Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: how do i specify a port number in rdiff-backup?

  1. #1
    Join Date
    Jan 2010
    Location
    Wheeling WV USA
    Beans
    1,114
    Distro
    Xubuntu 18.04 Bionic Beaver

    how do i specify a port number in rdiff-backup?

    my server operates sshd on an obscure port number and not on the standard port 22. this has eliminated flooding my log file with lame password attempts (they have been disabled for years). i can specify a port with -p on ssh and with -e on rsync. i'm trying to set up rdiff-backup to see if works as well as the backup script i wrote many years ago (has worked well with no changes for years). a review of rdiff-backup documentation shows a lot of nice features mine does not have, but i can't tell from that if any features are missing, besides being able to set the port number. if there is a way to set the port number, that might let me actually use rdiff-backup.

    hint: the port number i use is not 1728
    What do you call someone who speaks three languages? Trilingual. Two languages? Bilingual. One language? American.

  2. #2
    Join Date
    Dec 2014
    Beans
    1,124

    Re: how do i specify a port number in rdiff-backup?

    Found after three minutes of googling: https://www.mail-archive.com/rdiff-b.../msg02169.html

    Holge

  3. #3
    Join Date
    Aug 2016
    Location
    Wandering
    Beans
    Hidden!
    Distro
    Xubuntu Development Release

    Re: how do i specify a port number in rdiff-backup?

    Unless I miss-read you, will something like this work for you?
    Code:
    rdiff-backup /source/dir "-p 1234 user@host.com"::/remote/dir
    Include the correct paths & -p# (port number)
    With realization of one's own potential and self-confidence in one's ability, one can build a better world.
    Dalai Lama>>
    Code Tags

  4. #4
    Join Date
    Jan 2010
    Location
    Wheeling WV USA
    Beans
    1,114
    Distro
    Xubuntu 18.04 Bionic Beaver

    Re: how do i specify a port number in rdiff-backup?

    if rsync constructs the ssh command before tokenizing, that could work. but i can also see general exploit exposure if it works that way. that's why all my programs construct commands in a pre-tokenized state.
    What do you call someone who speaks three languages? Trilingual. Two languages? Bilingual. One language? American.

  5. #5
    Join Date
    Mar 2010
    Location
    Squidbilly-Land
    Beans
    17,144
    Distro
    Ubuntu Mate 16.04 Xenial Xerus

    Re: how do i specify a port number in rdiff-backup?

    I don't specify the port. It is picked up by the ~/.ssh/config setting for the ssh connection.

    Set the stanza for the backup connection in that file with the alias, userid, port and it will be picked up.
    Since it is a backup, I assume you are using a root or root-equiv account for the connection and running from root or root-equiv account.

    The backup server /root/.ssh/config file contains this
    Code:
    host hadar-backups
      user backup684
      hostname 199.101.32.163
      port 61200
    So the bonehead simple rdiff-backup command to "pull" backups for /etc/ looks like this:
    Code:
    # rdiff-backup  --exclude-special-files   hadar-backups::/etc/    /Backups/hadar/etc/
    The backup684 userid on 199.101.32.163 has a uid of 0, it is root-equiv. It only allows connections from my backup server for that account. The root -to- backup684@199.101.32.163 ssh-keys were exchanged already. Passwords aren't allowed to that account.

    All ssh, scp, sftp, rsync, and any other ssh or rsync-based tools will honor that config file. No need to remember ports usernames or IPs/funky hostnames for about 20 yrs. Want to use different ports or different accounts for different reasons? Add more "host" stanzas. The "host" is just the alias you want to use. You'll never need to hunt for ports or IPs again.
    Last edited by TheFu; 1 Week Ago at 02:12 AM. Reason: need ::/ for this to work. Tested.

  6. #6
    Join Date
    Dec 2014
    Beans
    1,124

    Re: how do i specify a port number in rdiff-backup?

    The posts in the rdiff-backup mailing-list I linked to earlier give two ways to do it: either set your ssh client to always connect to this server on a specific port or pass rdiff-backup a new schema for constructing the ssh command.

    Holger

  7. #7
    Join Date
    Jan 2010
    Location
    Wheeling WV USA
    Beans
    1,114
    Distro
    Xubuntu 18.04 Bionic Beaver

    Re: how do i specify a port number in rdiff-backup?

    i use 4 different ports, one for root, one for sudo users, and the third for other users. oh, wait, that's only 3. the fourth is for guest users. i have not figured out how to configure ssh to choose by destination user.
    What do you call someone who speaks three languages? Trilingual. Two languages? Bilingual. One language? American.

  8. #8
    Join Date
    Mar 2010
    Location
    Squidbilly-Land
    Beans
    17,144
    Distro
    Ubuntu Mate 16.04 Xenial Xerus

    Re: how do i specify a port number in rdiff-backup?

    Quote Originally Posted by Skaperen View Post
    i use 4 different ports, one for root, one for sudo users, and the third for other users. oh, wait, that's only 3. the fourth is for guest users. i have not figured out how to configure ssh to choose by destination user.
    Multiple stanzas in the ~/.ssh/config file, each with a different alias that has different ports listed. I'm confused as to why you'll have different ports based on user and not based on forced program by the ssh authorized_hosts key? Perhaps I'm missing something?

    Explicitly:
    Code:
    host hadar-backups
      user backup684
      hostname 199.101.32.163
      port 61200
    host hadar-general
      hostname 199.101.32.163
      port 61201
    
    host hadar-amz
      hostname 199.101.32.163
      port 61202
    
    host icarus-backups
      user backup855
      hostname icarus.example.com
      port 60022
    
    host steves
       hostname any-long.aws-east.amazon.com
    That all goes into a single file. Only the host parts need to be unique. user is optional. port is optional. If the hostname isn't provided then the host will be attempted. Hostname can be DNS or IP. We can add specific keyfiles to each stanza as well or any valid option that is documented in the ssh_config file manpage.

    If you are using non-standard ports at all, you should be using this config file. The file makes documenting all ssh connections built-in and we don't need to keep track of them in our heads or scripts, beyond the "host" entry.


    I really hope everyone here is using ssh-copy-id and ssh-keygen -t ed25519 to create more secure keys and copy those public keys to other systems without pain.
    Last edited by TheFu; 1 Week Ago at 04:33 PM.

  9. #9
    Join Date
    Jan 2010
    Location
    Wheeling WV USA
    Beans
    1,114
    Distro
    Xubuntu 18.04 Bionic Beaver

    Re: how do i specify a port number in rdiff-backup?

    the different ports are a form of security compartmentalization (c18n). each is a different configuration. each is restricted in various ways i can't do on a common port. for example, 3 of them do not allow root access. and the one that does is limited to the two hosts that pull backups.
    What do you call someone who speaks three languages? Trilingual. Two languages? Bilingual. One language? American.

  10. #10
    Join Date
    Mar 2010
    Location
    Squidbilly-Land
    Beans
    17,144
    Distro
    Ubuntu Mate 16.04 Xenial Xerus

    Re: how do i specify a port number in rdiff-backup?

    Quote Originally Posted by Skaperen View Post
    the different ports are a form of security compartmentalization (c18n). each is a different configuration. each is restricted in various ways i can't do on a common port. for example, 3 of them do not allow root access. and the one that does is limited to the two hosts that pull backups.
    sshd_config can do that using the match user or/and match address, but whatever works for you is great. Having the firewall control port access never hurts too. Most long-time daemons support tcp-wrappers too.

Page 1 of 2 12 LastLast

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •