Topic: server pptp

[tomas]

I installed a server pptp and will j'aimerai knowledge this qu'il is necessary to install on the customer to be able to connect itself and how l'utiliser. In fact I would like to make update on a file with rsync after putting connected.

[bpivk]

Ask your question on the french forum because google didn't translate it properly and you'll get your answers a lot faster because we won't have to guess what you're trying to tell us.

Edit: You allready did this. Then have some patience. You can't expect an answer only a few minutes after you've posted the question.

P.S.: Welcome to the comunity.

[gdbs]

ok this is what Thomas wanted to ask:

He wants to do a Rsync between 2 sme servers on an ibay every weeks.

But these servers are located in 2 different countries, so he have to establish a pptp connection before doing his RSync.

And he can't do a permanent connection (OpenVPN) due to bandwith limitation.

So he would like to use the same pptp connection as the one you use when you want to connect a Windows client to a SME server...

I don't know if it's possible too...

[mmccarn]

You don't need to use pptp for rsync - rsync natively supports ssh tunneling.

There are several posts here about rsync'ing between sme servers.  I'm a great fan of Michael Weinberger's Affa.

Basically:
- Generate ssh public/private keys and share them between the two systems
- Configure either system to kick off rsync including the option that tells it to use ssh

Here's a post: http://forums.contribs.org/index.php?topic=36800.0

[tomas]

Yes but i don't want to open ssh on the external interface for security reasons....

[mmccarn]

ssh using key pairs is secure - unless you think someone will guess your private key, or break into your server and steal the file...

VPN, using usernames & passwords, is less secure.

Having said that, I do not run ssh on port 22.  Even though it's not supposed to be a 'fix', moving ssh to another port has eliminated ssh attacks on my servers.

I use the 'affa --send-key ...' command to setup the keys, then disable password login to ssh in server-manager

[tomas]

yes but we can decide which users are allowed to connect in vpn and the command line is not accesible even if someone can break or find the password. with ssh opened to the external, if there 's any security issue with ssh, someone may directly access to command line.
So i prefer not opening ssh instead of vpn.
thank for your help again.

[Franco]

SSH will be many, many times more secure than PPTP!

[tomas]

ok could you help me to search out links to:
   - run ssh on another port than the 22
   - generate ssh public/private keys and share them between the two systems.

Thanks again for your help

[bpivk]

Use the wiki.
Ok i'll support you this time (i'm fond of lazy people) and give you this link http://wiki.contribs.org/Category:Howto but you'll have to search for the answer to both your questions (hint: Check under S).

[m]

   - run ssh on another port than the 22

Search the Wiki

   - generate ssh public/private keys and share them between the two systems.

Search the Wiki and re-read the posts of this thread. You will stumble over: I use the 'affa --send-key ...' command to setup the keys

[tomas]

I did :
    - ssh-keygen -t rsa (for to generate the ssh public/private on the server)
   
And when I attempt me to connect in ssh, it me tell " permission denied (publickey)"

Thank for your help again.

[bpivk]

Well you have to do everything in the wiki not just the first command.  

[gdbs]

tomas...

maybe you can try in french... i've found this howto:

http://smeserver.fr/astuces.php?astuce=net_ssh_keys

see you on monday

[tomas]

Now I 've managed to save my datas thanks of rsync and ssh changing ssh's port and generate ssh public/private keys for more security.

thx for you help

And I would like to use it by a script in cron.weekly folder in order to launch it every weeks

My script is (found on another website):

Code: [Select]


#!/bin/sh

RSYNC=/usr/bin/rsync
SSH=/usr/bin/ssh
KEY=/home/thisuser/cron/thishost-rsync-key
PORT=newport
RUSER=remoteuser
RHOST=remotehost
RPATH=/remote/dir
LPATH=/this/dir/

$RSYNC -az -e "$SSH -i $KEY" $RUSER@$RHOST:$RPATH $LPATH


Everything works fine, but it ask me for the ssh passphrase.

Is it possible to make it work silently?

Thank for your help again