From: dann f. <da...@de...> - 2003-07-20 22:10:50
|
There is definitely a lacking of ssh information in the manual, so how about I add this in the Usage chapter, in its own section? Brian: is what Anton describes currently the recommended procedure? On Thu, Jul 17, 2003 at 11:22:41PM +1200, Anton Smith wrote: > Solved this for myself, and thought I'd post it here for everyone else. > > (just a reminder, this is for pulling images across to your server via ssh). > > 1) run prepareclient on your goldenclient as you usually do. Immediately after it starts, ps -ef | grep for rsync and kill the daemon it started. Take note of the config file it used, most likely it will be in /tmp. > 2) edit the rsync config file from above, and under [root], change it so it looks like this: > > auth users root > path = / > hosts allow = clientsiphere > hosts deny = * > > This locks it down so that only root can log in and so that the only host that can connect is the client itself (we will be ssh tunneling so the packets will appear to come from the client itself, which is why this works). > > 3) run "rsync --daemon --config-file /tmp/rsyncd.conf.xxxxx". Tail /var/log/syslog to make sure the daemon came up okay and didn't complain about any of your new config changes (if it ignores any of your security lines then it will be listening for any host, which is a bad [tm] thing). > > All of the following is on your image server: > > 4) Bring up the ssh tunnel: ssh -C -L localport:goldenclients_ip:873 root@goldenclients_ip and enter the root password. > 5) Switch to another terminal on your imageserver (make sure you leave the ssh session you opened in step 4 open), and run getimage -golden-client localhost:localport -image imagename (make sure you use the same value for localport here as you did in step 4. It can be any port but ideally should be an ephemereal and not already in use. As an example I use 15000 but you could use whatever you like). > 6) From here, it should be just like a normal getimage. When its all finished you can log out of your ssh session/tunnel, and you can also kill the rsync daemon on your golden client. > > Voila :) > > Regards, > Anton > > |