Anonymous Monk has asked for the wisdom of the Perl Monks concerning the following question:

Greetings monks,

I have two Solaris 8 machines networked via ethernet. One machine has a tape drive, the other one does not. Currently, we are using ufsdump for back up. I know that with ufsdump, I can just point to the other machine to do back up, but my boss doesn't like the fact that the connection between the machines is not encrypted. How can I encrypt that connection when dumping? Could I somehow use ssh? Is there a Perl module that can help? Thanks.

Replies are listed 'Best First'.
Re: Encrypted Dumps
by l2kashe (Deacon) on Jan 24, 2003 at 21:02 UTC
    You could use a compilation of either set A) Compress::Zlib and Net::SCP, to compress that data stream down, and then shoot it across the network fully encrypted, or B) Try and fight the beast which is Net::SSH::Perl. I have not successfully gotten Net::SSH::Perl to work consistantly and reliably on a Solaris box ranging from verions 2.6 -> 2.9. It also has massive dependacies. But if you do manage to get it working, its power is simply amazing.

    This also depends on the size of the data you are looking back up, and what standard procedure is where you are at. A non perlish solution off the top of my head is, I believe you can create an SSH tunnel from a local port to a remote port and then allow traffic across the tunnel (havent played with the tunneling in a bit, and forget how to go about defining a tunnel securely.. I.e so random joe can't make use of it). So you could ufsdump to a local port, which will encrypt the data, forward it to the remote server and decrypt all in one fell swoop.

    /* And the Creator, against his better judgement, wrote man.c */
[reply]
      I needed to use Net::SFTP which needs Net::SSH::Perl as it's prereq. I managed to get it running on Solaris 2.7 and 2.8. Out of all the modules I've ever installed, this one by far had the most dependencies and was really somewhat annoying to install. Having said that, wow, the code is impressive and I agree with you l2kashe it is very powerful. Major thankies to btrott.

      -- vek --

      2006-04-22 Retitled by Corion, as per Monastery guidelines
      Original title: 'Net::SSH::Perl'

[reply]
      I have not successfully gotten Net::SSH::Perl to work consistantly and reliably on a Solaris
      FYI, I've got this up and running (very reliably) on a Solaris 8, Ultra 10. I was in the unfortunate position where CPAN.pm wouldnt work (ACL's) so I had to download each dependency and install it manually. You're right about it being a beast, it really was a massive PIA, but after about 4 hours it was working...
[reply]
Re: Encrypted Dumps
by meetraz (Hermit) on Jan 24, 2003 at 20:07 UTC
    I would recommend STunnel if ufsdump uses a TCP connection. It will channel the data through SSL. You'll need to install it on both machines.

    The same thing could probably be done in perl, but probably not as fast to set up, or as effecient in the encryption.

[reply]
Re: Encrypted Dumps
by DaveH (Monk) on Jan 26, 2003 at 12:48 UTC

    Hi.

    I found this article, which seems to fit the requirements:

    Secure Backups on Solaris Internet Servers

    It discusses using SSH and ufsdump to back up servers securely. I hope that helps

    Cheers,

    -- Dave :-)

    $q=[split+qr,,,q,~swmi,.$,],+s.$.Em~w^,,.,s,.,$&&$$q[pos],eg,print
[reply]
[d/l]
Re: Encrypted Dumps
by DamnDirtyApe (Curate) on Jan 26, 2003 at 00:16 UTC

    I don't know anything about ufsdump, but you may be able to leverage ssh's port forwarding capabilities to your advantage. Take a look at the ssh man page, as well as this article (it's actually about printing over ssh, but it uses port forwarding and is well explained.)

    HTH...


    _______________
    DamnDirtyApe 
    Those who know that they are profound strive for clarity. Those who
would like to seem profound to the crowd strive for obscurity.
            --Friedrich Nietzsche
[reply]

Back to Seekers of Perl Wisdom