[TriLUG] copying files

[Joseph Mack NA3T]

On Fri, 22 Jun 2012, Robert Dale wrote:

> Or do it the other way around.  Have the server initiate 
> rsync+ssh requests to the clients. Then you could have 
> passphrase-less keys of the clients on the server and have 
> the clients trust the server's key. Then you don't need 
> any access from the client to the server.

I like this. With Bill's way, if the box doesn't phone home, 
I don't know if it's lost power, has been run over by a 
pick-up truck, is safely on a shelf back in the office, or 
is being disassembled in the basement of a TriLUG'er. With 
the server having the passwd-less private key and the client 
having the public key, it doesn't matter what happens to the 
client box.

Bill again

> I like this way too, but it has some inherent problems if 
> you don't control how the client box is deployed.  The 
> client box might have a dynamic IP address, and it might 
> be behind a NAT or firewall.

doh. This is one of my main constraints. The client box must 
operate with any IP and behind a NAT box or firewall. You 
can't expect it to ever get a SYN packet.

Is there a reverse way of doing the key exchange? ie the 
client establishes a tcpip connection and tells the server 
to initiate an ssh/rsync connection?

this doesn't work, as the ssh command executed on the server 
will start it's own separate connection

client:# ssh server 'rsync -auv /client/foo /server/foo'

maybe I will need a vpn after all. That will allow the 
server to connect to the client inside the vpn.

Joe

-- 
Joseph Mack NA3T EME(B,D), FM05lw North Carolina
jmack (at) wm7d (dot) net - azimuthal equidistant map
generator at http://www.wm7d.net/azproj.shtml
Homepage http://www.austintek.com/ It's GNU/Linux!