Best Way To Transfer Files?

Bernie Hoefer LUG-Member at TheMoreIKnow.info
Mon Mar 5 13:59:59 EST 2012 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Sun, 22 Jan 2012 04:34:08 -0500, Bernie Hoefer wrote:
===
> But I'd like to know from you all:  is there a better way to do
> this? Is there a way I should do this to get rid of the
> "tcgetattr: Invalid argument" warning?
===
     I guess nobody had a better way of doing this, since there were no
responses to my January post.  However, I wanted
to follow up to that post to let anybody who runs across it know that my
original suggestion:


$ ssh -q $SRC_SERVER "sudo tar -C /path/to/source -cpf - filename" | \
ssh -q $DST_SERVER "sudo tar -C /path/to/destination -xvpf -"


does *not* work when transferring files from (at least) RHEL5 & RHEL6
servers.  This is because those servers' /etc/sudoers files, by default,
has "requiretty" set.  That means ones *has* to use SSH's "-t" option
when connecting to the source server -- but doing that corrupts the file
being transferred by adding CRLF characters.
     Obviously, one solution is to take that "requiretty" out of
/etc/sudoers, but Red Hat does not recommend that for security reasons.
After talking with a Red Hat tech, it was determined the best solution
would be this:


[user at intermediate]$ ssh -R2222:$DST_SERVER:22 $SRC_SERVER

[user@$SRC_SERVER]$ sudo su -

[root@$SRC_SERVER]$ tar -C /path/to/source -cpf - filename | \
ssh -qtt -p2222 user at localhost 'sudo tar -C /path/to/destination -xvpf -'


     What the above does is creates a tunnel from the source server's
loopback address' port 2222 through the intermediate server to the
destination server's normal SSH port.  Once on the source server, one
becomes root and tars up the root-only-accessible file, sending it
through that tunnel.
     One still needs to use SSH's "-tt" option for the destination
server's sudo command, but that is OK.  (I haven't had time to find out
why it must be "-tt" instead of "-t".)  One also still gets the
"tcgetattr: Invalid argument" warning, but like I wrote in my January
post, it doesn't seem to affect the integrity of the file transfer.

- -- 
Bernie Hoefer
PGP e-mail is welcome!  Get my 1024 bit signature key from:
<http://pgpkeys.mit.edu:11371/pks/lookup?op=get&search=0x446A6F93>.
"The more I know, the more I realize how much I do not understand."


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk9VDScACgkQckGmqURqb5MYxACeNL8/buKFetY3FLCv8OeBzIyL
B/oAoInasbjPh9fhhC2pEuETGbzlyLtq
=bmei
-----END PGP SIGNATURE-----

More information about the cinlug mailing list