Monday, October 15, 2012

Linux: Transmitting a Bunch of Files using socat

computer

socat is a nifty, versatile tool for establishing a secure data channel between two computers. To install socat on Debian, use apt-get:

apt-get install socat

I was trying to use socat and tar to duplicate the contents of an entire filesystem securely between two computers. In this case, I copied all files in partition /dev/sda5 on box A to partition /dev/sdb6 on box B (IP 192.168.200.83).

Using the SCTP protocol

This method does not involve encryption, so it is relatively simple to follow.

  1. First, I opened a terminal at box B (192.168.200.83) and changed the current directory to /mnt/sdb6 where I will unpack the incoming stream of files.

    cd /mnt/sdb6

    Then, I typed the following command to have socat establish a SCTP connection listening on port 7749. tar would be expecting to receive incoming files.

    socat EXEC:"tar xzf -" SCTP4-LISTEN:7749
  2. Then, I opened a terminal at box A. Here I would transmit a bunch of files to box B (192.168.200.83). I changed directory to /mnt/sda5 containing files to send.

    cd /mnt/sda5

    Then, I typed the following command to transmit all the files in the current directory.

    socat EXEC:"tar czf - ." SCTP4-CONNECT:192.168.200.83:7749

Using the SSL connection

This method involves encrypted connection and requires SSL certicates on both sides of the link. Read this post to learn how to create self-signed SSL certificates if you don't already have one.

  1. Debian and Ubuntu automatically create a local SSL certificate at /etc/ssl/certs/ssl-cert-snakeoil.pem. Both parties of an SSL connection — box A and box B — should exchange each other's ssl-cert-snakeoil.pem in order to have SSL connections between them.

  2. On box B, I typed the following command to run socat in SSL listening mode at port 7749.
    cd /mnt/sdb6
    socat EXEC:"tar xzf -" OPENSSL-LISTEN:7749,reuseaddr,cert=/etc/ssl/certs/ssl-cert-snakeoil.pem,key=/etc/ssl/private/ssl-cert-snakeoil.key,cafile=box-A.pem
  3. On box A, I typed the following command to run socat in SSL mode while running tar to pack all the files and send them through the pipeline.
    cd /mnt/sda5
    socat EXEC:"tar czf - ." OPENSSL:192.168.200.83:7749,cert=/etc/ssl/certs/ssl-cert-snakeoil.pem,key=/etc/ssl/private/ssl-cert-snakeoil.key,cafile=box-B.pem

Thus I have duplicated the whole directory tree from Box A to Box B. Using socat and tar, I was able to mirror a filesystem over the network. As shown above, socat alone can be a good substitute in situations where ssh, scp and/or netcat are needed. socat has many other features I have yet to explore.

Another Way of Using SSL Connection

I think this method works better than the previous one. At the receiver machine B, execute:

socat -u OPENSSL-LISTEN:7749,reuseaddr,cert=/etc/ssl/certs/ssl-cert-snakeoil.pem,key=/etc/ssl/private/ssl-cert-snakeoil.key,cafile=box-A.pem STDOUT | tar xzvf -

At the sender machine A, execute:

tar czvf - . | socat -u STDIN OPENSSL:192.168.200.38:7749,cert=/etc/ssl/certs/ssl-cert-snakeoil.pem,key=/etc/ssl/private/ssl-cert-snakeoil.key,cafile=box-B.pem

In this example, box B has IP address 192.168.200.38 and is listening on port 7749. Both machines exchanged SSL certificates: box-A.pem and box-B.pem.

About This Blog

KBlog logo This blog seeks to provide useful information to people, based on the author's knowledge and experience. Thanks for visiting the blog and posting your comments.

© Contents by KBlog

© Blogger template by Emporium Digital 2008

Follow by Email

Total Pageviews