Re: rsync error using ssh : @ERROR: access denied toserver.domain.com from unknown (0.0.0.0) {Scanned By MailScanner}
On Tue, Jan 27, 2004 at 09:55:41PM -0500, [EMAIL PROTECTED] wrote: > I've encountered a similar situation, and tracked it down. It seems that > if the shell for your user is set to bash2 versions 2.0 -> 2.05.0, it > causes your IP to appear as 0.0.0.0 . However, this has been fixed in > 2.05b.0, and also works as normal in every other shell I've tested (zsh, > csh, bash v1.x, ash). When I use SSH keys, I use a forced command, with a > from address, but I also use the rsync hosts allow/deny so that the keys > can be used to access some shares from some machines, and some from > others. the 2.05b version can be found at > http://www.gnu.org/directory/GNU/bash.html . Hope that helps. Sure enough i've two versions of bash here and 2.05.0 unexports all the SSH environment variables but 2.05b.0 passes them. > > As near as i can tell it never should have worked because > > a local connection, via ssh, would never be allowed access with "hosts > > allow" clause unless perhaps one of the hosts listed were > > 0.0.0.0 > > > > I've attached an UNTESTED patch (against CVS HEAD but should > > be applicable to some older versions) that disables hosts > > [allow|deny] for rsync over ssh so that the same config file > > may be used for both ssh and direct socket connections. That patch is no good. If you are stuck with bash trashing your environment variables and want to share the rsyncd.conf file with a regular daemon while using "hosts allow" you can use a forced command or put 0.0.0.0 in the hosts allow list. -- J.W. SchultzPegasystems Technologies email address: [EMAIL PROTECTED] Remember Cernan and Schmitt -- To unsubscribe or change options: http://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html
Re: rsync error using ssh : @ERROR: access denied toserver.domain.com from unknown (0.0.0.0) {Scanned By MailScanner}
I've encountered a similar situation, and tracked it down. It seems that if the shell for your user is set to bash2 versions 2.0 -> 2.05.0, it causes your IP to appear as 0.0.0.0 . However, this has been fixed in 2.05b.0, and also works as normal in every other shell I've tested (zsh, csh, bash v1.x, ash). When I use SSH keys, I use a forced command, with a from address, but I also use the rsync hosts allow/deny so that the keys can be used to access some shares from some machines, and some from others. the 2.05b version can be found at http://www.gnu.org/directory/GNU/bash.html . Hope that helps. > On Tue, Jan 27, 2004 at 04:31:53PM -0800, AI Connex wrote: >> I use rsync to mirror several servers. >> >> I run RH7.3 >> >> My rsyncd.conf file is: >> >> motd file = /etc/rsync.d/rsync.motd >> log file = /var/log/rsyncd.log >> pid file = /var/run/rsyncd.pid >> lock file = /var/run/rsync.lock >> hosts allow = 10.1.2.200 10.1.2.201 >> hosts deny = 0.0.0.0/0.0.0.0 >> use chroot = yes >> max connections = 3 >> #syslog facility = >> >> [website] >>path = /var/www/website >>comment = Connex Live WWW Server >>uid = nobody >>gid = nobody >>read only = no >>list = yes >>auth users = someone,root >>secrets file = /etc/rsync.d/rsync.secrets >> >> >> I use the --rsh=ssh option to use a ssh protocol >> >> A typical script contains: >> >> #!/bin/ash >> PATH=/usr/local/bin:/bin:/usr/bin >> ### Setting user >> USER=root >> >> echo Synchronizing Website >> #echo >> >> rsync --rsh=ssh \ >> --password-file=/root/.rsyncpwd \ >> --compress --recursive --times --perms --links --owner --group \ >> --include "web_order*" --include "web_user.*" --include >> "web_user_c*" --include "web_user_h*" \ >> --include "web_user_l*" --include "web_org*" --include "web_in*" >> --include >> "web_quote*" \ >> --include "quick_connect.*" \ >> --exclude "*" \ >> 10.1.2.190::website /var/www/website >> >> >> Everything worked perfectly. >> >> I am now getting the error >> @ERROR: access denied to server.domain.com from unknown (0.0.0.0) > > The question is, what changed? > >> If I changed the script so I do not use a ssh shell, everything works >> fine. >> >> I have hunted the web for a solution, but no joy. >> >> Please advise how I correct the problem. > > As near as i can tell it never should have worked because > a local connection, via ssh, would never be allowed access with "hosts > allow" clause unless perhaps one of the hosts listed were > 0.0.0.0 > > I've attached an UNTESTED patch (against CVS HEAD but should > be applicable to some older versions) that disables hosts > [allow|deny] for rsync over ssh so that the same config file > may be used for both ssh and direct socket connections. > > > > -- > > J.W. SchultzPegasystems Technologies > email address: [EMAIL PROTECTED] > > Remember Cernan and Schmitt > -- > To unsubscribe or change options: > http://lists.samba.org/mailman/listinfo/rsync > Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html -- To unsubscribe or change options: http://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html
Re: rsync error using ssh : @ERROR: access denied to server.domain.com from unknown (0.0.0.0) {Scanned By MailScanner}
On Tue, Jan 27, 2004 at 04:31:53PM -0800, AI Connex wrote:
> I use rsync to mirror several servers.
>
> I run RH7.3
>
> My rsyncd.conf file is:
>
> motd file = /etc/rsync.d/rsync.motd
> log file = /var/log/rsyncd.log
> pid file = /var/run/rsyncd.pid
> lock file = /var/run/rsync.lock
> hosts allow = 10.1.2.200 10.1.2.201
> hosts deny = 0.0.0.0/0.0.0.0
> use chroot = yes
> max connections = 3
> #syslog facility =
>
> [website]
>path = /var/www/website
>comment = Connex Live WWW Server
>uid = nobody
>gid = nobody
>read only = no
>list = yes
>auth users = someone,root
>secrets file = /etc/rsync.d/rsync.secrets
>
>
> I use the --rsh=ssh option to use a ssh protocol
>
> A typical script contains:
>
> #!/bin/ash
> PATH=/usr/local/bin:/bin:/usr/bin
> ### Setting user
> USER=root
>
> echo Synchronizing Website
> #echo
>
> rsync --rsh=ssh \
> --password-file=/root/.rsyncpwd \
> --compress --recursive --times --perms --links --owner --group \
> --include "web_order*" --include "web_user.*" --include
> "web_user_c*" --include "web_user_h*" \
> --include "web_user_l*" --include "web_org*" --include "web_in*" --include
> "web_quote*" \
> --include "quick_connect.*" \
> --exclude "*" \
> 10.1.2.190::website /var/www/website
>
>
> Everything worked perfectly.
>
> I am now getting the error
> @ERROR: access denied to server.domain.com from unknown (0.0.0.0)
The question is, what changed?
> If I changed the script so I do not use a ssh shell, everything works fine.
>
> I have hunted the web for a solution, but no joy.
>
> Please advise how I correct the problem.
As near as i can tell it never should have worked because
a local connection, via ssh, would never be allowed access with "hosts
allow" clause unless perhaps one of the hosts listed were
0.0.0.0
I've attached an UNTESTED patch (against CVS HEAD but should
be applicable to some older versions) that disables hosts
[allow|deny] for rsync over ssh so that the same config file
may be used for both ssh and direct socket connections.
--
J.W. SchultzPegasystems Technologies
email address: [EMAIL PROTECTED]
Remember Cernan and Schmitt
? ..clientserver.patch
Index: clientserver.c
===
RCS file: /data/cvs/rsync/clientserver.c,v
retrieving revision 1.115
diff -u -p -r1.115 clientserver.c
--- clientserver.c 27 Jan 2004 07:57:12 - 1.115
+++ clientserver.c 28 Jan 2004 01:02:45 -
@@ -226,17 +226,16 @@ static int rsync_module(int f_in, int f_
int ret;
char *request=NULL;
- if (!allow_access(addr, host, lp_hosts_allow(i), lp_hosts_deny(i))) {
+ if (am_daemon && am_server) {
+ rprintf(FINFO, "rsync allowed access on module %s from %s (%s)\n",
+ name, host, addr);
+ }
+ else if (!allow_access(addr, host, lp_hosts_allow(i), lp_hosts_deny(i))) {
rprintf(FERROR,"rsync denied on module %s from %s (%s)\n",
name, host, addr);
io_printf(f_out, "@ERROR: access denied to %s from %s (%s)\n",
name, host, addr);
return -1;
- }
-
- if (am_daemon && am_server) {
- rprintf(FINFO, "rsync allowed access on module %s from %s (%s)\n",
- name, host, addr);
}
if (!claim_connection(lp_lock_file(i), lp_max_connections(i))) {
--
To unsubscribe or change options: http://lists.samba.org/mailman/listinfo/rsync
Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html
rsync error using ssh : @ERROR: access denied to server.domain.com from unknown (0.0.0.0) {Scanned By MailScanner}
I use rsync to mirror several servers. I run RH7.3 My rsyncd.conf file is: motd file = /etc/rsync.d/rsync.motd log file = /var/log/rsyncd.log pid file = /var/run/rsyncd.pid lock file = /var/run/rsync.lock hosts allow = 10.1.2.200 10.1.2.201 hosts deny = 0.0.0.0/0.0.0.0 use chroot = yes max connections = 3 #syslog facility = [website] path = /var/www/website comment = Connex Live WWW Server uid = nobody gid = nobody read only = no list = yes auth users = someone,root secrets file = /etc/rsync.d/rsync.secrets I use the --rsh=ssh option to use a ssh protocol A typical script contains: #!/bin/ash PATH=/usr/local/bin:/bin:/usr/bin ### Setting user USER=root echo Synchronizing Website #echo rsync --rsh=ssh \ --password-file=/root/.rsyncpwd \ --compress --recursive --times --perms --links --owner --group \ --include "web_order*" --include "web_user.*" --include "web_user_c*" --include "web_user_h*" \ --include "web_user_l*" --include "web_org*" --include "web_in*" --include "web_quote*" \ --include "quick_connect.*" \ --exclude "*" \ 10.1.2.190::website /var/www/website Everything worked perfectly. I am now getting the error @ERROR: access denied to server.domain.com from unknown (0.0.0.0) If I changed the script so I do not use a ssh shell, everything works fine. I have hunted the web for a solution, but no joy. Please advise how I correct the problem. -- To unsubscribe or change options: http://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html
FW: SSH Error
- call me ignorant... but I am not above asking. Where do I define $RSYNC_SSH=ssh at? Thanks for the info!! David -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of [EMAIL PROTECTED] Sent: Tuesday, January 15, 2002 7:08 PM To: David L Nickel Cc: [EMAIL PROTECTED] Subject: Re: SSH Error Ok, you're talking about ssh, and you're talking about a rsyncd. Except in rare cases, you don't use ssh to access rsyncd. I'm guessing you're doing something like rsync -e ssh remotehost:www localdestinationdirectory (-e ssh isn't needed if $RSYNC_SSH=ssh). drop the "-e ssh" and use TWO colons between the servername and the modulename. Tim Conway [EMAIL PROTECTED] 303.682.4917 Philips Semiconductor - Longmont TC 1880 Industrial Circle, Suite D Longmont, CO 80501 Available via SameTime Connect within Philips, n9hmg on AIM perl -e 'print pack(, 19061,29556,8289,28271,29800,25970,8304,25970,27680,26721,25451,25970), ".\n" ' "There are some who call me Tim?" "David L Nickel" <[EMAIL PROTECTED]> Sent by: [EMAIL PROTECTED] 01/15/2002 02:23 PM To: <[EMAIL PROTECTED]> cc: (bcc: Tim Conway/LMT/SC/PHILIPS) Subject:SSH Error Classification: I created a user on the machine I am attempting to mirror. I when I run rsync with this user I get the following errors "receiving file list ... link_stat www : No such file or directory done client: nothing to do: perhaps you need to specify some filenames or the --recursive option? rsync error: partial transfer (code 23) at main.c(553)" here is my conf file ## use chroot = no max connections = 5 syslog facility = local3 [www] path = /www comment = Web Directory hosts allow = *.*.1.118 read only = yes list = yes uid = root gid = wheel auth users = user ##
Re: SSH Error
Ok, you're talking about ssh, and you're talking about a rsyncd. Except in rare cases, you don't use ssh to access rsyncd. I'm guessing you're doing something like rsync -e ssh remotehost:www localdestinationdirectory (-e ssh isn't needed if $RSYNC_SSH=ssh). drop the "-e ssh" and use TWO colons between the servername and the modulename. Tim Conway [EMAIL PROTECTED] 303.682.4917 Philips Semiconductor - Longmont TC 1880 Industrial Circle, Suite D Longmont, CO 80501 Available via SameTime Connect within Philips, n9hmg on AIM perl -e 'print pack(, 19061,29556,8289,28271,29800,25970,8304,25970,27680,26721,25451,25970), ".\n" ' "There are some who call me Tim?" "David L Nickel" <[EMAIL PROTECTED]> Sent by: [EMAIL PROTECTED] 01/15/2002 02:23 PM To: <[EMAIL PROTECTED]> cc: (bcc: Tim Conway/LMT/SC/PHILIPS) Subject:SSH Error Classification: I created a user on the machine I am attempting to mirror. I when I run rsync with this user I get the following errors "receiving file list ... link_stat www : No such file or directory done client: nothing to do: perhaps you need to specify some filenames or the --recursive option? rsync error: partial transfer (code 23) at main.c(553)" here is my conf file ## use chroot = no max connections = 5 syslog facility = local3 [www] path = /www comment = Web Directory hosts allow = *.*.1.118 read only = yes list = yes uid = root gid = wheel auth users = user ##
SSH Error
I created a user on the machine I am attempting to mirror. I when I run rsync with this user I get the following errors "receiving file list ... link_stat www : No such file or directory done client: nothing to do: perhaps you need to specify some filenames or the --recursive option? rsync error: partial transfer (code 23) at main.c(553)" here is my conf file ## use chroot = no max connections = 5 syslog facility = local3 [www] path = /www comment = Web Directory hosts allow = *.*.1.118 read only = yes list = yes uid = root gid = wheel auth users = user ##
