socat is a nifty, versatile tool for establishing a secure data channel between two computers. To install socat on Debian, use apt-get:
apt-get install socat
I was trying to use socat and tar to duplicate the contents of an entire filesystem securely between two computers. In this case, I copied all files in partition /dev/sda5 on box A to partition /dev/sdb6 on box B (IP 192.168.200.83).
Using the SCTP protocol
This method does not involve encryption, so it is relatively simple to follow.
First, I opened a terminal at box B (192.168.200.83) and changed the current directory to /mnt/sdb6 where I will unpack the incoming stream of files.
Then, I typed the following command to have socat establish a SCTP connection listening on port 7749. tar would be expecting to receive incoming files.
socat EXEC:"tar xzf -" SCTP4-LISTEN:7749
Then, I opened a terminal at box A. Here I would transmit a bunch of files to box B (192.168.200.83). I changed directory to /mnt/sda5 containing files to send.
Then, I typed the following command to transmit all the files in the current directory.
socat EXEC:"tar czf - ." SCTP4-CONNECT:192.168.200.83:7749
Using the SSL connection
This method involves encrypted connection and requires SSL certicates on both sides of the link. Read this post to learn how to create self-signed SSL certificates if you don't already have one.
- Debian and Ubuntu automatically create a local SSL certificate at /etc/ssl/certs/ssl-cert-snakeoil.pem. Both parties of an SSL connection — box A and box B — should exchange each other's ssl-cert-snakeoil.pem in order to have SSL connections between them.
- On box B, I typed the following command to run socat in SSL listening mode at port 7749.
cd /mnt/sdb6 socat EXEC:"tar xzf -" OPENSSL-LISTEN:7749,reuseaddr,cert=/etc/ssl/certs/ssl-cert-snakeoil.pem,key=/etc/ssl/private/ssl-cert-snakeoil.key,cafile=box-A.pem
- On box A, I typed the following command to run socat in SSL mode while running tar to pack all the files and send them through the pipeline.
cd /mnt/sda5 socat EXEC:"tar czf - ." OPENSSL:192.168.200.83:7749,cert=/etc/ssl/certs/ssl-cert-snakeoil.pem,key=/etc/ssl/private/ssl-cert-snakeoil.key,cafile=box-B.pem
Thus I have duplicated the whole directory tree from Box A to Box B. Using socat and tar, I was able to mirror a filesystem over the network. As shown above, socat alone can be a good substitute in situations where ssh, scp and/or netcat are needed. socat has many other features I have yet to explore.
Another Way of Using SSL Connection
I think this method works better than the previous one. At the receiver machine B, execute:
socat -u OPENSSL-LISTEN:7749,reuseaddr,cert=/etc/ssl/certs/ssl-cert-snakeoil.pem,key=/etc/ssl/private/ssl-cert-snakeoil.key,cafile=box-A.pem STDOUT | tar xzvf -
At the sender machine A, execute:
tar czvf - . | socat -u STDIN OPENSSL:192.168.200.38:7749,cert=/etc/ssl/certs/ssl-cert-snakeoil.pem,key=/etc/ssl/private/ssl-cert-snakeoil.key,cafile=box-B.pem
In this example, box B has IP address 192.168.200.38 and is listening on port 7749. Both machines exchanged SSL certificates: box-A.pem and box-B.pem.