EnterNet Sweden AB, Box 393, SE-891 28 �RNSK�LDSVIK
Phone: +46-(0)660-29 92 00 Fax: +46-(0)660-122 50
Mobile: +46-(0)70-66 77 636
WWW: http://www.enternet.se E-mail: [EMAIL PROTECTED]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
