duplicity-talk
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Duplicity-talk] tunneling

From: edgar . soldin
Subject: Re: [Duplicity-talk] tunneling
Date: Thu, 12 Mar 2015 11:50:55 +0100
User-agent: Mozilla/5.0 (Windows NT 5.1; rv:31.0) Gecko/20100101 Thunderbird/31.5.0 
On 12.03.2015 11:39, ST wrote:
> On Thu, 2015-03-12 at 11:28 +0100, address@hidden wrote:
>> On 12.03.2015 11:24, ST wrote:
>>> Thank you very much,
>>>
>>> On Thu, 2015-03-12 at 10:52 +0100, address@hidden wrote:
>>>> On 12.03.2015 10:26, ST wrote:
>>>>> Hi,
>>>>> I want to make a backup using duplicity (which uses paramiko) and upload
>>>>> files to a remote host R2, the problem is, that I can access R2(sftp
>>>>> access) only from R1(ssh access). How can I tunnel duplicity through R1
>>>>> to R2? I defined (in .ssh/config) Host R2 and ProxyCommand ssh -p XXXX
>>>>> -qW %h:%p address@hidden and I can actually do `sftp address@hidden but 
>>>>> when I run
>>>>> `duplicity Dir sftp://address@hidden/` there is a delay and I get
>>>>> "BackendException: ssh connection to R2:22 failed: timed out". 
>>>>
>>>> paramiko does not implement all functionality of openssh eg.
>>>>  
>>>>> Is there
>>>>> a way to tell paramiko to use my .ssh/config? Or is there a way to
>>>>> tunnel through another host in paramiko?
>>>>
>>>> not afaik.
>>>>
>>>> a workaround could be establishing the tunnel beforehand using openssh
>>>>
>>>>  ssh -L portlocal:host2:port2 host1
>>>
>>> Will this work if on host2 I have only sftp access and not the full ssh
>>> access? Right now I use following command:
>>>     ssh -L 2222:address@hidden:22 address@hidden -p XXXX
>>>
>>> after this I get on host1 (I have ssh keys installed), but when I try on
>>> another terminal:
>>>     sftp -P 2222 localhost
>>> I get in that terminal:
>>> ssh_exchange_identification: Connection closed by remote host
>>> Couldn't read packet: Connection reset by peer
>>>
>>> And on the terminal with the active connection to host1:
>>> channel 3: open failed: administratively prohibited: open failed
>>>
>>> Any ideas?
>>>
>>
>> you can only tunnel through machines where you have ssh, not only sftp, 
>> access. can you login to host2 using ssh?
> 
> On the end target - host2 I have only sftp(scp,webdav,ftp,Samba/CIFS)
> access, on the intermediate host1 I have full ssh access and can login
> there. Is there such thing as sftp tunnel? Or maybe I can use other
> protocols listed above somehow?
> 

sftp is essentially ssh with a forced shell binary, namely sftp_server. try to 
debug your issue by 

1. establishing the tunnel first
2. ssh to the tunnel localhost:tunnelport

you can raise ssh verbosity via -v parameter. see it's manpage.

you might need to explicitely give an auth key parameter, as your ssh might 
think it logs into localhost.

you can of course setup everything in .ssh/config and use the host definition 
from there to keep your commandline short. but that's only needed if you plan 
to use the command manually often.

..ede/duply.net
reply via email to
[Prev in Thread] Current Thread [Next in Thread]