Home / server / Questions / 401192
Accepted
MountainX
Asked: 2012-06-22 22:10:44 +0800 CST

Secure copying (file transfer) between two Linux servers in the same datacenter (Linode)

  • 772

I have two Linodes in the same data center. I want to copy files from one to the other each night or on demand (for about the next month, until this project is finished). So I'm thinking about using rsync.

My question is how do I set up the two Linode servers to communicate via private IP addresses securely? Both servers are SSH hardened, they use denyhosts and have a fairly restrictive iptables setup.

I know I need to first assign private IP addresses to each server, then configure static networking according to this guide.

What is next? What SSH or iptables settings are needed to allow these two servers to communicate?

What further info do I need to supply in this question? I'm looking for a basic step-by-step guide for how to do this.

linux file-transfer linode

3 Answers

  1. As you are using Linux you have all the tools you need. Just use rsync over ssh

    rsync -avz -e ssh user@remotehost:/remote/dir /this/dir/

    No need for private IPs etc as this encrypts your traffic end to end.

    • 2
  2. Best Answer

    As mentioned in a comment by ErikA, one advantage with using private IPs in Linode is that you don't pay for bandwidth on their private network. And the whole point of my question was to ask how to do this with private IP's. So I'm answering my own question with the solution I ended up using.

    What SSH or iptables settings are needed to allow these two servers to communicate?

    No changes were needed. Iain was right. The communication is still via the same port, and that port was already open in iptables. Even though this server is "SSH hardened", no changes where needed when using the private IPs instead of the public IPs.

    As stated in my original question, I did plan to use rsync -- and that ended up being the final solution. But the use of a custom port and keyfile required quoting the ssh piece of the command as shown here:

    rsync -av -e "ssh -p 222 -i /home/user/.ssh/id222_rsa" /this/dir/ --delete-excluded --exclude-from=my_exclude_list.txt [email protected]:/remote/dir

    Figuring out the need for quotes and what part was inside the quotes was about the only minor challenge to the whole thing. It ended up being easier than I thought.

    • 1

  3. Unless Linode can provision you a private VLAN, using internal IPs won't make it any more secure.

    Your easiest solution would be to set up a simple OpenVPN tunnel between the two machines, then send your rsync traffic over that. You could even use a weak cipher like arcfour with rsync to speed things up, as the encryption will be handled by he VPN tunnel itself.

    There are lot ans lots of very simple guides out there for OpenVPN using x509 certificates for auth and on Linux, you can have it set up in minutes.

    Here is a simple guide http://www.smallnetbuilder.com/security/security-howto/30353-how-to-set-up-a-site-to-site-vpn-with-openvpn

    • 0