RE: [SLE] how to securely mount a remote filesystem via internet
ok, as some of you requested more detailed info ("why do you want to do this?") I will give more info, maybe you know of better approaches. I want to be able to nightly synchronise files that are on our lan with a remote machine that is on the other side of europe. Both machines have very decent internet connections. So basically this would function just like a normal backup, only not to tape, but to a remote network location. (harddisk, whatever) I wrote emails to various backup software supliers to ask if their product could backup to a remote location, an sftp site, for example. I would like the remote site to be as basic as possible. sftp (mechanism that winscp3 uses) or ftp. (less secure) They all say that their product cannot do something like that. So I started making up my own scenarious... Anyway, I've read all of your suggestions. Now you know this, do you have any other suggestions how to solve this issue? (btw: i completely 'own' the remote machine, I can do whatever I want on it) Thanks very much fort helping so far! Mourik Jan
-----Original Message----- From: Jon Nelson [mailto:jnelson-suse@jamponi.net] Sent: 15 December 2004 14:49 To: Heupink, Mourik Jan C. Cc: suse-linux-e@suse.com Subject: Re: [SLE] how to securely mount a remote filesystem via internet
Short answer: use OpenVPN to create a VPN between the two computers and use NFS over that. I recommend using OpenVPN in UDP mode and NFS in TCP mode.
On Wed, 15 Dec 2004, Heupink, Mourik Jan C. wrote:
dear list. :)
This will probably be a very simple question, with a very obvious answer to all of you, but not to me.
I would like to securely mount a (part of a) filesystem of another (suse) linux server via the internet. So that copying files to that certain mount point, actually means: copying that file to a server far away in another country. Clear..?
I've done some searching, and these seem to be options: - nfs (seems to be unsafe (except when over vpn)) - ssh (file transfer possible, but mounting as filesystem not) - lufs (enables you to mount ftp/ssh locations in filesystem, but requires kermnel recompile)
So, what do you people here use? And what is the 'recommened' way to do this? BTW: i can do whatever I want also on the remote machine, it's 'my' machine, so any configuration is possible. And yes: both sides have very decent internet connections.
-- Carpe diem - Seize the day. Carp in denim - There's a fish in my pants!
Jon Nelson
-- Check the headers for your unsubscription address For additional commands send e-mail to suse-linux-e-help@suse.com Also check the archives at http://lists.suse.com Please read the FAQs: suse-linux-e-faq@suse.com
Heupink, Mourik Jan C. writes:
I want to be able to nightly synchronise files that are on our lan with a remote machine that is on the other side of europe. Both machines have very decent internet connections.
So basically this would function just like a normal backup, only not to tape, but to a remote network location. (harddisk, whatever)
Aside from the suggestions already mentioned, also look at using rdist over a ssh tunnel. See the man page for rdist. This would be more efficient than nfs. -Ti -- Ti Kan http://www.amb.org/ti Vorsprung durch Technik
On Thursday 16 December 2004 11:26, Ti Kan wrote:
Aside from the suggestions already mentioned, also look at using rdist over a ssh tunnel. See the man page for rdist. This would be more efficient than nfs.
RDIFF-BACKUP
______________
Excerpts from the manual mention :-
"The target directory ends up
a copy (mirror) of the source directory, but extra reverse
diffs are stored in a special subdirectory of that target
directory, so you can still recover files lost some time
ago. The idea is to combine the best features of a mirror
and an incremental backup. rdiff-backup also preserves
symlinks, special files, hardlinks, permissions, uid/gid
ownership, and modification times.
~ you can use ssh
and rdiff-backup to securely back a hard drive up to a
remote location, and only the differences will be trans
mitted. Using the default settings, rdiff-backup requires
that the remote system accept ssh connections, ~ "
Version 0.12.6 November 2003 RDIFF-BACKUP(1)
Man author: Ben Escoto
Why not using rsync with hardlinking? Only costs an inode for like files, takes care of files that have been removed (I don't see rdiff doing that), and is very well understood - you get a 100% "copy" of the directories at very low cost. Over a wireless link I can backup 3-4 gig in 2-3 minutes because 98% of the files don't change from day to day. On Thu, 16 Dec 2004, riccardo wrote:
On Thursday 16 December 2004 11:26, Ti Kan wrote:
Aside from the suggestions already mentioned, also look at using rdist over a ssh tunnel. See the man page for rdist. This would be more efficient than nfs.
RDIFF-BACKUP ______________
Excerpts from the manual mention :- "The target directory ends up a copy (mirror) of the source directory, but extra reverse diffs are stored in a special subdirectory of that target directory, so you can still recover files lost some time ago. The idea is to combine the best features of a mirror and an incremental backup. rdiff-backup also preserves symlinks, special files, hardlinks, permissions, uid/gid ownership, and modification times. ~ you can use ssh and rdiff-backup to securely back a hard drive up to a remote location, and only the differences will be trans mitted. Using the default settings, rdiff-backup requires that the remote system accept ssh connections, ~ "
Version 0.12.6 November 2003 RDIFF-BACKUP(1) Man author: Ben Escoto
_________________ best rgds __________
-- Check the headers for your unsubscription address For additional commands send e-mail to suse-linux-e-help@suse.com Also check the archives at http://lists.suse.com Please read the FAQs: suse-linux-e-faq@suse.com
--
Carpe diem - Seize the day.
Carp in denim - There's a fish in my pants!
Jon Nelson
Jon Nelson wrote:
Why not using rsync with hardlinking? Only costs an inode for like files, takes care of files that have been removed (I don't see rdiff doing that), and is very well understood - you get a 100% "copy" of the directories at very low cost. Over a wireless link I can backup 3-4 gig in 2-3 minutes because 98% of the files don't change from day to day.
I would also recomend this - we use rsync for remote backups of 3 servers. In all, about 250G, and it takes about 10-15mins (Like Jon said, it only sends what is changed)
On Thu, 16 Dec 2004 12:18:08 +0100, Heupink, Mourik Jan C.
ok, as some of you requested more detailed info ("why do you want to do this?") I will give more info, maybe you know of better approaches.
I want to be able to nightly synchronise files that are on our lan with a remote machine that is on the other side of europe. Both machines have very decent internet connections.
So basically this would function just like a normal backup, only not to tape, but to a remote network location. (harddisk, whatever)
I wrote emails to various backup software supliers to ask if their product could backup to a remote location, an sftp site, for example. I would like the remote site to be as basic as possible. sftp (mechanism that winscp3 uses) or ftp. (less secure)
They all say that their product cannot do something like that. So I started making up my own scenarious...
Anyway, I've read all of your suggestions. Now you know this, do you have any other suggestions how to solve this issue?
(btw: i completely 'own' the remote machine, I can do whatever I want on it)
Thanks very much fort helping so far!
Mourik Jan
Hi, just saw this in another post in the list: http://www.cis.upenn.edu/~bcpierce/unison/index.html Cheers Sunny -- Get Firefox http://www.spreadfirefox.com/?q=affiliates&id=10745&t=85
On Thu, 2004-12-16 at 10:50, Sunny wrote:
On Thu, 16 Dec 2004 12:18:08 +0100, Heupink, Mourik Jan C.
wrote: Hi, just saw this in another post in the list: http://www.cis.upenn.edu/~bcpierce/unison/index.html Cheers Sunny
The link doesn't mention anything about doing this across the internet just another tool to use. As far as doing this across the internet unless you do not care who can see/intercept this data I would use either a VPN tunnel or ssh at the least (scp -r or rsync -e ssh). -- Ken Schneider UNIX since 1989 SuSE since 1998 * Only reply to the list please*
On Thursday 16 December 2004 16:01, Ken Schneider wrote:
On Thu, 2004-12-16 at 10:50, Sunny wrote:
On Thu, 16 Dec 2004 12:18:08 +0100, Heupink, Mourik Jan C.
wrote: Hi, just saw this in another post in the list: http://www.cis.upenn.edu/~bcpierce/unison/index.html The link doesn't mention anything about doing this across the internet just another tool to use. As far as doing this across the internet unless you do not care who can see/intercept this data I would use either a VPN tunnel or ssh at the least (scp -r or rsync -e ssh).
Unison does encryption. From the linked page: <quote> Unison works between any pair of machines connected to the internet, communicating over either a direct socket link or tunneling over an encrypted ssh connection. </quote> I use it regularly to sync data between laptop and desktop. Works great. Michael
On Thursday 16 December 2004 18:01, Ken Schneider wrote:
On Thu, 2004-12-16 at 10:50, Sunny wrote:
On Thu, 16 Dec 2004 12:18:08 +0100, Heupink, Mourik Jan C.
wrote: Hi, just saw this in another post in the list: http://www.cis.upenn.edu/~bcpierce/unison/index.html Cheers Sunny
The link doesn't mention anything about doing this across the internet just another tool to use. As far as doing this across the internet unless you do not care who can see/intercept this data I would use either a VPN tunnel or ssh at the least (scp -r or rsync -e ssh). --
From the same page, bullet 4: <cite> Unison works between any pair of machines connected to the internet, communicating over either a direct socket link or tunneling over an encrypted ssh connection. </cite> And in the FAQ there are a lot of things about ssh tunneling as well. Cheers Sunny -- Get Firefox http://www.spreadfirefox.com/?q=affiliates&id=10745&t=85
participants (8)
-
Hamish
-
Heupink, Mourik Jan C.
-
Jon Nelson
-
Ken Schneider
-
Michael Siefritz
-
riccardo
-
Sunny
-
ti@amb.org