ZFS Replication / SSH Connectivity Question

Notice: Page may contain affiliate links for which we may earn a small commission through services like Amazon Affiliates or Skimlinks.

coolrunnings82

Active Member
Mar 26, 2012
407
92
28
I have been playing around with several servers I have in my home lab running OpenIndiana + Napp-IT (thanks _GEA!). I decided I wanted to delve into learning how ZFS Send/Receive work for pseudo-replication. One of the sites I found while Googling suggested using a command like this to send a snapshot from one server to the other:
Code:
zfs send -i scratchpool@snapshot1 scratchpool@snapshot2 |ssh id@host pfexec zfs recv slavepool
The website where I found it is here: http://docs.oracle.com/cd/E17952_01/refman-5.5-en/ha-zfs-config.html

When I run this while SSHed into one of the servers, it will hang for about a minute or more and then come back with a message saying
connect to host servername port 22: Connection timed out

I have only ever used Putty to SSH into a server, never run SSH from a command line and don't know the first thing of how to configure it. I checked to ensure I got all the hostnames correct. I checked to make sure I can use Putty to connect to each of the two servers (success there). I've also tried just typing:
Code:
ssh username@hostname ls
and I keep getting the same error.

Can anyone suggest how to configure things so this will work? Any and all suggestions would be appreciated at this point. Also, if anyone has any free replication scripts that are reliable and easy to modify, I would really like to learn how to do this. Thanks for all the help!
 

fagiano

Member
Feb 5, 2011
43
7
8
Singapore
I use the same line for my backup, except that I setup passworldless ssh so I don't get prompted with passwords(that' might be your issue)
have you tried something simple (echo 123test | ssh host "cat")?

here's how i setup passwordless ssh (replace 'alberto' with your username, 'source' with your source machine name and 'destination' with you recv machine name)

let allow alberto@source to run a ssh command on alberto@destination without password

1) login into alberto@source
2) goto "alberto home", write "cd ~"
3) write "ssh-keygen -t rsa" press enter when asked for passphrase
4) copy the contents of .ssh/id_rsa.pub (there should only be one line) in a file called "authorized_keys" you can type cat .ssh/id_rsa.pub > authorized_keys
5) move authorized_keys on destination and place it in alberto home .ssh (if .ssh doesn't exists create it)
6) change permissions to authorized_keys (I wrote "chmod 744 authorized_keys" and then "chmod -x authorized_keys") it should be enough to make it non group writable
7) DONE! when running ssh do not specify ssh alberto@destination "command" but just ssh destination "command"

ciao
Alberto
 

coolrunnings82

Active Member
Mar 26, 2012
407
92
28
Thank you Alberto! Your advice helped me get somewhere.

After running the command: echo 123test | ssh 10.0.0.201 "cat"
I got the following output:

The authenticity of host '10.0.0.201 (10.0.0.201)' can't be established.
RSA key fingerprint is <RSA KEY>.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '10.0.0.201' (RSA) to the list of known hosts.

Once I did that, I was able to connect. I tried following the other steps you gave me but I couldn't quite understand step 5. Could you elaborate? Also, I'm afraid I don't understand exactly WHY the stuff above worked. Can you explain based on the output I posted above? I'd really like to understand what is really going on. Thanks again for your help!
 

fagiano

Member
Feb 5, 2011
43
7
8
Singapore
well ssh does a lot of security stuff that I don't understand, it something like SSL for websites, you need a 3rd party authority to certify things(is a warning I get all the time) but I'm not 100% sure how it works.

Anyway, step 5 means: login with the same user you'll use for the backup on the destination machine go to his home (cd ~) create a folder called .ssh move the file autorized_keys in it(from the source machine).
then step 6(change its permissions etc...)

ciao
Alberto
 
Last edited: