ID #1384

How can I encrypt the rsync connection to the BackupHD with stunnel ?

Hint: To use rsync for your BackupHD, you have to activate the function in the customer center. To do so navigate to the menu-point "Verwaltung" after you have chosen your contract and make the tick under "Rsync active".

Then click on the button "Ändern". Your BackupHD will be activated within 24 hours for rsync.

If you want to encrypt the rsync-connection to your BackupHD, you have the possibility to set an stunnel.

By that the connection to your BackupHD will be encrypted via SSL.

This instruction describes the setup of stunnel under Linux and Windows.

 

Linux:

 

Zunächst müssen Sie stunnel auf Ihrem System installieren. Dazu sollte ein Paket für Ihren Paketmanager verfügbar sein.

Debian/Ubuntu


 aptitude install stunnel

 

CentOS


 yum install centos

 

Gentoo


 emerge stunnel

 

OpenSuse


 zypper install stunnel

 

Nun muss die stunnel Konfigurationsdatei erstellt bzw. aufgerufen

 

 vi /etc/stunnel/stunnel.conf

 

und die folgenden Änderungen vorgenommen werden:

 

   
; Certificate/key is needed in server mode and optional in client mode
;cert = /etc/ssl/certs/stunnel.pem
;key = /etc/ssl/certs/stunnel.pem

; PID is created inside the chroot jail
pid = /stunnel.pid

; Some performance tunings
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
;compression = zlib

; Some debugging stuff useful for troubleshooting
debug = 5
output = /var/log/stunnel/stunnel.log

; Use it for client mode
client = yes

Service-level configuration

[pop3s]
accept  = 995
connect = 110

[imaps]
accept  = 993
connect = 143

[ssmtp]
accept  = 465
connect = 25

;[https]
;accept  = 443
;connect = 80
;TIMEOUTclose = 0

[ssync]
accept = 873
connect = rsync1.euserv.de:273
  

 

Erstellen Sie das benötigte stunnel-Zertifikat und den Schlüssel (pem):

 

 openssl req -new -x509 -days 365 -nodes -out stunnel.pem -keyout stunnel.pem

 

Geben Sie hier die notwendigen Informationen an:

 

 
Country Name:
State or Province name:
Locality:
Organization Name:
Organizational Unit Name:
Common Name (FQDN):
  

 

Bearbeiten Sie schließlich die folgende Datei:

 

 vi /etc/default/stunnel

 

und ändern die folgende Zeile:

 

 
# Change to one to enable stunnel automatic startup
ENABLED=1
  

 

Jetzt können Sie stunnel mit dem folgenden Befehl starten:

 

 stunnel /etc/stunnel/stunnel.conf

 

Die Nutzung von rsync:

Für eine durch stunnel verschlüsselte rsync-Verbindung können Sie nun localhost als Server angeben.

z.B.

 

 rsync -avuz /dev/zero ftpbackup-1234@localhost::ftpbackup-1234

 

Beenden von stunnel:

 

 killall stunnel


Setting up stunnel under Windows

 

You can also set stunnel manually in Windows.


The necessary program can be downloaded at http://www.stunnel.org/.

Now you just have to edit the configuration file. You can find a link in the start menu .

Ensure that the option client=yes is not commented out.

 

client = yes
[ssync]

accept = 873

connect = rsync1.euserv.de:273

 

Now you can start stunnel from the start menu.


You can use Rsync under Windows e.g. with the free tool DeltaCopy.

More information on the use of rsync (under linux) can be found here:

How can I save files with rsync on my BackupHD?

Tags: BackupHD, rsync, ssl, stunnel, tls

Related entries:

You cannot comment on this entry