How To properly secure rsync traffic from onsite ReadyNAS to offsite ReadyNAS
Ok i am trying to setup my first offsite backup and right now both boxes are in the same building rsyncing nightly without encryption (obviously)...now i want to be ready when i take it offsite and not have to poke at it for days to get it to work...i want to make sure it is working before hand...i have a little experience with stunnel but next to none with linux\unix commands...not to mention i don't have all the options most people have becasue i am using the rsync feature native to the readynas boxes...so my thought was to run stunnel on the local server and point the localnas to the internal server running stunnel and have it redirect to a secure port then on the other end i have an ISA 2006 firwall and i will have the box behind it...now i can't change the port the readynas listens on (to my knowledge) so how would i make the redirection back to the normal rsync port of 873 so it will send it to the box on my network...here is a rough diagram of what i am trying to say
ReadyNAS box on client network--->firebox---cloud
how do i make sure the data is encypted during this process, can it be done with stunnel?
any help is appreciated
ReadyNAS box on client network--->firebox---cloud
how do i make sure the data is encypted during this process, can it be done with stunnel?
any help is appreciated
Run through this guide I use:
Installing ssh and rsync on a Windows machine: minimalist approach
http://optics.ph.unimelb.edu.au/help/rsync/rsync_pc1.html
Installing ssh and rsync on a Windows machine: minimalist approach
http://optics.ph.unimelb.edu.au/help/rsync/rsync_pc1.html
Oh, sorry, I didn't notice you needed for Windows Server.. then also this guide is good http://ist.uwaterloo.ca/~kscully/CygwinSSHD_W2K3.html
ASKER
Hey guys, thanks for the prompt responses but i don't think my problem is that simple...see the NAS devices don't have any native ssh support...here is what i am going to try and i think i already have it working...please tell me if it is way off and why...not only do i want this to work but i want to learn why it works...anyway
here is what i did
i installed stunnel as the client on the clients in house server...then i installed stunnel (as a server with pem cert) on my server where the offsite box will be located here is how everything points
Client NAS rsync-->server running stunnel listening on 873 then redirects to offsite public ip address through port 22-----------Internet-----
is that secure or am i missing something....thats what i don't grasp...i know 22 is the ssh port but does that mean anything sent through that port is secure?
thanks guys
here is what i did
i installed stunnel as the client on the clients in house server...then i installed stunnel (as a server with pem cert) on my server where the offsite box will be located here is how everything points
Client NAS rsync-->server running stunnel listening on 873 then redirects to offsite public ip address through port 22-----------Internet-----
is that secure or am i missing something....thats what i don't grasp...i know 22 is the ssh port but does that mean anything sent through that port is secure?
thanks guys
Mh, the traffic between offsite public and server should be actually crypted (but not between server and NAS).
If you are dubious try to dump the traffic with tcpdump on ISA 2006 and see if you can take a peek on packets' content. If you can, the traffic is in clear and your data is unsecure. If not, you are ok.
Practice is always better than unverified theory.
Otherwise, you may run ssh on your final server that mounts, as a network filesystem, your NAS' disks. Rsync would contact your server, that redirects the stream of clear and uncrypted data on the NAS device.
If you are dubious try to dump the traffic with tcpdump on ISA 2006 and see if you can take a peek on packets' content. If you can, the traffic is in clear and your data is unsecure. If not, you are ok.
Practice is always better than unverified theory.
Otherwise, you may run ssh on your final server that mounts, as a network filesystem, your NAS' disks. Rsync would contact your server, that redirects the stream of clear and uncrypted data on the NAS device.
ASKER
sorry i haven't responded to anyone, im waiting for a few things to happen before i troubleshoot this again this week
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
i am guessing that the solution givin isn't the best but i have been too sidtracked to try any of it, if anyone has a problem with my decision, please let me know and ill do what i can to make everyone happy.
thanks for your time
thanks for your time
add the option -e ssh and you are set. Of course, both destination and source must have ssh installed. This way the script will ask for passwords every time, but you can use key based autentication to work it around.
Example:
rsync -aze ssh user@host:/path/to/source /path/to/destination
and you are done :)