RSH or SSH & security

jphess · September 19, 2008, 3:59pm

I am wanting to run backups to remote servers ie: A to B's tape drive and B to A's tape drive. Should I use rsh or ssh? It looks as those rsh opens up security issues (the backup has to run as root). Which one should be used and does someone have the links to set up allowed connections. In what I have found, I have changes but connection repeatedly gets confused so I am unsure what I am missing. Any information would be great!

broli · September 19, 2008, 4:35pm

there are more complex solutions for backups.
you want those?
or you want to stick with what ever method you use, and find a way to (securly) automate the file transfer ?

avronius · September 19, 2008, 4:48pm

What application are you using to backup A -> B and B -> A
If you are currently using shell scripts, you should be able to update them to remove r*

If you are using a packaged application, there's a good bet that it has been updated to permit secure connections.

A few details would make helping you easier...
What OS?
What software?
What utilities do your scripts call?

jphess · September 29, 2008, 10:47am

Sorry for not replying sooner but I am a little overwhelmed....anyway

Here is the server information:

Release: 5.10
Kernel architecture: sun4u
application architecture: sparc
Hardware: Sun
Kernel Version: SunOC 5.10 Generic_127111-06

Currently, there is a shell script that runs that retrieves the file systems and then dumps to the local drive. The script is supposed to be modified to allow remote backups, but when done, it fails. I am figuring it is refusing connection or needs a password during connection. I tried opening it up for testing but I still could not get it too connect.

Unless there is free 3rd Party software, I will have to stick with running shell scripts, perl, or something similar. I am not particular, but it must stay secure of course. I not a script genius or even close. I can get by in reading them and modifying, but not writing.

Here is the script that is in place currently that is dumping locally:

#!/bin/sh -w
#
# backup.4mm - run as root to make a tape backup. Before you run this,
# you should perform a database unload or export!!
#
# $Id: backup.4mm,v 1.11 2008/01/23 14:52:16 ayohrlin Exp $
# Define Global Variables
# You should modify the following variables so that they conform to
# your system
# leave these empty for local tape drive
# for remote tape drive, put an IP address or hostname into
# REMOTE_HOST, and the user that rsh is set up for on the
# tape host should be assigned to the REMOTE_USER variable.
REMOTE_HOST=""
REMOTE_USER=""
# BACKUP_DEVICE is device path to tape drive. Be sure to use
# non-rewinding version of drive for tapes. I don't check for trailing
# n because some tape hosts IBM and HP spring to mind use a different
# method of specifying a non-rewinding version of the tape drive.
BACKUP_DEVICE="/dev/rmt/2mn"
# FILESYSTEMS - set to nothing, then all filesystems on the machine will
# be selected from the output of df. It can be set to a list of filesystems
# if you want to backup a subset of all the filesystems on the machine.
# FILESYSTEMS='/ /usr /opt'
FILESYSTEMS=""
# set ANMDIR
if [ -f /var/opt/NetBoss/netboss ]; then
. /var/opt/NetBoss/netboss
# the file above doesn't export ANMDIR and al will complain if it
# is not set inthe environment.
export ANMDIR
else
[ -f /usr/local/bin/setnetbossenv ] && eval `sed -ne '/^setenv ANMDIR /s/.ANMDIR
/ANMDIR=/p' /usr/local/bin/setnetbossenv`
[ -f /u01/app/netboss/config/setnetbossenv ] && eval `sed -ne '/^setenv ANMDIR /s/.ANMDIR /ANMDIR=/p' /u01/app/netboss/config/setnetbossenv`
# silently ignore the lack of ANMDIR in case this script is ued to back up
# a system without netboss on it.
ANMDIR=${ANMDIR:-none}
export ANMDIR
fi
# the user who receives email on the status of the dump
if [ -f $ANMDIR/misc/parameters ] ; then
NBADMIN_EMAIL=`grep "^setenv NBADMIN" $ANMDIR/misc/parameters | awk '{print
$3}' | sed -e 's/"//g'`
else
if [ "a`grep netboss /etc/passwd | sed -e 's/ /' | awk '{print $1}''`" = "anetboss" ] ; then
NBADMIN_EMAIL=netboss
else
# If netboss user does not exist, send e-mail to root user
NBADMIN_EMAIL=root
fi
fi
# set this to yes if you want to keep a logfile
USE_LOGFILE=yes
#
# end of site settings section
#
PATH=/usr/bin:/usr/sbin:$PATH
if [ -n "$ANMDIR" ]; then
LD_LIBRARY_PATH="/usr/lib:/usr/ucblib:$ANMDIR/lib"
export LD_LIBRARY_PATH
fi
HOST="`/usr/ucb/hostname`"
DUMPLEVEL="0"
DUMPOPS="${DUMPLEVEL}uf"
TODAY="`date '+%Y%m%d'`"
SEND_EMAIL=yes
RUNNUMBERFILE=/var/tmp/backup.runnumber
RUNNUMBER=`cat $RUNNUMBERFILE 2>/dev/null`
RUNNUMBER=${RUNNUMBER:-0}
STDOUT_REPORT=0;
# fixme check for ANMDIR to send al's.
if [ -d $ANMDIR/log ]; then
LOGFILE="$ANMDIR/log/backup.log.${TODAY}"
else
LOGFILE="/opt/netboss/log/backup.log.${TODAY}"
fi
TEMPFILE="/tmp/backup.templog.$$"
exit_handler(){
# don't call ourselves
trap "" 0 1 2 3 6 15
# clean up the tail
if [ ! -z "$TAIL_PID" ]; then
echo "" > $TEMPFILE
sleep 2
# kill the tail, but send the "terminated" message
# genererated by the kill to dev null since it worries people
# the message is generated by the shell, so redirect the shell's
# stderr to hide it and not the kill processes.
exec 9>&2 # save stderr to fd 9
exec 2>/dev/null # hide errors
# hide any messges from the kill process.
kill $TAIL_PID 2>/dev/null > /dev/null
exec 2>&9 # restore stderr
exec 9>&- # close fd 9
fi
# if SEND_MAIL is still set, we errored out somehow.
if [ ! -z "$SEND_EMAIL" ]; then
/usr/bin/mailx -s "FAILURE output from ufsdump" $NBADMIN_EMAIL < $TEMPFILE
if [ -f $ANMDIR/bin/al ]; then
$ANMDIR/bin/al 5 "`hostname`:backup" -text "Backup failed on `date`. See $NBADMIN_EMAIL email for further info."
fi
fi
if [ "$USE_LOGFILE" = "yes" ]; then
/usr/bin/cat ${TEMPFILE} >> ${LOGFILE}
fi
/usr/bin/rm -f ${TEMPFILE}
}
usage(){
cat <<EOF
Usage $0:
$0 [-CEhIRVv] [-F "filesystem1 filesystem2"] [-f [[user@]host:]/tape...] [-m email] [-N #]
-C - check for valid tape in drive. Do not write backups.
-E - enhanced mode, use tape labels, eject tape
-F - set the filesystems to be backed up. Space separated list of systems.
-f - set the "file" to back up to*
-h - this help*
-I - initialize a tape with a tape label
-L - define dump level (default is 0, available levels are 0-9)
-m - set space seperated email address(es) for output
($NBADMIN_EMAIL is default)*
-N - number of backup runs before a tape can be reused.
-R - include read only file systems in backup*
-S - always print status messages to stdout*
-V - attempt to verify tape by generating TOC for all filesystems
-v - verify tape label before backup (implied by -E)
-X - exclude filesystems from backup. Space seperated list of systems.*
'ed items functionality implemented.
EOF
}
BACKUP_RW="read/write"
CHECK_ONLY=0
ENHANCED_MODE=0
INITIALIZE_TAPE=0
TAPE_REUSE=1
VERIFY_LABEL=0
VERIFY_TAPE=0
# process command line arguments
while getopts CEF:f:hIlm:L:N:RSX: arg
do
case $arg in
C) CHECK_ONLY=1;;
E) ENHANCED_MODE=1; VERIFY_LABEL=1;;
F) FILESYSTEMS=$OPTARG;;
f) # parse a [user@][host:] device into user, host and device components.
# find the remote part by breaking at first :, if no :, no remote part.
# assumes that device won't have a : in it.
REMOTE_PART=`echo $OPTARG | sed -ne 's/^$[^:]*$:.$/\1/p'`
# get user by splitting at first @ sign. If no @ sign return nothing.
REMOTE_USER=`echo $REMOTE_PART | sed -ne 's/^$[^@]*$@.$/\1/p'`
# strip first substring ending with an @ sign.
REMOTE_HOST=`echo $REMOTE_PART | sed -ne 's/^[^@]@//' -e 'p'`
BACKUP_DEVICE=`echo $OPTARG | sed -ne 's/^[^:]://' -e 's/^$[^:]$$/\1/p'`
#FIXME need to check for degenerate user@device
;;
I) INITIALIZE_TAPE=1;;
L) DUMPLEVEL=$OPTARG
DUMPOPS=${DUMPLEVEL}uf;;
l) VERIFY_LABEL=1;;
m) NBADMIN_EMAIL=$OPTARG;;
N) TAPE_REUSE=$OPTARG;;
R) BACKUP_RW="read";;
S) STDOUT_REPORT=1;;
X) EXCLUDEFILESYSTEMS=$OPTARG;;
V) VERIFY_TAPE=1 ;;
v) VERIFY_LABEL=1 ;;
?|h) usage
exit 2
esac
done
trap exit_handler 0 1 2 3 6 15
# Set the filesystems if not explicitly set.
if [ -z "$FILESYSTEMS" ]; then
# get all mounted filesystems, select read/write filesystems, removing
# read only systems like cdroms. Select local mounts either regular ufs
# /dev/dsk or metadisk devices (raid) /dev/md/dsk.
#
FILESYSTEMS=`mount | grep "$BACKUP_RW" | egrep '/dev/dsk|/dev/md/dsk' | awk '{print $1}'`
fi
# apply the list of excluded filesystems
# using sed here would be nice, but this is safer since
# we test for in-equality and not just a prefix pattern
# match.
if [ -n "$EXCLUDEFILESYSTEMS" ]; then
for i in $EXCLUDEFILESYSTEMS
do
FS=""
for j in $FILESYSTEMS
do
if [ "$i" != "$j" ]; then
FS="$FS $j"
fi
done
FILESYSTEMS="$FS"
done
fi
if [ ! -z "$REMOTE_USER" ]; then
TAPEDEV=$REMOTE\_USER@$REMOTE\_HOST:$BACKUP_DEVICE
else
if [ ! -z "$REMOTE_HOST" ]; then
TAPEDEV=$REMOTE_HOST:$BACKUP_DEVICE
else
TAPEDEV=$BACKUP_DEVICE
fi
fi
#
cat >> $TEMPFILE <<EOF
###############################################
Backup Job Starting
Host: `hostname`
Date: `date`
Run: `expr $RUNNUMBER + 1`
Level: 0
Filesystems: $FILESYSTEMS
###############################################
--- REWINDING tape ---
EOF
# send output to stdout only if we are being run at a terminal.
# check to see if user is forcing reporting to stdout even if
# it is not a terminal (e.g. tee pipeline)
if [ $STDOUT_REPORT -eq 0 ]; then
if [ -t ]; then
STDOUT_REPORT=1
else
STDOUT_REPORT=0
fi
fi
if [ $STDOUT_REPORT -eq 1 ]; then
tail +0f $TEMPFILE &
TAIL_PID=$!
fi
[ ! -z "$REMOTE_USER" ] && RSH_REMOTE_USER="-l $REMOTE_USER"
if [ ! -z "$REMOTE_HOST" ]; then
rsh $RSH_REMOTE_USER $REMOTE_HOST /usr/bin/mt -f ${BACKUP_DEVICE} rewind \
>> ${TEMPFILE} 2>&1
else
/usr/bin/mt -f ${BACKUP_DEVICE} rewind \
>> ${TEMPFILE} 2>&1
fi
taperr=$?
if [ $taperr -ne 0 ]; then
echo "An Error has occurred. Tape not loaded or drive offline ($taperr)" >> $TEMPFILE
/usr/bin/mailx -s "FAILURE output from ufsdump" $NBADMIN_EMAIL < $TEMPFILE
# inhibit sending email during program exit.
SEND_EMAIL=
if [ -f $ANMDIR/bin/al ]; then
$ANMDIR/bin/al 5 "`hostname`:backup" -text "Backup failed on `date`. Tape not loaded or drive offline. See $NBADMIN_EMAIL email for further info."
fi
exit $taperr
fi
# Go through each file system and do a ufsdump
for fs in $FILESYSTEMS
do
echo "--- Dumping ${fs} to ${TAPEDEV} ---" >> ${TEMPFILE}
if [ $CHECK_ONLY -ne 1 ]; then
/usr/sbin/ufsdump ${DUMPOPS} ${TAPEDEV} ${fs} >> ${TEMPFILE} 2>&1
fi
if [ $? -ne 0 ]; then
echo "Dump of ${fs} to ${TAPEDEV} FAILED" >> ${TEMPFILE}
dumperrors=`expr ${dumperrors:-0} + 1`
fi
done
echo '--- REWINDING tape --- ' >> ${TEMPFILE}
if [ "$ENHANCED_MODE" -eq 1 ]; then
action=rewoffl
else
action=rewind
fi
if [ ! -z "$REMOTE_HOST" ]; then
rsh $RSH_REMOTE_USER $REMOTE_HOST /usr/bin/mt -f ${BACKUP_DEVICE} $action \
>> ${TEMPFILE} 2>&1
else
/usr/bin/mt -f ${BACKUP_DEVICE} $action \
>> ${TEMPFILE} 2>&1
fi
if [ ! -z "$dumperrors" ]; then
echo "Dump had $dumperrors errors" >> ${TEMPFILE}
/usr/bin/mailx -s "FAILURE output from ufsdump" $NBADMIN_EMAIL < ${TEMPFILE}
if [ -f $ANMDIR/bin/al ]; then
$ANMDIR/bin/al 4 "`hostname`:backup" -text "Backup failed on `date`. Dump reported $dumperrors errors. See $NBADMIN_EMAIL email for further info."
fi
else
/usr/bin/mailx -s "SUCCESSFUL output from ufsdump" $NBADMIN_EMAIL < ${TEMPFILE}
if [ -f $ANMDIR/bin/al ]; then
$ANMDIR/bin/al 1 "`hostname`:backup" -text "Backup successful..."
fi
echo `expr $RUNNUMBER + 1` > $RUNNUMBERFILE
fi
SEND_EMAIL=
exit ${dumperrors:-0}

Wotan31 · September 29, 2008, 11:00am

You don't have any Fibre Channel interfaces? Backing up over ethernet is .... painful.

otheus · September 29, 2008, 3:32pm

First, as others have suggested, you should look at a backup package. Free packages such as amanda or bacula should work for you. However, let's say you want to get this solution as you proposed. Both rsh and ssh are fine. SSH is more secure but is more complicated. With rsh on a LAN, you have to worry about two things: (1) Do the servers/workstations get their hostname information from anywhere other than /etc/hosts? and (2) Can someone (outside those who have 'root' access) gain physical access to the network switches or hubs? If either answer is 'yes', you need SSH.

For SSH, you need to set up a public/private key pair for the backup client (which starts the ssh) and distribute the public key to the server (where you ssh into). Look into the man pages for the proper placement of these keys. When you have it properly set up, the following should work without any other messages (warnings, errors, prompts):

host1$ ssh root@host2 hostname
host2.mydomain
host1$

Reboot · October 2, 2008, 9:38am

You can use both rsh as well as ssh for the purpose.
But using rsh can cause security risks and ssh is absolutely
secure.

During rsh datas are transfered in there original form but during
ssh datas are encripted and then transfered.

otheus · October 2, 2008, 10:00am

It's a popular myth that ssh is "absolutely secure". It is not. It is quite secure, but there are several ways to subvert its security. However, it's a lot easier to subvert the security of rsh, especially if the conditions,which I mentioned earlier, are true.