Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Last revision Both sides next revision
server-administration:netcat-over-ssh [2012-07-20 18:44:21]
garrett.plasky Approved 		server-administration:netcat-over-ssh [2012-07-20 18:45:36]
garrett.plasky Approved
Line 35: Line 35:
 <note warning>Netcat opens an encryption-less connection from one host to another, which is why it outperforms SSH. If using the netcat method, take a moment to consider the implications of sending raw, unecrypted data over your network. We **strongly** recommend against using this method for WAN data transfers, unless you are doing so over an encrypted tunnel (e.g. VPN).</note> <note warning>Netcat opens an encryption-less connection from one host to another, which is why it outperforms SSH. If using the netcat method, take a moment to consider the implications of sending raw, unecrypted data over your network. We **strongly** recommend against using this method for WAN data transfers, unless you are doing so over an encrypted tunnel (e.g. VPN).</note>
  
-Further on the subject of the warning above: Because netcat does not use any sort of authentication mechanism, it is possible for someone who knows your netcat port (e.g. from a trivial portscan) to inject arbitrary data into the stream thereby corrupting your <c>dd</c> operation. You may want to consider firewalling the server off prior, with something simple like restricting traffic to the netcat port to only the address of your remote transfer host.+Further on the subject of the warning above: Because netcat does not use any sort of authentication mechanism, it is possible for someone who knows your netcat port (e.g. from a trivial portscan) to inject arbitrary data into the stream thereby corrupting your <c>dd</c> operation. You will probably want to implement a firewall rule on the server to restrict traffic sent on the netcat port to only be permitted from the address of your remote transfer host.
  
 We will assume for the purposes of this tutorial that you have the <c>nc</c> version of netcat. If you have the the other, then the command line options will be slightly different but the idea is the same. You set up a listening server on the destination, and then you send data to the port you've specified form the source. Let's assume we are transferring a full disk image from serverA (/dev/sda) to serverB (dev/sdb). We are going to assume block size of incoming data for <c>dd</c> will be 16MB and that it will be bzip compressed. On serverB we would run the following: We will assume for the purposes of this tutorial that you have the <c>nc</c> version of netcat. If you have the the other, then the command line options will be slightly different but the idea is the same. You set up a listening server on the destination, and then you send data to the port you've specified form the source. Let's assume we are transferring a full disk image from serverA (/dev/sda) to serverB (dev/sdb). We are going to assume block size of incoming data for <c>dd</c> will be 16MB and that it will be bzip compressed. On serverB we would run the following: