Section 3.14. Using ssh or rsh as a Conduit Between Systems

3.14. Using ssh or rsh as a Conduit Between Systems

This section explains how to use ssh or rsh as a conduit between systems, especially when combined with the functionality of dd and some of the other commands that can read or write to stdin. Even if your backup tool supports remote devices, such as rdump, it usually does so using rsh authentication. If you understand this section, you could use ssh instead, bringing more security to your backups.

Most other backup commands can only read or write from stdin, whereas dd can do both at the same time. This makes dd very versatile and the only native backup utility that can be used to pass a stream of data from one command to another or from one system to a device on another system, using rsh or ssh. This can work either way.

If you want to read a backup on a remote device, the restore, GNU tar, and GNU cpio commands can read the remote device by simply giving it remote_host:remote_device as the device name. However, the native versions of tar and cpio do not support such an option. To do this, you simply rsh or ssh a dd command to the remote system and read its data stream on the local system.

# rsh remote_host "dd if=device ibs=blocksize"| tar xvBf -

Remember that when reading a tape volume using dd, you normally have to specify a block size. If you do not, it uses a block size of 512, which generates an I/O error unless the tape volume was written with that block size. Also notice the quotes around the remote dd command. In this command, the quotes are actually not necessary, because the pipe is executed on the local system. In other, more complicated commands, such as one where there is a pipe to be executed on the remote system, placing quotes around the remote command makes things work properly. (In this instance, they merely makes it more readable.)

Writing a backup to a remote device is a bit trickier. You may have to create a subshell^[] with embedded rsh and dd commands and pipe the output of the local backup command to that:

] Your mileage will vary. Not all versions of Unix require you to create a subshell.

# tar cvf - . \  |(rsh remote_system dd of=device obs=block_size)

Putting parentheses around the remote command creates the subshell. Notice that you must specify the remote block size, and you need to be careful when doing so. If you want to create a volume that can be read by tar, make sure you use a block size that tar can understand, such as 10,240. (This is usually the biggest block size tar can read or write, and this is done by specifying a blocking factor of 20 in tar.)

If you are not able to use rsh, you may look into using ssh as a drop-in replacement for rsh. The ssh command uses a much more secure authentication mechanism and allows you to use the same type of commands rsh does without the security holes that rsh opens. However, using the remote device feature of GNU tar, GNU cpio, or dump assumes the use of rsh. If you are not allowed to use rsh but can use ssh, you can use commands like the following to integrate dump, tar, and cpio with ssh.

To read tapes on remote hosts:

# ssh remote_host "dd if=device bs=blocksize"| tar xvBf - # ssh remote_host "dd if=device bs=blocksize" \  | restore rvf - # ssh remote_host "dd if=device bs=blocksize"| cpio -itv

To create backup tapes on remote hosts:

# dump 0bdsf 64 100000 100000 - \   | ssh remote_host "dd if=device bs=64k" # tar cvf - | ssh remote_host "dd if=device bs=10k" # cpio -oacvB | ssh remote_host "dd if=device bs=5k"

Some commands work with ssh if you just change the rsh environment variable to /usr/bin/ssh.

BackupCentral.com has a wiki page for every chapter in this book. Read or contribute updated information about this chapter at http://www.backupcentral.com.