Q. How do I use tar command over secure ssh session?
A. The GNU version of the tar archiving utility (and other old version of tar) can be use through network over ssh session. Do not use telnet command, it is insecure. You can use Unix/Linux pipes to create actives. Following command backups /wwwdata directory to dumpserver.nixcraft.in (IP 192.168.1.201) host over ssh session.
The default first SCSI tape drive under Linux is /dev/st0. You can read more about tape drives naming convention used under Linux here.
# tar zcvf - /wwwdata | ssh root@dumpserver.nixcraft.in "cat > /backup/wwwdata.tar.gz"OR# tar zcvf - /wwwdata | ssh root@192.168.1.201 "cat > /backup/wwwdata.tar.gz"
Output:
tar: Removing leading `/' from member names /wwwdata/ /wwwdata/n/nixcraft.in/ /wwwdata/c/cyberciti.biz/ .... .. ... Password:
You can also use dd command for clarity purpose:# tar cvzf - /wwwdata | ssh ssh root@192.168.1.201 "dd of=/backup/wwwdata.tar.gz"It is also possible to dump backup to remote tape device:# tar cvzf - /wwwdata | ssh ssh root@192.168.1.201 "cat > /dev/nst0"OR you can use mt to rewind tape and then dump it using cat command:# tar cvzf - /wwwdata | ssh ssh root@192.168.1.201 $(mt -f /dev/nst0 rewind; cat > /dev/nst0)$You can restore tar backup over ssh session: # cd /If you wish to use above command in cron job or scripts then consider SSH keys to get rid of the passwords.
# ssh root@192.168.1.201 "cat /backup/wwwdata.tar.gz" | tar zxvf -
Featured Articles:
- 20 Linux System Monitoring Tools Every SysAdmin Should Know
- My 10 UNIX Command Line Mistakes
- 10 Greatest Open Source Software Of 2009
- Top 5 Email Client For Linux, Mac OS X, and Windows Users
- Top 20 OpenSSH Server Best Security Practices
- Top 10 Open Source Web-Based Project Management Software
- Top 5 Linux Video Editor Software
- Email FAQ to a friend
- Download PDF version
- Printable version
- Comment RSS feed
- Last Updated: 01/3/08
{ 20 comments… read them below or add one }
Why use the ssh command twice, or is that a typo?
First one is with hostname and second one is with IP address.
ssh ssh root@192.168.1.201 “cat /backup/wwwdata.tar.gz” | tar zxvf –
why use the ssh twice here? (I believe this was the original question, too.
Daniel/Mike,
That was a typo. Thanks for heads up!
what is SQUID
The use of this and your examples seem rather untypical. Why pipe it through “ssh” if you’re just transfering a tar.gz to the other side. You could just create the tar.gz and scp it.
Also, the use of “cat” in your examples is completely unnecessary.
I came here hoping to find an example like this (i.e. transferring a directory recursively over ssh). So, for the next guy:
tar cvf – /data | ssh otherhost tar xvf -
Hi Vincent,
You may want to do this to get around limitations in older implementations of SSH that do not allow for large file transfers (larger than 2GB). I had recently run into this problem and the only workable solution was to tar over ssh to get around it.
Hi Vincent,
you could create a .tgz or whatever locally and then use scp. The problem with large amounts of data is that scp is awfully slow.
Cheers,
valor
rsync -avzH -e’essh’ /wwwdata root@192.168.1.201:/backup/
The whole point of this command is to help you when you have a filesystem full and need to tar files but don’t have enough space to store the tars. You can pipe the tar through ssh so that later you may also delete the files and place the tar into the original filesystem.
i dont know how to use to tar on network i was used 192.168.200.178 machine i use this /mydata folder how to transer using tar over network destination system is 192.168.200.200. any one help me.
The opposite side – which is the more common case, where you want to pull data from server, as opposed to making the server initiate connection and pushing data:
ssh gdr@server.net "tar jcf - /srv/gdr/gdr.geekhood.net/gdrwpl" > gdrwpl_backup.tar.bz2This might be useful if you are behind a firewall
Vincent:
The method of piping tar through SSH is faster than SCP not because SCP is slow (the transfer rate would theoretically be exactly the same), but because it saves a lot of time by parallelizing the tar.gz creation with the transfer. This is even more true if the source system only has one hard drive (or the only hard drive with enough free space to do the tar.gz is the same as the one you want data from).
If you have a few GB of loose files to copy into a .tar.gz on the remote side (say, for doing a backup), piping the output through ssh is faster because the source hard drive can just read continously the whole time and the destination can write at the same time. If you’re creating the .tar.gz on the same hard drive, you take a huge penalty for all the seeking it has to do; it as to read a bit, write it to the tar, read a bit more, write it to the tar, etc.
Even if you have a second hard drive (or a crapload of RAM), you’re still taking longer if you make the .tar.gz first because there’s creation + transfer time instead of just transfer time.
Sorry for being dumb but… so what is exactly the most efficient command to get local data to the remote server?
Hi,
is there a way to write a shell script that can automatically write data to tape every end of day?
or using netcat
$ tar czvf – /var/spool | nc -l 12345
$ nc host 12345 | tar xzvf -
it’s not secure, but it doesn’t require much
Hi,
thank you for your script snippets, one of these is just backing up some giga bytes across the network. But I notices a typo, a unnecessary “ssh” behind some of the pipe symbols. For example:
# tar cvzf - /wwwdata | ssh ssh root@192.168.1.201 "cat > /dev/nst0"Here’s one that worked for me recently:
I had to copy all the files from server A to a directory in server B (in order to have full replica of A), using man-in-the-middle server (because that IP was the only one allowed to connect).
The trouble was that I only had sudo rights on the first server and there were absolutely all ports closed (both ways) except incoming 22 for my ip and incoming 80 and 443 for serving web. No way to ssh out of that box (fw blocked outgoing syn packets)
First I had to “initialize” sudo so that I wouldn’t be asked a password which would later be asked within the pipe so I can’t provide it then (you recognize it by the infinite delay in the beginning while files are not appearing to the other side).
ssh -Ct serverA "sudo hostnamePassword:
-C uses compression,
-t forces assigning a terminal (RHEL 5.1 by default requires terminal)
I guess this can be achieved also by just sshing in and issuing the same command there. Hostname is just a random command to get sudo to ask for password (which it remembers for the next 15 minutes).
Now for the fun part:
ssh -Ct "stty -onlcr; sudo tar -cpf - -X /tmp/exclusion.list / 2> /dev/null" | ssh serverB "cd /tmp; tar cvpf -"stty -onlcr fixes a problem that arises with using forced terminal: for every CR (0×13) an extra LF character will be injected (0×13) for proper displaying on terminal. Only we’re actually not using a terminal but passing the bitstream through the ssh tunnel to tar.
-p preserves files’ permissions
-X specifies an exclusion file (directories I don’t want to be copied like /dev, /proc and /sys)
/ is what I want to be tarred :)
2> /dev/null sends tar commentary to the darkest of places. Without it you’ll get tar’s own chatter within the data stream.
Hope this will be useful to someone (like myself, later on)
Typo fix:
1)
ssh -Ct serverA "sudo hostname"2) …for every CR (0×13) an extra LF character will be injected (0×10) for proper displaying on terminal.
Typo fix2:
left the server out:
ssh -Ct serverA “stty -onlcr; sudo tar -cpf – -X /tmp/exclusion.list / 2> /dev/null” | ssh serverB “cd /tmp; tar cvpf -”