Monday, October 15, 2012

Linux: Transmitting a Bunch of Files using socat

computer

socat is a nifty, versatile tool for establishing a secure data channel between two computers. To install socat on Debian, use apt-get:



apt-get install socat


I was trying to use socat and tar to duplicate the contents of an entire filesystem securely between two computers. In this case, I copied all files in partition /dev/sda5 on box A to partition /dev/sdb6 on box B (IP 192.168.200.83).



Using the SCTP protocol



This method does not involve encryption, so it is relatively simple to follow.




  1. First, I opened a terminal at box B (192.168.200.83) and changed the current directory to /mnt/sdb6 where I will unpack the incoming stream of files.


    cd /mnt/sdb6

    Then, I typed the following command to have socat establish a SCTP connection listening on port 7749. tar would be expecting to receive incoming files.


    socat EXEC:"tar xzf -" SCTP4-LISTEN:7749

  2. Then, I opened a terminal at box A. Here I would transmit a bunch of files to box B (192.168.200.83). I changed directory to /mnt/sda5 containing files to send.


    cd /mnt/sda5

    Then, I typed the following command to transmit all the files in the current directory.


    socat EXEC:"tar czf - ." SCTP4-CONNECT:192.168.200.83:7749



Using the SSL connection



This method involves encrypted connection and requires SSL certicates on both sides of the link. Read this post to learn how to create self-signed SSL certificates if you don't already have one.




  1. Debian and Ubuntu automatically create a local SSL certificate at /etc/ssl/certs/ssl-cert-snakeoil.pem. Both parties of an SSL connection — box A and box B — should exchange each other's ssl-cert-snakeoil.pem in order to have SSL connections between them.



  2. On box B, I typed the following command to run socat in SSL listening mode at port 7749.

    cd /mnt/sdb6
    socat EXEC:"tar xzf -" OPENSSL-LISTEN:7749,reuseaddr,cert=/etc/ssl/certs/ssl-cert-snakeoil.pem,key=/etc/ssl/private/ssl-cert-snakeoil.key,cafile=box-A.pem


  3. On box A, I typed the following command to run socat in SSL mode while running tar to pack all the files and send them through the pipeline.

    cd /mnt/sda5
    socat EXEC:"tar czf - ." OPENSSL:192.168.200.83:7749,cert=/etc/ssl/certs/ssl-cert-snakeoil.pem,key=/etc/ssl/private/ssl-cert-snakeoil.key,cafile=box-B.pem




Thus I have duplicated the whole directory tree from Box A to Box B. Using socat and tar, I was able to mirror a filesystem over the network. As shown above, socat alone can be a good substitute in situations where ssh, scp and/or netcat are needed. socat has many other features I have yet to explore.

No comments:

Post a Comment

About This Blog

KBlog logo This blog is about current events and issues concerning general population. Thanks for visiting the blog and posting your comments.

© Contents by KBlog

© Blogger template by Emporium Digital 2008

Followers

Total Pageviews

icon
Powered By Blogger