Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
[solved] (using ssh tunnel) local mirror and binhost via ssh
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Portage & Programming
View previous topic :: View next topic  
Author Message
jonathan183
Apprentice
Apprentice


Joined: 13 Dec 2011
Posts: 257

PostPosted: Mon Jun 19, 2017 2:22 pm    Post subject: [solved] (using ssh tunnel) local mirror and binhost via ssh Reply with quote

I want to setup a PC in order to serve portage snapshots locally and serve binary packages.
I would like to do this via ssh rather than a webserver.
Looking at the wiki for binary packages SSH_binary_package_host this seems to have the relevant information I need.
Looking at the local mirror information Local_Mirror this appears to use rsync.

I have been able to setup a binhost to serve packages over ssh.
If I enable root on the binhost I can use keys to login. On the binhost /etc/ssh/sshd_config I have
Code:
Protocol 2
Port 18022
PubkeyAuthentication yes
PasswordAuthentication no
PermitRootLogin prohibit-password


I have cat my clients root public key onto the binhost /root/.ssh/authorized_keys

In the clients /etc/portage/make.conf I have
Code:
PORTAGE_RSYNC_EXTRA_OPTS="--progress -e \"ssh -p 18022 -l root -i /root/.ssh/id_rsa \""
PORTAGE_BINHOST="ssh://root@192.168.1.2:18022/usr/portage/packages"


I setup the client ssh key using ssh-keygen and set a password. The arrangement works but I am prompted for the password both when I run
Code:
emerge --sync
on the client, and when I run
Code:
emerge -avuDNfgk @world
before each binary package is downloaded from the binhost to the client.

I could generate a new key for the client without a password, but root access without a password does not sound like a great way to go.
Is there a better way of doing this which still uses ssh for --sync ?
Following the wiki information allows binary packages with a binpkguser via ssh but does not use ssh for the emerge --sync


Last edited by jonathan183 on Sat Jul 08, 2017 10:28 am; edited 1 time in total
Back to top
View user's profile Send private message
Jaglover
Watchman
Watchman


Joined: 29 May 2005
Posts: 5690
Location: Saint Amant, Acadiana

PostPosted: Mon Jun 19, 2017 2:30 pm    Post subject: Reply with quote

I haven't checked, but shouldn't all this be owned by portage:portage? Why root?
_________________
Please learn how to denote units correctly!

Political Correctness is all about replacing imaginary injustice with real injustice.
Back to top
View user's profile Send private message
Frautoincnam
n00b
n00b


Joined: 19 May 2017
Posts: 26

PostPosted: Mon Jun 19, 2017 11:12 pm    Post subject: Re: local mirror and binhost via ssh Reply with quote

jonathan183 wrote:
I would like to do this via ssh rather than a webserver.

That's not your question but you can use rsync too :
Code:
PORTAGE_BINHOST="rsync://your.binhost.server/gentoo-distbin"
Back to top
View user's profile Send private message
szatox
Veteran
Veteran


Joined: 27 Aug 2013
Posts: 1409

PostPosted: Tue Jun 20, 2017 12:19 am    Post subject: Reply with quote

Quote:
I could generate a new key for the client without a password, but root access without a password does not sound like a great way to go.
Yes, it does. The whole point of using keys is to replace passwords.
You can protect your keys by encrypting them on different layer, like in encrypting your /home for example.
Or, you could try using SSH agent. I never tried doing exactly this, but I expect it to work: start ssh-agent on your client, then ssh-add ./your/encrypted/key
It should prompt you for key's password, decrypt the key, store it in agent, and keep using it until you remove it (usually by killing the agent when you log out)
Note: ssh-agent will print necessary environmental variables to std-out. You have to set them and export them in your session, or run your command from ssh-agent itself to let it set the variables for you.
Back to top
View user's profile Send private message
Hu
Moderator
Moderator


Joined: 06 Mar 2007
Posts: 10932

PostPosted: Tue Jun 20, 2017 1:31 am    Post subject: Reply with quote

You can and, for faceless keys should, configure the sshd to restrict the commands that can be run by a client that authenticates with that key. Properly configured, this would mean that the only thing recipients could do is download the files that this binhost is meant to serve, at which point the need to password-protect the key is greatly reduced.

I concur with Jaglover. The key ought to authenticate as an unprivileged user such as portage, to further confine the actions taken by clients using it.
Back to top
View user's profile Send private message
jonathan183
Apprentice
Apprentice


Joined: 13 Dec 2011
Posts: 257

PostPosted: Thu Jun 29, 2017 11:39 am    Post subject: Reply with quote

I don't want to use root but the only way I have found so far to get emerge --sync to use ssh in combination with rsync is putting in clients make.conf
Code:
PORTAGE_RSYNC_EXTRA_OPTS="--progress -e \"ssh -p 18022 -l root -i /root/.ssh/id_rsa \""


root works, other users do not. I picked up the root bit from this thread

I was thinking there might be a way of setting up an ssh tunnel and then forcing emerge to use it for sync and pulling binary packages, if I can do that without use of root then all the better - I just have not been able to figure it out yet :oops:

... ssh-agent might save me typing in the password for the key each time but not having to use root in the first place would be better ...
Back to top
View user's profile Send private message
Hu
Moderator
Moderator


Joined: 06 Mar 2007
Posts: 10932

PostPosted: Fri Jun 30, 2017 12:10 am    Post subject: Reply with quote

What ways have you tried to use non-root? What were their failure modes? There are many ways to do things wrong, so it could take quite a while for us to guess which mistake(s) you have made (and which ones you already solved).
Back to top
View user's profile Send private message
jonathan183
Apprentice
Apprentice


Joined: 13 Dec 2011
Posts: 257

PostPosted: Fri Jun 30, 2017 10:01 pm    Post subject: Works when using ssh tunnel Reply with quote

OK I had a go at setting this up from scratch on another system, with the outcome that I have eventually got things working via ssh but not quite how I would like. I have outlined below what I did.

Setup Rsync host using port 873
From the wiki page Local_Mirror

Setup rsync server as the wiki page, my server has private IP 192.168.1.2 and the client will have IP 192.168.1.3.
FILE /etc/rsyncd.conf
Code:
pid file = /var/run/rsyncd.pid
max connections = 5
use chroot = yes
read only = yes
uid = nobody
gid = nobody
timeout = 300

### host allow and deny information - comment out for testing next 2 lines
#hosts allow = 192.168.1.3
#host deny = *

[gentoo-portage]
path=/usr/portage
comment=Gentoo Portage
exclude=distfiles/ packages/


Start rsyncd on the server using
Code:
/etc/init.d/rsyncd restart


On the client
FILE /etc/portage/repos.conf/gentoo.conf
Code:
[gentoo]
location = /usr/portage
sync-type = rsync

### next line for rsync using port 873
sync-uri = rsync://192.168.1.2/gentoo-portage

### uncomment next line for rsync via ssh tunnel in my case used 8873
#sync-uri = rsync://localhost:8873/gentoo-portage

auto-sync = yes


With port 873 open
Code:
emerge --sync
from the client results in:
Code:
>>> Syncing repository 'gentoo' into '/usr/portage'...
receiving incremental file list
timestamp.chk
             32 100%   31.25kB/s    0:00:00 (xfr#1, to-chk=0/1)

... removed some of the output ...

Action: sync for repo: gentoo, returned code = 0

So this confirmed local mirror rsync functioned using port 873.

Setup binpkguser on the client and create a key pair
Next create a user called binpkguser, on the client
Code:
useradd -d /home/Gentoo/binpkguser -m -u 1800 -g 250 -s /bin/bash binpkguser


Switch to binpkguser on the client and create a key pair using
Code:
cd ~/.ssh
ssh-keygen

Changing the key name to something more meaningful to me in this case toshiba_laptop_binpkguser_id_rsa

Setup binpkguser on the server and add to authorized keys
Create a user called binpkguser on the server, in this case using identical command to client above.
Copy from the client /home/Gentoo/binpkguser/.ssh/toshiba_laptop_binpkguser_id_rsa.pub to the server same file name.
Then on the server add the key to authorized keys file using
Code:
cat /home/Gentoo/binpkguser/.ssh/toshiba_laptop_binpkguser_id_rsa.pub >> /home/Gentoo/binpkguser/.ssh/authorized_keys

So now I have a binpkguser on both the client and server in group portage.

Configure ssh and portage binhost to use port 18022
On the client modify make.conf, setting up PORTAGE_BINHOST for SSH access on port 18022
Code:
PORTAGE_BINHOST="ssh://binpkguser@192.168.1.2:18022/usr/portage/packages"


On the server configure sshd to listen on port 18022, use protocol 2, disable password login, and enable key based authentication.
File /etc/ssh/sshd_config
Code:
Protocol 2
Port 18022
RSAAuthentication yes
PubkeyAuthentication yes
PasswordAuthentication no
PermitRootLogin prohibit-password


Note - odd behaviour if RSAAuthentication is not present, not accepted until some form of authentication is used (such as password), after that accepted until system shutdown. I think this caused some additional confusion for me first time round :roll:

Start sshd on the server using
Code:
/etc/init.d/sshd restart
The warning when starting sshd indicates RSAAuthentication is depreciated so need sort this out later.

So now I should be able to ssh from the client using port 18022, I can check this on the client
Code:
ssh -v -p 18022 binpkguser@192.168.1.2
and get the prompt to add unknown host followed by connection over ssh, Ctrl-d can be used to exit the ssh session.

Rsync via ssh on port 18022 - with firewall active
Next close port 873 on the server firewall but allow port 18022, so rsync can only work via ssh port.
Now can check that I can pull a binary package from the server, on the client
Code:
emerge -avfgk @world

check for one package then terminate the emerge operation.

Despite several attempts with PORTAGE_RSYNC_EXTRA_OPTS including below, I could not get rsync via ssh. This did work on the previous system replacing binpkguser with root.
Code:
PORTAGE_RSYNC_EXTRA_OPTS="--progress -e \"ssh -p 18022 -l binpkguser -i /home/Gentoo/binpkguser/.ssh/toshiba_laptop_binpkguser_id_rsa \""


I did however get emerge --sync to work by opening another virtual console on the client, login as binpkguser and setting up an ssh tunnel with
Code:
ssh -v -p 18022 -fN -l binpkguser -i /home/Gentoo/binpkguser/.ssh/toshiba_laptop_binpkguser_id_rsa -L 8873:localhost:873 192.168.1.2


With a modification to FILE /etc/portage/repos.conf/gentoo.conf
Code:
[gentoo]
location = /usr/portage
sync-type = rsync

### next line for rsync using port 873
#sync-uri = rsync://192.168.1.2/gentoo-portage

### uncomment next line for rsync via ssh tunnel in my case used 8873
sync-uri = rsync://localhost:8873/gentoo-portage

auto-sync = yes


To do
The above allows non-root user binpkguser to start the ssh tunnel etc however there are still a few things I need to do.

1. Sort out warning message when starting sshd on the server
Code:
/etc/ssh/sshd_config line 138: Deprecated option RSAAuthentication

2. Sort out suitable method for creating and stopping ssh tunnel which does not involve ps -ax | grep ssh followed by kill ...
Code:
#!/bin/bash

### use this script with emerge --sync
local_mirror_ip_address='192.168.1.2'
local_mirror_ssh_port=18022
local_rsync_port_to_forward=8873
local_mirror_rsync_port=873
user_to_login_ssh=binpkguser
identity_file_location="/home/Gentoo/binpkguser/.ssh/toshiba_laptop_binpkguser_id_rsa"

echo "This script $0 will open an ssh tunnel to the local mirror with the following information"
echo " Local mirror IP address = $local_mirror_ip_address  Local mirror ssh port = $local_mirror_ssh_port"
echo " Local rsync port to forward = $local_rsync_port_to_forward  Local mirror rsync port = $local_mirror_rsync_port"
echo "Press Enter to continue  or Ctrl-C to abort"
read my_response

### start the ssh tunnel
#ssh -v -p 18022 -fN -l binpkguser -i /home/Gentoo/binpkguser/.ssh/toshiba_laptop_binpkguser_id_rsa -L 8873:localhost:873 192.168.1.2
        ssh_parameters="-v -p $local_mirror_ssh_port -fN  -l $user_to_login_ssh -i $identity_file_location -L $local_rsync_port_to_forward:localhost:$local_mirror_rsync_port $local_mirror_ip_address"
        ssh $ssh_parameters

ps -ax | grep "ssh -v"
echo "Dont forget to run kill (pid for ssh -v -p .....) when rsync complete ;-)"


Thanks to all for your input 8)

Ed: mv authorized_keys to authorized_keys2 allows login without RSAAuthentication yes in sshd_config
and using -N rather than -fN allows closing of the tunnel with Ctrl-c after the sync is complete

Ed2: On the client I also had to copy the binpkguser private key to /root/.ssh folder and symlink /root/.ssh/id_rsa to it for binary packages to be pulled from the host.


Last edited by jonathan183 on Sat Jul 08, 2017 2:11 pm; edited 5 times in total
Back to top
View user's profile Send private message
Hu
Moderator
Moderator


Joined: 06 Mar 2007
Posts: 10932

PostPosted: Sat Jul 01, 2017 12:36 am    Post subject: Reply with quote

Why are you using an ssh tunnel? Tell us what went wrong when you tried to get Portage to use rsync-over-ssh so we can fix that.
Back to top
View user's profile Send private message
jonathan183
Apprentice
Apprentice


Joined: 13 Dec 2011
Posts: 257

PostPosted: Sat Jul 01, 2017 10:23 am    Post subject: Reply with quote

Hu wrote:
Why are you using an ssh tunnel? Tell us what went wrong when you tried to get Portage to use rsync-over-ssh so we can fix that.


With /etc/portage/repos.conf/gentoo.conf containing
Code:
### using local mirror and rsync port 873 uncomment next line
sync-uri = rsync://192.168.1.2/gentoo-portage


and client /etc/portage/make.conf containing
Code:
PORTAGE_RSYNC_EXTRA_OPTS="-e \"ssh -v -p 18022 -l binpkguser -i /home/Gentoo/binpkguser/.ssh/toshiba_laptop_binpkguser_id_rsa \" "


Trying an emerge --sync on the client gives output
Code:
>>> Syncing repository 'gentoo' into '/usr/portage'...
OpenSSH_7.5p1-hpn14v12, OpenSSL 1.0.2k  26 Jan 2017
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to 192.168.1.2 [192.168.1.2] port 18022.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /home/Gentoo/binpkguser/.ssh/toshiba_laptop_binpkguser_id_rsa type 1
debug1: key_load_public: No such file or directory
debug1: identity file /home/Gentoo/binpkguser/.ssh/toshiba_laptop_binpkguser_id_rsa-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.5p1-hpn14v12
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.5p1-hpn14v12
debug1: match: OpenSSH_7.5p1-hpn14v12 pat OpenSSH* compat 0x04000000
debug1: Authenticating to 192.168.1.2:18022 as 'binpkguser'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: AUTH STATE IS 0
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: REQUESTED ENC.NAME is 'chacha20-poly1305@openssh.com'
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: REQUESTED ENC.NAME is 'chacha20-poly1305@openssh.com'
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:Rua/Il67Xyhc/v1RLwrk59lhVqh4FQSVz9tKt+iCTsc
debug1: Host '[192.168.1.2]:18022' is known and matches the ECDSA host key.
debug1: Found key in /root/.ssh/known_hosts:2
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/Gentoo/binpkguser/.ssh/toshiba_laptop_binpkguser_id_rsa
debug1: Server accepts key: pkalg rsa-sha2-512 blen 279
debug1: Authentication succeeded (publickey).
Authenticated to 192.168.1.2 ([192.168.1.2]:18022).
debug1: Final hpn_buffer_size = 2097152
debug1: HPN Disabled: 0, HPN Buffer Size: 2097152
debug1: channel 0: new [client-session]
debug1: Enabled Dynamic Window Scaling
debug1: Requesting no-more-sessions@openssh.com
debug1: Entering interactive session.
debug1: pledge: network
debug1: client_input_global_request: rtype hostkeys-00@openssh.com want_reply 0
debug1: Sending environment.
debug1: Sending env LC_ALL = en_GB
debug1: Sending env LC_MESSAGES = C
debug1: Sending env LANG = en_GB
debug1: Sending command: rsync --server --daemon .
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
debug1: client_input_channel_req: channel 0 rtype eow@openssh.com reply 0
debug1: channel 0: free: client-session, nchannels 1
debug1: fd 0 clearing O_NONBLOCK
debug1: fd 1 clearing O_NONBLOCK
debug1: fd 2 clearing O_NONBLOCK
Transferred: sent 2932, received 3028 bytes, in 0.1 seconds
Bytes per second: sent 20003.5, received 20658.5
debug1: Exit status 1
rsync: did not see server greeting
rsync error: error starting client-server protocol (code 5) at main.c(1648) [Receiver=3.1.2]

 * IMPORTANT: 6 config files in '/etc' need updating.
 * See the CONFIGURATION FILES and CONFIGURATION FILES UPDATE TOOLS
 * sections of the emerge man page to learn how to update config files.

 * IMPORTANT: 1 news items need reading for repository 'sakaki-tools'.
 * IMPORTANT: 20 news items need reading for repository 'gentoo'.
 * Use eselect news read to view new items.


Action: sync for repo: gentoo, returned code = 1

 * An update to portage is available. It is _highly_ recommended
 * that you update portage now, before any other packages are updated.

 * To update portage, run 'emerge --oneshot portage' now.


with error output
Code:
!!! Exhausted addresses for 192.168.1.2
Back to top
View user's profile Send private message
jonathan183
Apprentice
Apprentice


Joined: 13 Dec 2011
Posts: 257

PostPosted: Thu Jul 13, 2017 11:44 pm    Post subject: Using ssh tunnel for --sync and ssh for binpackages Reply with quote

I managed to getting things working with ssh tunnel for rsync and pulling packages using binpkguser, using an ssh tunnel to rsync the portage tree.
I think the following steps are in the correct order, I will check when I set up my next client. If I manage to setup emerge --sync without the ssh tunnel I will include it in a later post in this thread.

Values I am using are:-
Port 8873 for the ssh tunnel to 873 on the binhost for rsync, binhost is setup to use the standard rsync port 873.
The binhost server has private IP 192.168.1.2 and the client has IP 192.168.1.3.
SSH will be using non standard port 18022, requiring sshd on the binhost to be setup to listen to port 18022.
Optional standard ports 22 for ssh and 873 for rsync will be blocked using firewall on the client and binhost (I do this with a script to configure iptables - not included in this post).
binpkguser is a user with UID 1800 on both the server and client, in the portage group (250), and with a home folder /home/Gentoo/binpkguser.
publickey authentication is used with rsa keys (I also switched to 4096 bit keys since the previous post).

Setup Rsync host using standard port 873
From the wiki page Local_Mirror

This is the binhost server on IP 192.168.1.2 - FILE /etc/rsyncd.conf
Code:
pid file = /var/run/rsyncd.pid
max connections = 5
use chroot = yes
read only = yes
uid = nobody
gid = nobody
timeout = 300

### optional host allow and deny information - can deny rsync as tunnel uses localhost
host deny = *

[gentoo-portage]
path=/usr/portage
comment=Gentoo Portage
exclude=distfiles/ packages/


Start rsyncd on the server using
Code:
/etc/init.d/rsyncd restart


Setup Rsync client using port 8873 rather than standard port 873

On the client on IP 192.168.1.3 - FILE /etc/portage/repos.conf/gentoo.conf
Code:
[gentoo]
location = /usr/portage
sync-type = rsync

### rsync via ssh tunnel in my case used 8873
sync-uri = rsync://localhost:8873/gentoo-portage

auto-sync = yes


Setup binpkguser on the client and create a key pair
Next create a user called binpkguser, on the client
Code:
useradd -d /home/Gentoo/binpkguser -m -u 1800 -g 250 -s /bin/bash binpkguser


Switch to binpkguser on the client and create a key pair using
Code:
cd ~/.ssh
ssh-keygen -b 4096 -t rsa

Changing the key name to something more meaningful to me in this case Toshiba_Laptop_4096_binpkguser_id_rsa
I also created an id_rsa symlink using
Code:
ln -s Toshiba_Laptop_4096_binpkguser_id_rsa id_rsa
although I am not sure it is necessary for the binpkguser on the client.

Setup binpkguser on the server and add to authorized keys
Create a user called binpkguser on the server, in this case using identical command to client above.
Copy from the client /home/Gentoo/binpkguser/.ssh/Toshiba_Laptop_4096_binpkguser_id_rsa.pub to the server same file name.
Then on the server add the key to authorized keys file using
Code:
cat /home/Gentoo/binpkguser/.ssh/Toshiba_Laptop_4096_binpkguser_id_rsa.pub >> /home/Gentoo/binpkguser/.ssh/authorized_keys2

So now I have a binpkguser on both the client and server in group portage.

Configure ssh and portage binhost to use port 18022
On the client modify make.conf, setting up PORTAGE_BINHOST for SSH access on port 18022
Code:
PORTAGE_BINHOST="ssh://binpkguser@192.168.1.2:18022/usr/portage/packages"


Although rsync will work via the ssh tunnel unless the next step is completed downloading of packages does not happen. On the client copy the private key to root ssh folder, and create an id_rsa symlink as root
Code:
cp /home/Gentoo/binpkguser/.ssh/Toshiba_Laptop_4096_binpkguser_id_rsa /root/.ssh/
cd /root/.ssh
ln -s Toshiba_Laptop_4096_binpkguser_id_rsa id_rsa


On the server configure sshd to listen on port 18022, use protocol 2, disable password login, and enable key based authentication. On binhost on IP 192.168.1.2 File /etc/ssh/sshd_config
Code:
Protocol 2
Port 18022
PubkeyAuthentication yes
PasswordAuthentication no

Note - RSAAuthentication is not required provided key is present in authorized_keys2 file.

Start sshd on the server using
Code:
/etc/init.d/sshd restart


So now I should be able to ssh from the client using port 18022, I can check this on the client
Code:
ssh -v -p 18022 binpkguser@192.168.1.2
and get the prompt to add unknown host followed by connection over ssh, Ctrl-d can be used to exit the ssh session.

Rsync via ssh on port 18022 - with firewall active
Next close port 873 on the server firewall but allow port 18022, so rsync can only work via ssh port.
Now can check that I can pull a binary package from the server, on the client
Code:
emerge -aveGf @world

check for one package then terminate the emerge operation.

Information in PORTAGE_RSYNC_EXTRA_OPTS can be blank etc, I have in /etc/portage/make.conf
Code:
PORTAGE_RSYNC_EXTRA_OPTS="--progress"


To use emerge --sync first open an ssh tunnel on the client on IP 192.168.1.3, login as binpkguser and setting up an ssh tunnel with
Code:
ssh -v -p 18022 -l binpkguser -i /home/Gentoo/binpkguser/.ssh/Toshiba_Laptop_4096_binpkguser_id_rsa -L 8873:localhost:873 192.168.1.2


Then as your regular admin user on the client you can run
Code:
sudo emerge --sync
or
Code:
emerge --sync
as root on the client.

I use a script to setup the ssh tunnel from the client, leave the tunnel open until emerge --sync is complete and then use Ctrl-c to close the ssh tunnel.
Code:
#!/bin/bash

### use this script with emerge --sync
local_mirror_ip_address='192.168.1.2'
local_mirror_ssh_port=18022
local_rsync_port_to_forward=8873
local_mirror_rsync_port=873
user_to_login_ssh=binpkguser
identity_file_location="/home/Gentoo/binpkguser/.ssh/Toshiba_Laptop_4096_binpkguser_id_rsa"

echo "This script $0 will open an ssh tunnel to the local mirror with the following information"
echo " Local mirror IP address = $local_mirror_ip_address  Local mirror ssh port = $local_mirror_ssh_port"
echo " Local rsync port to forward = $local_rsync_port_to_forward  Local mirror rsync port = $local_mirror_rsync_port"
echo "Press Enter to continue  or Ctrl-C to abort"
read my_response

### start the ssh tunnel
        ssh_parameters="-v -p $local_mirror_ssh_port -N -l $user_to_login_ssh -i $identity_file_location -L $local_rsync_port_to_forward:localhost:$local_mirror_rsync_port $local_mirror_ip_address"
        ssh $ssh_parameters
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Portage & Programming All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum