Is this port forwarding or something else

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
I have a tricky problem... at least to me it seems complicated.
I want to run an rsnapshot backup from one remote host to another.
Rsnapshot uses ssh for networking  and has allowance for passing
commands to ssh in its conf file.

In order for this to work, a password has to be given at some point.
If ssh-agent is setup and used to avoid a password still a password or
phrase is needed at some time to start the agent and ssh-add your

If both machines are remote how can this be managed from the local

I mean, I can setup a forwarded port and talk to the second remote as
if from remote1 with something like:

  ssh -L 2219:rhost2:22 rhost1
then in rsnapshot config.
  ssh -p 2219 [rhost2 will be stipulated in rsnapshot.conf]

And if I've setup authorized_keys all around.  There will be no login
prompt, using the ssh-agent on localhost.

But then of course the backup data would come to localhost, and it
needs to go to rhost1

So I'm drawing a blank in man ssh as to syntax to get an rsnaphot
backup run between rhost1 and rhost2 using the ssh-agent on locahost?

All these machinations are coming up because I can't think of a way to
automate rsnaphsot backups between rhost1 and rhost2 without having to
login on rhost1 to either run the command or start the ssh-agent and
add the necessary key with ssh-add so a cron job can access the

I have  user privs on rhost1 and rhost2 but root on localhost.
Things could be automated from localhost since I have the agent setup
when X starts.  That is, on locahost the ENV variables can always be
acessed by scripting thru cron, since the agent is running and has had
my key added.  The socket is available.

So to get to it, is it possible to tell ssh to setup a three way
tunnel and move data from rhost2 to rhost1 using ssh-agent from
localhost?  If so does anyone have a stab examples of the requred

Re: Is this port forwarding or something else

Hash: SHA1 writes:

Quoted text here. Click to load it

Why not:

 run ssh-agent on your local machine, and add a key there.

 ssh into rhost1, using agent forwarding.
 from there, run the remote command  on rhost2

The agent forwarding should handle your problem for you.

Quoted text here. Click to load it

This does depend on agent-forwarding being allowed by sshd on rhost1.

Another possibility is to use host-based authentication between
rhost1 and rhost2.  That's what I plan to do if I ever get around to
automating my backups.  This depends on sshd allowing host-based.

Version: GnuPG v1.4.2 (SunOS)


Re: Is this port forwarding or something else

Quoted text here. Click to load it

I guess it wasn't clear in OP that I want this automated.

Quoted text here. Click to load it

All subject hosts allow it.

Quoted text here. Click to load it

What do you mean above?  Is it something that requres root on remotes?
Is it something you setup once and it can run unattended (from cron).

Re: Is this port forwarding or something else

Hash: SHA1 writes:

Quoted text here. Click to load it

I'll assume openssh for ease of discussion.

You will need "sshd_config" to allow host based authentication.  That's
the only part that requires root access.

You also need ssh_config to allow host-based.  But you can set this
in $HOME/.ssh/config .  The host key of each of "rhost1" and "rhost2"
needs to be in $HOME/.ssh/known_hosts on both systems.  You also need
an entry in $HOME/.shosts on rhost1 to allow access from rhost2 and
on rhost2 to allow access from rhost1.

You might need to experiment a little to get the hostname that
each knows the other by.  Once setup, it should work smoothly.

Relevant entries from my "sshd_config"

  # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
  RhostsRSAAuthentication yes
  # similar for protocol version 2
  HostbasedAuthentication yes
  # Change to yes if you don't trust ~/.ssh/known_hosts for
  # RhostsRSAAuthentication and HostbasedAuthentication
  #IgnoreUserKnownHosts no
  # Don't read the user's ~/.rhosts and ~/.shosts files
  IgnoreRhosts no

Version: GnuPG v1.4.2 (SunOS)


Re: Is this port forwarding or something else

Quoted text here. Click to load it

That is the kicker right there.  I can't even grep that file.

But is there no way to set up somekind of threeway transfer where
control info comes from localhost using ssh-agent  and data info is
moved between the 2 remotes? (A way that does not requre root privs)

As described in OP I can setup simple tunnels from local to either

So I'm asking how to setup a tunnel between rhost1 rhost2 and talk to
it from localhost.

Site Timeline