| View previous topic :: View next topic |
| Author |
Message |
jonathan183
Guru
Joined: 13 Dec 2011
Posts: 318
|
 Posted: Mon Jun 19, 2017 2:22 pm Post subject: [solved] (using ssh tunnel) local mirror and binhost via ssh |
 |
|
I want to setup a PC in order to serve portage snapshots locally and serve binary packages.
I would like to do this via ssh rather than a webserver.
Looking at the wiki for binary packages SSH_binary_package_host this seems to have the relevant information I need.
Looking at the local mirror information Local_Mirror this appears to use rsync.
I have been able to setup a binhost to serve packages over ssh.
If I enable root on the binhost I can use keys to login. On the binhost /etc/ssh/sshd_config I have
| Code: | Protocol 2
Port 18022
PubkeyAuthentication yes
PasswordAuthentication no
PermitRootLogin prohibit-password |
I have cat my clients root public key onto the binhost /root/.ssh/authorized_keys
In the clients /etc/portage/make.conf I have
| Code: | PORTAGE_RSYNC_EXTRA_OPTS="--progress -e \"ssh -p 18022 -l root -i /root/.ssh/id_rsa \""
PORTAGE_BINHOST="ssh://root@192.168.1.2:18022/usr/portage/packages" |
I setup the client ssh key using ssh-keygen and set a password. The arrangement works but I am prompted for the password both when I run
on the client, and when I run
| Code: | | emerge -avuDNfgk @world |
before each binary package is downloaded from the binhost to the client.
I could generate a new key for the client without a password, but root access without a password does not sound like a great way to go.
Is there a better way of doing this which still uses ssh for --sync ?
Following the wiki information allows binary packages with a binpkguser via ssh but does not use ssh for the emerge --sync
Last edited by jonathan183 on Sat Jul 08, 2017 10:28 am; edited 1 time in total |
|
| Back to top |
|
 |
Jaglover
Watchman
Joined: 29 May 2005
Posts: 8291
Location: Saint Amant, Acadiana
|
|
| Back to top |
|
|
Frautoincnam
Apprentice
Joined: 19 May 2017
Posts: 294
|
| Posted: Mon Jun 19, 2017 11:12 pm Post subject: Re: local mirror and binhost via ssh |
|
|
| jonathan183 wrote: | I would like to do this via ssh rather than a webserver.
|
That's not your question but you can use rsync too :
| Code: | | PORTAGE_BINHOST="rsync://your.binhost.server/gentoo-distbin" |
|
|
| Back to top |
|
|
szatox
Advocate
Joined: 27 Aug 2013
Posts: 3135
|
| Posted: Tue Jun 20, 2017 12:19 am Post subject: |
|
|
| Quote: | | I could generate a new key for the client without a password, but root access without a password does not sound like a great way to go. |
Yes, it does. The whole point of using keys is to replace passwords.
You can protect your keys by encrypting them on different layer, like in encrypting your /home for example.
Or, you could try using SSH agent. I never tried doing exactly this, but I expect it to work: start ssh-agent on your client, then ssh-add ./your/encrypted/key
It should prompt you for key's password, decrypt the key, store it in agent, and keep using it until you remove it (usually by killing the agent when you log out)
Note: ssh-agent will print necessary environmental variables to std-out. You have to set them and export them in your session, or run your command from ssh-agent itself to let it set the variables for you. |
|
| Back to top |
|
|
Hu
Moderator
Joined: 06 Mar 2007
Posts: 21628
|
| Posted: Tue Jun 20, 2017 1:31 am Post subject: |
|
|
You can and, for faceless keys should, configure the sshd to restrict the commands that can be run by a client that authenticates with that key. Properly configured, this would mean that the only thing recipients could do is download the files that this binhost is meant to serve, at which point the need to password-protect the key is greatly reduced.
I concur with Jaglover. The key ought to authenticate as an unprivileged user such as portage, to further confine the actions taken by clients using it. |
|
| Back to top |
|
|
jonathan183
Guru
Joined: 13 Dec 2011
Posts: 318
|
| Posted: Thu Jun 29, 2017 11:39 am Post subject: |
|
|
I don't want to use root but the only way I have found so far to get emerge --sync to use ssh in combination with rsync is putting in clients make.conf
| Code: | | PORTAGE_RSYNC_EXTRA_OPTS="--progress -e \"ssh -p 18022 -l root -i /root/.ssh/id_rsa \"" |
root works, other users do not. I picked up the root bit from this thread
I was thinking there might be a way of setting up an ssh tunnel and then forcing emerge to use it for sync and pulling binary packages, if I can do that without use of root then all the better - I just have not been able to figure it out yet 
... ssh-agent might save me typing in the password for the key each time but not having to use root in the first place would be better ... |
|
| Back to top |
|
|
Hu
Moderator
Joined: 06 Mar 2007
Posts: 21628
|
| Posted: Fri Jun 30, 2017 12:10 am Post subject: |
|
|
| What ways have you tried to use non-root? What were their failure modes? There are many ways to do things wrong, so it could take quite a while for us to guess which mistake(s) you have made (and which ones you already solved). |
|
| Back to top |
|
|
jonathan183
Guru
Joined: 13 Dec 2011
Posts: 318
|
| Posted: Fri Jun 30, 2017 10:01 pm Post subject: Works when using ssh tunnel |
|
|
OK I had a go at setting this up from scratch on another system, with the outcome that I have eventually got things working via ssh but not quite how I would like. I have outlined below what I did.
Setup Rsync host using port 873
From the wiki page Local_Mirror
Setup rsync server as the wiki page, my server has private IP 192.168.1.2 and the client will have IP 192.168.1.3.
FILE /etc/rsyncd.conf
| Code: | pid file = /var/run/rsyncd.pid
max connections = 5
use chroot = yes
read only = yes
uid = nobody
gid = nobody
timeout = 300
### host allow and deny information - comment out for testing next 2 lines
#hosts allow = 192.168.1.3
#host deny = *
[gentoo-portage]
path=/usr/portage
comment=Gentoo Portage
exclude=distfiles/ packages/ |
Start rsyncd on the server using | Code: | | /etc/init.d/rsyncd restart |
On the client
FILE /etc/portage/repos.conf/gentoo.conf
| Code: | [gentoo]
location = /usr/portage
sync-type = rsync
### next line for rsync using port 873
sync-uri = rsync://192.168.1.2/gentoo-portage
### uncomment next line for rsync via ssh tunnel in my case used 8873
#sync-uri = rsync://localhost:8873/gentoo-portage
auto-sync = yes |
With port 873 open from the client results in:
| Code: | >>> Syncing repository 'gentoo' into '/usr/portage'...
receiving incremental file list
timestamp.chk
32 100% 31.25kB/s 0:00:00 (xfr#1, to-chk=0/1)
... removed some of the output ...
Action: sync for repo: gentoo, returned code = 0 |
So this confirmed local mirror rsync functioned using port 873.
Setup binpkguser on the client and create a key pair
Next create a user called binpkguser, on the client
| Code: | | useradd -d /home/Gentoo/binpkguser -m -u 1800 -g 250 -s /bin/bash binpkguser |
Switch to binpkguser on the client and create a key pair using
| Code: | cd ~/.ssh
ssh-keygen |
Changing the key name to something more meaningful to me in this case toshiba_laptop_binpkguser_id_rsa
Setup binpkguser on the server and add to authorized keys
Create a user called binpkguser on the server, in this case using identical command to client above.
Copy from the client /home/Gentoo/binpkguser/.ssh/toshiba_laptop_binpkguser_id_rsa.pub to the server same file name.
Then on the server add the key to authorized keys file using
| Code: | | cat /home/Gentoo/binpkguser/.ssh/toshiba_laptop_binpkguser_id_rsa.pub >> /home/Gentoo/binpkguser/.ssh/authorized_keys |
So now I have a binpkguser on both the client and server in group portage.
Configure ssh and portage binhost to use port 18022
On the client modify make.conf, setting up PORTAGE_BINHOST for SSH access on port 18022
| Code: | | PORTAGE_BINHOST="ssh://binpkguser@192.168.1.2:18022/usr/portage/packages" |
On the server configure sshd to listen on port 18022, use protocol 2, disable password login, and enable key based authentication.
File /etc/ssh/sshd_config
| Code: | Protocol 2
Port 18022
RSAAuthentication yes
PubkeyAuthentication yes
PasswordAuthentication no
PermitRootLogin prohibit-password |
Note - odd behaviour if RSAAuthentication is not present, not accepted until some form of authentication is used (such as password), after that accepted until system shutdown. I think this caused some additional confusion for me first time round 
Start sshd on the server using | Code: | | /etc/init.d/sshd restart |
The warning when starting sshd indicates RSAAuthentication is depreciated so need sort this out later.
So now I should be able to ssh from the client using port 18022, I can check this on the client
| Code: | | ssh -v -p 18022 binpkguser@192.168.1.2 |
and get the prompt to add unknown host followed by connection over ssh, Ctrl-d can be used to exit the ssh session.
Rsync via ssh on port 18022 - with firewall active
Next close port 873 on the server firewall but allow port 18022, so rsync can only work via ssh port.
Now can check that I can pull a binary package from the server, on the client
| Code: | | emerge -avfgk @world |
check for one package then terminate the emerge operation.
Despite several attempts with PORTAGE_RSYNC_EXTRA_OPTS including below, I could not get rsync via ssh. This did work on the previous system replacing binpkguser with root.
| Code: | | PORTAGE_RSYNC_EXTRA_OPTS="--progress -e \"ssh -p 18022 -l binpkguser -i /home/Gentoo/binpkguser/.ssh/toshiba_laptop_binpkguser_id_rsa \"" |
I did however get emerge --sync to work by opening another virtual console on the client, login as binpkguser and setting up an ssh tunnel with
| Code: | | ssh -v -p 18022 -fN -l binpkguser -i /home/Gentoo/binpkguser/.ssh/toshiba_laptop_binpkguser_id_rsa -L 8873:localhost:873 192.168.1.2 |
With a modification to FILE /etc/portage/repos.conf/gentoo.conf
| Code: | [gentoo]
location = /usr/portage
sync-type = rsync
### next line for rsync using port 873
#sync-uri = rsync://192.168.1.2/gentoo-portage
### uncomment next line for rsync via ssh tunnel in my case used 8873
sync-uri = rsync://localhost:8873/gentoo-portage
auto-sync = yes |
To do
The above allows non-root user binpkguser to start the ssh tunnel etc however there are still a few things I need to do.
1. Sort out warning message when starting sshd on the server | Code: | | /etc/ssh/sshd_config line 138: Deprecated option RSAAuthentication |
2. Sort out suitable method for creating and stopping ssh tunnel which does not involve ps -ax | grep ssh followed by kill ...
| Code: | #!/bin/bash
### use this script with emerge --sync
local_mirror_ip_address='192.168.1.2'
local_mirror_ssh_port=18022
local_rsync_port_to_forward=8873
local_mirror_rsync_port=873
user_to_login_ssh=binpkguser
identity_file_location="/home/Gentoo/binpkguser/.ssh/toshiba_laptop_binpkguser_id_rsa"
echo "This script $0 will open an ssh tunnel to the local mirror with the following information"
echo " Local mirror IP address = $local_mirror_ip_address Local mirror ssh port = $local_mirror_ssh_port"
echo " Local rsync port to forward = $local_rsync_port_to_forward Local mirror rsync port = $local_mirror_rsync_port"
echo "Press Enter to continue or Ctrl-C to abort"
read my_response
### start the ssh tunnel
#ssh -v -p 18022 -fN -l binpkguser -i /home/Gentoo/binpkguser/.ssh/toshiba_laptop_binpkguser_id_rsa -L 8873:localhost:873 192.168.1.2
ssh_parameters="-v -p $local_mirror_ssh_port -fN -l $user_to_login_ssh -i $identity_file_location -L $local_rsync_port_to_forward:localhost:$local_mirror_rsync_port $local_mirror_ip_address"
ssh $ssh_parameters
ps -ax | grep "ssh -v"
echo "Dont forget to run kill (pid for ssh -v -p .....) when rsync complete ;-)" |
Thanks to all for your input 
Ed: mv authorized_keys to authorized_keys2 allows login without RSAAuthentication yes in sshd_config
and using -N rather than -fN allows closing of the tunnel with Ctrl-c after the sync is complete
Ed2: On the client I also had to copy the binpkguser private key to /root/.ssh folder and symlink /root/.ssh/id_rsa to it for binary packages to be pulled from the host.
Last edited by jonathan183 on Sat Jul 08, 2017 2:11 pm; edited 5 times in total |
|
| Back to top |
|
|
Hu
Moderator
Joined: 06 Mar 2007
Posts: 21628
|
| Posted: Sat Jul 01, 2017 12:36 am Post subject: |
|
|
| Why are you using an ssh tunnel? Tell us what went wrong when you tried to get Portage to use rsync-over-ssh so we can fix that. |
|
| Back to top |
|
|
jonathan183
Guru
Joined: 13 Dec 2011
Posts: 318
|
| Posted: Sat Jul 01, 2017 10:23 am Post subject: |
|
|
| Hu wrote: | | Why are you using an ssh tunnel? Tell us what went wrong when you tried to get Portage to use rsync-over-ssh so we can fix that. |
With /etc/portage/repos.conf/gentoo.conf containing
| Code: | ### using local mirror and rsync port 873 uncomment next line
sync-uri = rsync://192.168.1.2/gentoo-portage |
and client /etc/portage/make.conf containing
| Code: | | PORTAGE_RSYNC_EXTRA_OPTS="-e \"ssh -v -p 18022 -l binpkguser -i /home/Gentoo/binpkguser/.ssh/toshiba_laptop_binpkguser_id_rsa \" " |
Trying an emerge --sync on the client gives output
| Code: | >>> Syncing repository 'gentoo' into '/usr/portage'...
OpenSSH_7.5p1-hpn14v12, OpenSSL 1.0.2k 26 Jan 2017
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to 192.168.1.2 [192.168.1.2] port 18022.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /home/Gentoo/binpkguser/.ssh/toshiba_laptop_binpkguser_id_rsa type 1
debug1: key_load_public: No such file or directory
debug1: identity file /home/Gentoo/binpkguser/.ssh/toshiba_laptop_binpkguser_id_rsa-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.5p1-hpn14v12
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.5p1-hpn14v12
debug1: match: OpenSSH_7.5p1-hpn14v12 pat OpenSSH* compat 0x04000000
debug1: Authenticating to 192.168.1.2:18022 as 'binpkguser'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: AUTH STATE IS 0
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: REQUESTED ENC.NAME is 'chacha20-poly1305@openssh.com'
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: REQUESTED ENC.NAME is 'chacha20-poly1305@openssh.com'
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:Rua/Il67Xyhc/v1RLwrk59lhVqh4FQSVz9tKt+iCTsc
debug1: Host '[192.168.1.2]:18022' is known and matches the ECDSA host key.
debug1: Found key in /root/.ssh/known_hosts:2
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/Gentoo/binpkguser/.ssh/toshiba_laptop_binpkguser_id_rsa
debug1: Server accepts key: pkalg rsa-sha2-512 blen 279
debug1: Authentication succeeded (publickey).
Authenticated to 192.168.1.2 ([192.168.1.2]:18022).
debug1: Final hpn_buffer_size = 2097152
debug1: HPN Disabled: 0, HPN Buffer Size: 2097152
debug1: channel 0: new [client-session]
debug1: Enabled Dynamic Window Scaling
debug1: Requesting no-more-sessions@openssh.com
debug1: Entering interactive session.
debug1: pledge: network
debug1: client_input_global_request: rtype hostkeys-00@openssh.com want_reply 0
debug1: Sending environment.
debug1: Sending env LC_ALL = en_GB
debug1: Sending env LC_MESSAGES = C
debug1: Sending env LANG = en_GB
debug1: Sending command: rsync --server --daemon .
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
debug1: client_input_channel_req: channel 0 rtype eow@openssh.com reply 0
debug1: channel 0: free: client-session, nchannels 1
debug1: fd 0 clearing O_NONBLOCK
debug1: fd 1 clearing O_NONBLOCK
debug1: fd 2 clearing O_NONBLOCK
Transferred: sent 2932, received 3028 bytes, in 0.1 seconds
Bytes per second: sent 20003.5, received 20658.5
debug1: Exit status 1
rsync: did not see server greeting
rsync error: error starting client-server protocol (code 5) at main.c(1648) [Receiver=3.1.2]
* IMPORTANT: 6 config files in '/etc' need updating.
* See the CONFIGURATION FILES and CONFIGURATION FILES UPDATE TOOLS
* sections of the emerge man page to learn how to update config files.
* IMPORTANT: 1 news items need reading for repository 'sakaki-tools'.
* IMPORTANT: 20 news items need reading for repository 'gentoo'.
* Use eselect news read to view new items.
Action: sync for repo: gentoo, returned code = 1
* An update to portage is available. It is _highly_ recommended
* that you update portage now, before any other packages are updated.
* To update portage, run 'emerge --oneshot portage' now. |
with error output | Code: | | !!! Exhausted addresses for 192.168.1.2 |
|
|
| Back to top |
|
|
jonathan183
Guru
Joined: 13 Dec 2011
Posts: 318
|
| Posted: Thu Jul 13, 2017 11:44 pm Post subject: Using ssh tunnel for --sync and ssh for binpackages |
|
|
I managed to getting things working with ssh tunnel for rsync and pulling packages using binpkguser, using an ssh tunnel to rsync the portage tree.
I think the following steps are in the correct order, I will check when I set up my next client. If I manage to setup emerge --sync without the ssh tunnel I will include it in a later post in this thread.
Values I am using are:-
Port 8873 for the ssh tunnel to 873 on the binhost for rsync, binhost is setup to use the standard rsync port 873.
The binhost server has private IP 192.168.1.2 and the client has IP 192.168.1.3.
SSH will be using non standard port 18022, requiring sshd on the binhost to be setup to listen to port 18022.
Optional standard ports 22 for ssh and 873 for rsync will be blocked using firewall on the client and binhost (I do this with a script to configure iptables - not included in this post).
binpkguser is a user with UID 1800 on both the server and client, in the portage group (250), and with a home folder /home/Gentoo/binpkguser.
publickey authentication is used with rsa keys (I also switched to 4096 bit keys since the previous post).
Setup Rsync host using standard port 873
From the wiki page Local_Mirror
This is the binhost server on IP 192.168.1.2 - FILE /etc/rsyncd.conf
| Code: | pid file = /var/run/rsyncd.pid
max connections = 5
use chroot = yes
read only = yes
uid = nobody
gid = nobody
timeout = 300
### optional host allow and deny information - can deny rsync as tunnel uses localhost
host deny = *
[gentoo-portage]
path=/usr/portage
comment=Gentoo Portage
exclude=distfiles/ packages/ |
Start rsyncd on the server using | Code: | | /etc/init.d/rsyncd restart |
Setup Rsync client using port 8873 rather than standard port 873
On the client on IP 192.168.1.3 - FILE /etc/portage/repos.conf/gentoo.conf
| Code: | [gentoo]
location = /usr/portage
sync-type = rsync
### rsync via ssh tunnel in my case used 8873
sync-uri = rsync://localhost:8873/gentoo-portage
auto-sync = yes |
Setup binpkguser on the client and create a key pair
Next create a user called binpkguser, on the client
| Code: | | useradd -d /home/Gentoo/binpkguser -m -u 1800 -g 250 -s /bin/bash binpkguser |
Switch to binpkguser on the client and create a key pair using
| Code: | cd ~/.ssh
ssh-keygen -b 4096 -t rsa |
Changing the key name to something more meaningful to me in this case Toshiba_Laptop_4096_binpkguser_id_rsa
I also created an id_rsa symlink using | Code: | | ln -s Toshiba_Laptop_4096_binpkguser_id_rsa id_rsa |
although I am not sure it is necessary for the binpkguser on the client.
Setup binpkguser on the server and add to authorized keys
Create a user called binpkguser on the server, in this case using identical command to client above.
Copy from the client /home/Gentoo/binpkguser/.ssh/Toshiba_Laptop_4096_binpkguser_id_rsa.pub to the server same file name.
Then on the server add the key to authorized keys file using
| Code: | | cat /home/Gentoo/binpkguser/.ssh/Toshiba_Laptop_4096_binpkguser_id_rsa.pub >> /home/Gentoo/binpkguser/.ssh/authorized_keys2 |
So now I have a binpkguser on both the client and server in group portage.
Configure ssh and portage binhost to use port 18022
On the client modify make.conf, setting up PORTAGE_BINHOST for SSH access on port 18022
| Code: | | PORTAGE_BINHOST="ssh://binpkguser@192.168.1.2:18022/usr/portage/packages" |
Although rsync will work via the ssh tunnel unless the next step is completed downloading of packages does not happen. On the client copy the private key to root ssh folder, and create an id_rsa symlink as root
| Code: | cp /home/Gentoo/binpkguser/.ssh/Toshiba_Laptop_4096_binpkguser_id_rsa /root/.ssh/
cd /root/.ssh
ln -s Toshiba_Laptop_4096_binpkguser_id_rsa id_rsa |
On the server configure sshd to listen on port 18022, use protocol 2, disable password login, and enable key based authentication. On binhost on IP 192.168.1.2 File /etc/ssh/sshd_config
| Code: | Protocol 2
Port 18022
PubkeyAuthentication yes
PasswordAuthentication no |
Note - RSAAuthentication is not required provided key is present in authorized_keys2 file.
Start sshd on the server using | Code: | | /etc/init.d/sshd restart |
So now I should be able to ssh from the client using port 18022, I can check this on the client
| Code: | | ssh -v -p 18022 binpkguser@192.168.1.2 |
and get the prompt to add unknown host followed by connection over ssh, Ctrl-d can be used to exit the ssh session.
Rsync via ssh on port 18022 - with firewall active
Next close port 873 on the server firewall but allow port 18022, so rsync can only work via ssh port.
Now can check that I can pull a binary package from the server, on the client
| Code: | | emerge -aveGf @world |
check for one package then terminate the emerge operation.
Information in PORTAGE_RSYNC_EXTRA_OPTS can be blank etc, I have in /etc/portage/make.conf
| Code: | | PORTAGE_RSYNC_EXTRA_OPTS="--progress" |
To use emerge --sync first open an ssh tunnel on the client on IP 192.168.1.3, login as binpkguser and setting up an ssh tunnel with
| Code: | | ssh -v -p 18022 -l binpkguser -i /home/Gentoo/binpkguser/.ssh/Toshiba_Laptop_4096_binpkguser_id_rsa -L 8873:localhost:873 192.168.1.2 |
Then as your regular admin user on the client you can run or as root on the client.
I use a script to setup the ssh tunnel from the client, leave the tunnel open until emerge --sync is complete and then use Ctrl-c to close the ssh tunnel.
| Code: | #!/bin/bash
### use this script with emerge --sync
local_mirror_ip_address='192.168.1.2'
local_mirror_ssh_port=18022
local_rsync_port_to_forward=8873
local_mirror_rsync_port=873
user_to_login_ssh=binpkguser
identity_file_location="/home/Gentoo/binpkguser/.ssh/Toshiba_Laptop_4096_binpkguser_id_rsa"
echo "This script $0 will open an ssh tunnel to the local mirror with the following information"
echo " Local mirror IP address = $local_mirror_ip_address Local mirror ssh port = $local_mirror_ssh_port"
echo " Local rsync port to forward = $local_rsync_port_to_forward Local mirror rsync port = $local_mirror_rsync_port"
echo "Press Enter to continue or Ctrl-C to abort"
read my_response
### start the ssh tunnel
ssh_parameters="-v -p $local_mirror_ssh_port -N -l $user_to_login_ssh -i $identity_file_location -L $local_rsync_port_to_forward:localhost:$local_mirror_rsync_port $local_mirror_ip_address"
ssh $ssh_parameters |
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Portage & Programming
