[Box Backup] Tunneling TLS through SSH works, but got (7/34) instead

Magnus Homann boxbackup@fluffy.co.uk
Sat, 20 May 2006 19:28:07 +0200 

Ben Summers wrote:
> 
> On 19 May 2006, at 22:27, E.W. Peter Jalajas wrote:
> 
>> --- Magnus Homann <magnus@homann.se> wrote:
>>
>>> E.W. Peter Jalajas wrote:
>>>> Hi Magnus,
>>>>
>>>> Do these pages help?:
>>>> http://www.rzg.mpg.de/networking/tunnelling.html
>>>> http://hacks.oreilly.com/pub/h/66
>>>
>>> Thanks, I've tried most of that already.
>>>
>>> I started with setying up client and server on the same machine, and
>>> then copying the bbstored files to anothe machine, and also copied
>>> the
>>> bbstored certificates. I guess this should work, the certificates are
>>>
>>> not connected to the hostname, right?
>>
>> I believe that is correct, but someone else on the list should verify.
>> It is the contents of the digital keys that need to connect.
>>
>> You'd of course have to install the matching version of bbstored on the
>> other machine, including what'll probably be essentially a completely
>> new /etc/box/bbstored.conf.  You'd also of course have to modify the
>> client /etc/box/bbackud.conf to point to the other machine by the
>> correct name.  And your dns, routing (including port forwarding), and
>> firewalls would all have to be configured correctly.  And probably
>> other things that I'm forgetting at the moment.
> 
> It's just a TCP/IP connection on port 2201. No magic, not trickyness.
> 
> I suggest the following approach:
> 
> * Configure the server as normal, except use 'localhost' as the address 
> for bbstored-config
> 
> * Configure the client as normal, except use 'localhost' as the address 
> of the server in bbackupd-config
> 
> * Use ssh to tunnel with appropriate users and keys set up. Note that 
> the ssh user does not have to be the same one as bbstored is running 
> under, it just needs to be able to make a TCP/IP connection to port 2201 
> on localhost.
> 
>     ssh -L 2201:servers-real-address:2201 user@servers-real-address

This is exactly what I've done. The result has previously been that when 
I started bbackupquery (to test the setup), I got a TLSReadFailed (7/34) 
immediately. As I have no logs to see what's happening (not root on 
server), I had no clue why. Trying just now, I could do a couple of 'ls' 
and 'cd' before it appeared. So, the conclusion is that I got the certs 
and the tunnel set up properly. Excellent.

When I cd into my top dir, everything is fine. I cannot " get 
backup.file dummy.file" in bbackupqurey, without getting "Error occured 
during fetching of file". If I do a "cd subdir", I works, but when 
typing "ls" afterwards, I get the TLSReadFailed (7/34) again.

How to debug this without the logs?

> * You'll need to make sure that the tunnel is open when bbackupd wants 
> to connect. May I suggest a cunning script using the SyncAllowScript, 
> which is always run just before a sync starts by bbackupd.

I'll look into that.