I need to figure out how to easily mirror a client's site, but the mirror needs to sync if the client makes changes on the site.
an example is http://www.nailcotehall.co.uk mirrored here http://nailcotehall-px.rtrk.co.uk/index.html?utm_source=google&utm_medium=cpc&utm_campaign=NailcoteLandingPage
If you have linux/unix servers and have SSH access for both of them you can use rsync to sync modified files/directories from one server to another.
For example:
rsync -a ~/dir1 username#remote_host:destination_directory
See: http://www.tecmint.com/rsync-local-remote-file-synchronization-commands/
This can be make periodic with cron
Related
I am fairly new to ssh and still learning it. Recently I have made a tunnel connection with an ssh host and managed to successfully transfer data/files from my machine to the server with the command: scp file.extension user#hostIP:/directory/directory.
While this was successful, I am kinda struggling to reverse it, sending data/files from the server to the client. How would one go about completing that? Do I need to make some changes to ssh_config or just CLI commands are enough?
You need to change the order:
scp user#hostIP:/directory/directory file.extension
that's accomplishing the invert operation, off course, assuming that the address is correct, the file exists and you have the necessary privileges.
I installed redis on my computer and opened 1 redis-server and 2 redis-cli. If I type "shutdown save" command in the first redis-cli terminal, it will close both the server and the first redis-cli. Then, the second redis-cli won't be able to communicate with redis-server anymore because it has already been shutdown by the other redis-cli. It just doesn't make sense to me. IMO, a server is a standalone service and should always be running. A client should be able to connect/disconnect with a server but never disable a server. Why would Redis allow a client to disable a server which could be shared by many other clients? Consider if the redis server is on a remote machine and the redis clients are on other machines, wouldn't it be very dangerous since if one of the clients shut down the remote server then all other clients will be influenced?
If you don't want clients to execute the SHUTDOWN command (or any other for that matter), you can use the rename-command configuration directive.
As of the upcoming Redis v6, ACL are expected to provide a better degree of control over admin and application command.
No, I think you are getting it wrong. It's application responsibility to allow/disallow certain specific action on remote server. You can simply disallow certain commands so that single cli cannot take down the redis-server.
I want to install a number of raspberry pis at remote locations and be able to log in to them remotely. (Will begin with 30-40 boxes and hopefully grow to 1000 individual raspberry pis soon.)
I need to be able to remotely manage these boxes. Going the easier route, forwarding a port on the router and setting a DHCP reservation, requires either IT support from the company we'll be doing the install for (many of which don't have IT), or it will require one of our IT people physically installing each box.
My tentative solution is to have each box create a reverse SSH tunnel to our server. My question is: How feasible would this be? How easy would it be to manage that many connections? Would it be an issue for a small local server to have 1000+ concurrent SSH connections? Is there an easier solution to this problem?
My end goal is to be able to ship someone a box, have them plug it in, and be able to access it.
Thanks,
w
An alternate solution would be to:
Install OpenVPN server on your server machine. How to install OpenVPN Server on the PI. Additionally, add firewall rules that block everything but traffic directed for the client's ssh and other services ports (if desired), from administrating machine(s).
Run OpenVPN clients on your Raspberry PI client machines. They will connect back to your VPN server. On a side note, the VPN server and administrating machine(s) need not be the same machine if resources are limited on the VPN server. How to install OpenVPN on the client Raspberry PIs.
SSH from administrating machine(s) to each client machine. Optionally, you could use RSA authentication to simplify authentication.
Benefits include encryption for the tunnel including ssh encryption for administrating, as well as being able to monitor other services on their respective ports.
I made a WebApp to manage this exact same setting in about 60 minutes with my java web template. All I can share are some scripts that I use to list the connection and info about them. You can use those to build your own app, it is really simple to display this in some fancy way in a fast web.
Take a look at my scripts: https://unix.stackexchange.com/a/625771/332669
Those will allow you to get the listening port, as well as the public IPs they're binded from. With that you can easilly plan a system where everything is easilly identificable with a simple BBDD.
You might find this docker container useful https://hub.docker.com/r/logicethos/revssh/
I want to offer a backup storage service for some of my friends. I have a QNAP nas and want to make it accessable across the internet so my friends can backup their files on it.
I think rsync is the best protocol for this. But I want to know how to make it secure. I can start the rsync server and configure my router to forward the port, but then the data goes across the net unencrypted. I can use ssh instead. But how do I set things up so that they cannot login to the machine, or at least, not be able to see the files that others have stored on there? I basically want to sandbox them.
I've been searching the net a lot and have found plenty of information about setting up your personal rsync server to backup your personal stuff. But I have not been able to find anything about the usecase I described above.
You don't need to set up an rsync server (rsyncd) - you can just use ssh (which is used by default for rsync) and rsync will be taken care of automatically. Create an account on your server for each user and then they can just backup as as, e.g.
$ rsync -av /path/to/local/files username#your_server:path/to/backups/
So all you need to do other than creating user accounts is to open port 22 for incoming ssh traffic.
I was going to do rsync, but rsync over SSH needs to have the private key on the second EC2 instance. I'm concerned about copying my private SSH key to the server. That can't be safe, right?
Is there another possibility, e.g. somehow getting authentication via my computer? If it's only a little auth check at the beginning of each sync, I don't mind that.
Or can I securely sync files between EC2 instances without the private key?
Thanks for your input,
MrB
You needn't use your EC2 keys to setup SSH between the two EC2 instances. Look at this guide - http://ask-leo.com/how_can_i_automate_an_sftp_transfer_between_two_servers.html .
Simple outline of the process is, lets say you want to transfer files from Server1 to Server2. You basically create a new key for your user on Server1 (note this is different from the key you downloaded to access your EC2 instance - Server1 in this case). Then load up the public part in Server2's authorized_keys and you should be able to setup SSH.
If the user that the rsync process is going to run under is not your user, then you will have to setup SSH keys for the user that the process will run under.
HTH
Just create a snapshot of the volume you have your modified files contained and attach it your outdated instance after detaching the outdated volume.