Re: streaming over ssh and decrypting a file
On Fri, 19 Sep 2014 12:07:22 -0700 Ross Boylan wrote: > Did you mean to go offlist? No, my mistake, sorry. I didn't check 'To:' field. > > Ok, try from the other end - transfer an encrypted file, encrypt your > > backup and compare those. It's a kludge, of course, but worth the > > effort. > If I understand the proposal, it doesn't fully validate the backup > I've made, since I want to verify that the decrypted version of the > backup matches the original. The original is often a block device. Still, easiest thing to do IMO. > > If it doesn't help - try using sponge (from 'moreutils' package) like > > this: > Hmm, looks as if that isn't installed. > > > > ssh kornak "cat markov/turtle.Lenny00.gpg" | gpg -d - | sponge | \ > > sudo cmp - /dev/turtle/Lenny00 > > > Wouldn't this mean I'd need enough disk space to hold the decrypted file? No, but it means you'll need enough memory to hold it. An idea was - if stream compression is giving trouble - get rid of streaming. Reco -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140919231351.ab0184475854cdc6b23cf...@gmail.com
Re: streaming over ssh and decrypting a file
gpg-agent was already on the system, which I have also been able to reboot. Unfortunately, gpg-agent didn't seem to solve the problem. I used it once successfully, but every other time I tried the transfer would never start. Also I had to use gpg2 to access the agent. I noticed, even when I did not use the agent, I would not always get prompts for sudo and/or gpg. I expect the responses are cached for at least a brief time. I also tried ross@markov:~$ mkfifo rendevous ross@markov:~$ ssh kornak "cat markov/turtle.MiniSqueeze00.gpg" | gpg2 -d > rendevous ^Z [1]+ Stopped ssh kornak "cat markov/turtle.MiniSqueeze00.gpg" | gpg2 -d > rendevous ross@markov:~$ bg [1]+ ssh kornak "cat markov/turtle.MiniSqueeze00.gpg" | gpg2 -d > rendevous & ross@markov:~$ sudo cmp rendevous /dev/turtle/Squeeze00 [sudo] password for ross: but it just hung at that point. On Thu, Sep 18, 2014 at 10:44 AM, Ross Boylan wrote: > Thank you for the pointer. Unfortunately, markov is dying and it is > doubtful I can install anything new. The root file system is > read-only and /var is full (though I can probably make some room on > the latter). > Ross > > On Thu, Sep 18, 2014 at 10:26 AM, Reco wrote: >> Hi. >> >> On Thu, 18 Sep 2014 10:09:53 -0700 >> Ross Boylan wrote: >> >>> You need a passphrase to unlock the secret key for >>> user: "Ross Boylan (work) " >>> 2048-bit ELG-E key, ID xxx created 2014-09-17 (main key ID yyy) >> >> Try installing gpg-agent, launching it on markov, and store your >> private key in it before using gpg. That should help you to avoid gpg >> prompt. >> >> Reco >> >> >> -- >> To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org >> with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org >> Archive: >> https://lists.debian.org/20140918212643.20003c5992668c305b85e...@gmail.com >> -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/CAK3NTRATqueb7wqKfRi-sH7v6m2us7xba7KUuHQhU7D4EWp=4...@mail.gmail.com
Re: streaming over ssh and decrypting a file
Thank you for the pointer. Unfortunately, markov is dying and it is doubtful I can install anything new. The root file system is read-only and /var is full (though I can probably make some room on the latter). Ross On Thu, Sep 18, 2014 at 10:26 AM, Reco wrote: > Hi. > > On Thu, 18 Sep 2014 10:09:53 -0700 > Ross Boylan wrote: > >> You need a passphrase to unlock the secret key for >> user: "Ross Boylan (work) " >> 2048-bit ELG-E key, ID xxx created 2014-09-17 (main key ID yyy) > > Try installing gpg-agent, launching it on markov, and store your > private key in it before using gpg. That should help you to avoid gpg > prompt. > > Reco > > > -- > To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org > with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org > Archive: > https://lists.debian.org/20140918212643.20003c5992668c305b85e...@gmail.com > -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/CAK3NTRArBXT9wPM6TPp9-DCZjFLCvxQZDX=w4tq4ua4o0yj...@mail.gmail.com
Re: streaming over ssh and decrypting a file
Hi. On Thu, 18 Sep 2014 10:09:53 -0700 Ross Boylan wrote: > You need a passphrase to unlock the secret key for > user: "Ross Boylan (work) " > 2048-bit ELG-E key, ID xxx created 2014-09-17 (main key ID yyy) Try installing gpg-agent, launching it on markov, and store your private key in it before using gpg. That should help you to avoid gpg prompt. Reco -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140918212643.20003c5992668c305b85e...@gmail.com
streaming over ssh and decrypting a file
I am trying do something like $ ssh kornak "cat markov/turtle.Lenny00.gpg" | gpg -d - | sudo cmp - /dev/turtle/Lenny00 But that doesn't work, nor do even simpler versions. How can I achieve the goal which is to 1. stream the file from the remote system (kornak) to the local system (markov). 2. decrypt the stream. 3. cmp the decrypted stream to the original device /dev/turtle/Lenny00 (a logical volume). root privileges are necessary to access the device. markov has insufficient room to hold the backup, and so I need to stream it. There seems to be something about the prompts that cause the process to hang. Everything is operating within a session that has ssh-agent running, since the prompting needed by ssh was also screwing things up. Even a simpler version without sudo fails: # this works fine--no prompts ross@markov:~$ ssh kornak "cat markov/turtle.Lenny00.gpg" | head -c 20 | hd #this doesn't-- gpg prompts ross@markov:~$ ssh kornak "cat markov/turtle.Lenny00.gpg" | gpg -d - | head -c 20 | hd You need a passphrase to unlock the secret key for user: "Ross Boylan (work) " 2048-bit ELG-E key, ID xxx created 2014-09-17 (main key ID yyy) Enter passphrase: # After entering the passphrase, nothing happens # No activity on remote or local system # After several minutes I hit ^c gpg: Interrupt caught ... exiting Thanks. Ross Boylan P.S. files created with ross@markov:~$ date; time sudo cat /dev/turtle/Lenny00 | gpg -e -r ross.boy...@ucsf.edu | ssh kornak "cat > markov/turtle.Lenny00.gpg" This needed to be within an ssh-agent session to avoid getting prompts from ssh and gpg, which seemed to step on each other. Note that it does require a gpg prompt. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/cak3ntrctvvi-ja4ttj7+n-ygzcgc66xbj5q_b2pp-qcfq74...@mail.gmail.com
