LinuxQuestions.org
Help answer threads with 0 replies.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
Reload this Page BRAG - Double ssh tunnel for a system dump.
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 10-20-2002, 11:28 AM   #1
drthornt
Member
 
Registered: May 2001
Location: Toronto
Distribution: RH 7.2
Posts: 33

Rep: Reputation: 15
BRAG - Double ssh tunnel for a system dump.

I was cloning a machine the other day.
I had the new machine in the lab and the "already built" machine in the field (all behind firewalls). I had administrative access to both machines from my admin box via natted vpn. My challenge was to drop a copy of the system from the production machine to the lab machine, given both machines have no dirrect access to each other. Here's what I did.

I opened ssh tunnels from the "admin" to both "lab" and "old" and then fired a tar through the tunnel.

Here's a pic of the machines:

http://www.quadratic.net/~david/wiredtunnels.gif

Three Machines:
"admin" the administrative machine.
"old" the machine that has the original filesystem.
"lab" the machine that I am building the filesytem on.

"admin" has natted vpn access to "old".
When I log on to "old" via the natting vpn, and do a who, it looks like I am connecting from fw1's private interface.
"admin" has natted vpn access to "lab".
When I log on to "lab" via the natting vpn, and do a who, it looks like I am connecting from fw3's private interface.
"old" has NO access to "lab", vpn or otherwise.
"lab" has NO access to "old", vpn or otherwise.

to get port 2222 on "old" to open port 2222 on "admin" (which is behind a nat fire wall) I run this on "admin".
ssh -v -g -q -f -l readonlyuser -R 2222:localhost:2222 10.1.1.2 tail -f /dev/null

now if we open port 2222 on the old machine we will get port 2222 on the admin machine. At this time there is nothing listening on port 2222 on the admin machine so this command on it's own won't be very exciting.

to forward port 2222 on "admin" to port 22 on "lab":
ssh -g -q -f -l readonlyuser -L 2222:localhost:22 10.1.3.2 tail -f /dev/null

now we can ssh to port 2222 on the pold machine, that will get forwarded to port 2222 on the admin machine , which will in turn get forwarded to port 22 on the lab machine. Now to do some work over the tunels.

to copy the home partition files from "old" dirrectly to "lab" (via "admin")
tar -vcf - /home | ssh -l root localhost -p 2222 tar -xf - -C /

neat huh?

There's only one bad thing I did; I set PermitRootLogin to "yes" on the lab machine's sshd. I set it back to "no" after finishing the operation. Be sure to send HUPs to the tail and ssh process when you are done.
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
SSH Tunnel - need some help on this MeridianRebel Linux - Networking 2 08-11-2005 02:10 PM
ssh tunnel crep Linux - Networking 2 08-25-2004 08:24 PM
ssh tunnel TroelsSmit Linux - Software 2 04-30-2004 03:30 PM
Ssh Tunnel tinaa Linux - Software 7 07-29-2003 07:52 PM
SSH tunnel? tarballedtux Linux - Networking 3 04-09-2002 03:52 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 03:48 AM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration