Re: are redhat updates rsyncable
On Wed, Jan 24, 2001 at 12:05:02AM -0800, Harry Putnam wrote:
> Anyone here know if redhat linux updates can be rsynced?
> If so, is it necessary to have rsh installed.
> I guess what I really need is to see the commands necessary to connect
> to a redhat `updates' ftp site with rsync. If it is even possible.
rsync ftp.wtfo.com::
Mike
--
Michael H. Warfield| (770) 985-6132 | [EMAIL PROTECTED]
(The Mad Wizard) | (678) 463-0932 | http://www.wittsend.com/mhw/
NIC whois: MHW9 | An optimist believes we live in the best of all
PGP Key: 0xDF1DD471| possible worlds. A pessimist is sure of it!
Re: tunneling rsync through ssh
On Thu, May 31, 2001 at 01:48:56PM +0200, thomas graichen wrote:
> did anyone here get rsync tunneled through ssh working so far?
> just to make clear what i mean: i only have an ssh connection
> to a host b (say mine is host a) and want to rsync stuff from
> host c this way (because i can't do it directly due to fire-
> wall limitations)
> host-a> ssh -L873:host-c:873 host-b
> host-b>
> then also on host a
> host-a> rsync -av localhost::something .
> always only results in
> @ERROR: protocol startup error
Why not use "rsync -av -e ssh {file specifiers} ..."
Works for me. I use rsync over ssh all the time that way.
> which (as far as i can see) comes from the other end server's
> clientserver.c because he can't see me - but why? - i tried it
> several times with different machines - i even get the motd of
> the server if it has one before the above error - so the
> connection and the forwarding seems to work ... i use rsync
> 2.4.6 and openssh 2.5.2 ... any ideas anyone? did anyone get
> something like this working? (and just to make it clear again:
> this has nothing to do with the "-e ssh" option - just to
> avoid confusion - i am talking about tunneling the 873 rsync
> port through ssh)
>
> a lot of thanks in advance in the hope of somebody having
> an idea here :-)
>
> t
>
> --
> thomas graichen <[EMAIL PROTECTED]> ... perfection is reached, not
> when there is no longer anything to add, but when there is no
> longer anything to take away. --- antoine de saint-exupery
--
Michael H. Warfield| (770) 985-6132 | [EMAIL PROTECTED]
(The Mad Wizard) | (678) 463-0932 | http://www.wittsend.com/mhw/
NIC whois: MHW9 | An optimist believes we live in the best of all
PGP Key: 0xDF1DD471| possible worlds. A pessimist is sure of it!
Re: tunneling rsync through ssh
On Thu, May 31, 2001 at 04:17:36PM +0200, thomas graichen wrote:
> "Michael H. Warfield" <[EMAIL PROTECTED]> wrote:
> > On Thu, May 31, 2001 at 01:48:56PM +0200, thomas graichen wrote:
> >> did anyone here get rsync tunneled through ssh working so far?
>
> >> just to make clear what i mean: i only have an ssh connection
> >> to a host b (say mine is host a) and want to rsync stuff from
> >> host c this way (because i can't do it directly due to fire-
> >> wall limitations)
>
> >> host-a> ssh -L873:host-c:873 host-b
> >> host-b>
>
> >> then also on host a
>
> >> host-a> rsync -av localhost::something .
>
> >> always only results in
>
> >> @ERROR: protocol startup error
>
> > Why not use "rsync -av -e ssh {file specifiers} ..."
>
> > Works for me. I use rsync over ssh all the time that way.
> i too - but what if the other end is a public rsync server
> without ssh access for you?
Then how would you establish the ssh tunnel to begin with? Seems
like we have a "rabit stew" situtation (first you catch your rabbit).
If you have the ability to establish an ssh connection to begin with,
you should then have the ability to run rsync from that end using ssh
as the transport. Or am I missing something here?
> t
> --
> thomas graichen <[EMAIL PROTECTED]> ... perfection is reached, not
> when there is no longer anything to add, but when there is no
> longer anything to take away. --- antoine de saint-exupery
Mike
--
Michael H. Warfield| (770) 985-6132 | [EMAIL PROTECTED]
(The Mad Wizard) | (678) 463-0932 | http://www.wittsend.com/mhw/
NIC whois: MHW9 | An optimist believes we live in the best of all
PGP Key: 0xDF1DD471| possible worlds. A pessimist is sure of it!
Re: tunneling rsync through ssh
On Thu, May 31, 2001 at 04:16:44PM +0200, thomas graichen wrote: > Martin Pool <[EMAIL PROTECTED]> wrote: > > On 31 May 2001, thomas graichen <[EMAIL PROTECTED]> wrote: > >> did anyone here get rsync tunneled through ssh working so far? > >> > >> just to make clear what i mean: i only have an ssh connection > >> to a host b (say mine is host a) and want to rsync stuff from > >> host c this way (because i can't do it directly due to fire- > >> wall limitations) > > There probably is a solution to forwarding ports this way, but why > > not just use plain ssh connections? (OK, I can imagine a couple of > > cases, where perhaps you want many machines on the originating end > > to share the tunnel. But that won't be allowed using the > > ssh syntax you showed.) > because i want to connect to a public rsync server on the other > end which does not allow me to ssh to it usually ... for > instance for getting rsync via rsync :-) Then how do you establish this ssh tunnel to begin with? Is it something that you just set up and leave up for long periods of time (you said it does not allow you to ssh to it "usually")? > ... or maybe i am getting something wrong here - then please > tell me > > >> host-a> ssh -L873:host-c:873 host-b > >> host-b> > >> > >> then also on host a > >> > >> host-a> rsync -av localhost::something . > >> > >> always only results in > >> > >> @ERROR: protocol startup error > >> > >> which (as far as i can see) comes from the other end server's > >> clientserver.c because he can't see me - but why? - i tried it > >> several times with different machines - i even get the motd of > >> the server if it has one before the above error - so the > >> connection and the forwarding seems to work ... i use rsync > >> 2.4.6 and openssh 2.5.2 ... any ideas anyone? did anyone get > >> something like this working? (and just to make it clear again: > >> this has nothing to do with the "-e ssh" option - just to > >> avoid confusion - i am talking about tunneling the 873 rsync > >> port through ssh) > > > That should work. > > > Perhaps rsync at the other end is very old? > > one i tried was the rsync server on samba.org - i assume it > to be up to date - right? > > > You must be root on host-a to be able to forward ports under 1024. > > Does it work if you use a different local port number, e.g. > > > host-a> ssh -L 8730:host-c:873 host-b > > host-a> rsync -av --port 8730 localhost:: > > > What happens if you use ssh -v? Do you see messages about > > connections being forwarded? > > yes - portforwarding works (as said: you even get the motd > from the server if it has one and the @ERROR message is also > generated from the server side!) > > any other ideas? - again - thanks in advance > > t > > -- > thomas graichen <[EMAIL PROTECTED]> ... perfection is reached, not > when there is no longer anything to add, but when there is no > longer anything to take away. --- antoine de saint-exupery -- Michael H. Warfield| (770) 985-6132 | [EMAIL PROTECTED] (The Mad Wizard) | (678) 463-0932 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0xDF1DD471| possible worlds. A pessimist is sure of it!
Re: rsync and SSL
On Thu, Sep 20, 2001 at 01:00:46AM +, M. Drew Streib wrote: > On Thu, Sep 20, 2001 at 10:47:15AM +1000, Cameron Simpson wrote: > > That way we could do SMTP over SSL etc etc transparently: clients connect, > > say "SSL", if rejected either fall back or fall out, and if accepted > > then away we all go. > > Is there some technical reason for not doing things this way? > Other than an extra couple tcp transmissions, not too many. It does > probably break about all existing protocols though, at least as written, > since the SSL handshake would fall outside of the bounds of the protocol. > Implementing this on SMTP, for instance, would require more than SMTP, > but would be SMTP+SSLoption, which _may_ be fully backwards compatible, > but certainly not "compliant", as it implements non-standard behavior. > Even if the initial request were inside of the bounds of the protocol, > as in "Renegotiate: SSL" as an http header, the followup > handshake and subsequent transmission certainly wouldn't be standard. Bzzzttt... Wrong answer. Sorry... This already exists for SMTP and others and is typically referred to as "START TLS"/"STARTTLS" (TLS is the ietf term for SSL v3) or "escape to TLS" or something similar. It's standardized. RFC 2487 [SMTP Service Extension for Secure SMTP over TLS] in the case of SMTP. There are patches for QMail and Postfix on the net and the lastest sources of sendmail (8.11.x and 8.12.x) include it although it's not built by default. > This may not bother you from a technical perspective, but might upset > people that are purists at the wire protocol level. It is something > that certainly could be debated, either for an individual protocol, > or across the spectrum. Nothing to stop rsync from implementing something > like this, since it is sort of in charge of its own protocol development... Look up the standard for escape to TLS and find your answer there. RFC 2487 covers SMTP STARTTLS. There are references to a telnet STARTTLS option in RFC 2400 and RFC 2595 [Using TLS with IMAP, POP3 and ACAP] covers several other protocols. > I'd be interested in seeing an IETF proposal for something like this, > just for public debate. AFAIK... This is already a done deal. Seems to be pretty well hashed over in the ietf. > -drew > -- > M. Drew Streib <[EMAIL PROTECTED]> | http://dtype.org/ > FSG <[EMAIL PROTECTED]>| Linux International <[EMAIL PROTECTED]> > freedb <[EMAIL PROTECTED]>| SourceForge <[EMAIL PROTECTED]> Mike -- Michael H. Warfield| (770) 985-6132 | [EMAIL PROTECTED] (The Mad Wizard) | (678) 463-0932 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0xDF1DD471| possible worlds. A pessimist is sure of it!
Re: rsync and SSL
On Thu, Sep 20, 2001 at 11:11:18AM +1000, Cameron Simpson wrote: > On Thu, Sep 20, 2001 at 01:00:46AM +, M. Drew Streib <[EMAIL PROTECTED]> wrote: > | On Thu, Sep 20, 2001 at 10:47:15AM +1000, Cameron Simpson wrote: > | > That way we could do SMTP over SSL etc etc transparently: clients connect, > | > say "SSL", if rejected either fall back or fall out, and if accepted > | > then away we all go. > | > > | > Is there some technical reason for not doing things this way? > | > | Other than an extra couple tcp transmissions, not too many. It does > | probably break about all existing protocols though, at least as written, > | since the SSL handshake would fall outside of the bounds of the protocol. > | Implementing this on SMTP, for instance, would require more than SMTP, > | but would be SMTP+SSLoption, which _may_ be fully backwards compatible, > | but certainly not "compliant", as it implements non-standard behavior. > Yeah, but a server not implementing the request should return a 5xx error. > It's not like the client should proceed with the SSL stuff unless it > gets a "2xx Yeah I speak SSL." and therefore nothing should break. > | Even if the initial request were inside of the bounds of the protocol, > | as in "Renegotiate: SSL" as an http header, the followup > | handshake and subsequent transmission certainly wouldn't be standard. > For HTTP you'd return a 4xx or 5xx error of some kind, surely? > | This may not bother you from a technical perspective, but might upset > | people that are purists at the wire protocol level. > Shouldn't if the spec makes sure things don't ascend (descend?) into SSL > without acceptance on both ends... > | It is something > | that certainly could be debated, either for an individual protocol, > | or across the spectrum. Nothing to stop rsync from implementing something > | like this, since it is sort of in charge of its own protocol development... > Well, it'd be handy in rsync if only as a proof of concept. > | I'd be interested in seeing an IETF proposal for something like this, > | just for public debate. > I'll try to find out how to write one and submit it then... Check out RFC 2487 [SMTP Service Extension for Secure SMTP over TLS] and RFC 2995 [Using TLS with IMAP, POP3 and ACAP]. If you want to do one for rsync you might well model it after the ietf standards that already exist. Considering that rsync itself doesn't even have an RFC, an RFC for rsync over TLS may well be futile anyways. IAC... The first step would be to propose a working group and get it chartered if there is enough interest at the ietf. You don't start out by writing a proposal. My guess is that you would have to start with rsync itself first, if there isn't one already. I could find nothing in the current drafts or RFCs to indicate any working group working on rsync. On that point, check with Tridge. It's his baby. > -- > Cameron Simpson, DoD#743[EMAIL PROTECTED]http://www.zip.com.au/~cs/ > > Will Hack Perl for Fine Food and Fun. > - Tom Christiansen <[EMAIL PROTECTED]> -- Michael H. Warfield| (770) 985-6132 | [EMAIL PROTECTED] (The Mad Wizard) | (678) 463-0932 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0xDF1DD471| possible worlds. A pessimist is sure of it!
Need a contact for the rsync maintainers...
Hey all, I helped facilitate the old Gentoo break-in / rsync issue some 15 years ago. I need a current contact on the rsync team. Please contact me privately on . Thank you... Regards, Mike -- Michael H. Warfield (AI4NB) | (o) +1 706 850-8773 | m...@wittsend.com /\/\|=mhw=|\/\/ | (c) +1 678 463-0932 | http://www.wittsend.com/mhw/ ARIN whois: MHW9-ARIN | An optimist believes we live in the best of all PGP Key: 0xC0EB9675674627FF | possible worlds. A pessimist is sure of it! signature.asc Description: This is a digitally signed message part -- Please use reply-all for most replies to avoid omitting the mailing list. To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html
