1. Manuals
  2. Tumbleweed
  3. dump-rmt
  4. rmt(1)

Scroll to navigation

ERMT(1) System management commands ERMT(1)

NAME

ermt - remote magtape protocol module with transparent encryption support

SYNOPSIS

ermt

DESCRIPTION

Ermt is a program used by the remote dump(8), restore(8) cpio(1) or tar(1) programs in manipulating a magnetic tape drive through an interprocess communication connection. Ermt is normally started up with an ssh(1) rexec(3) or rcmd(3) call.

The ermt program accepts requests specific to the manipulation of magnetic tapes, performs the commands, then responds with a status indication. All responses are in ASCII and in one of the following two forms.

Successful commands have responses of:

Anumber\n

where number is an ASCII representation of a decimal number.

Unsuccessful commands are responded to with:

Eerror-number\nerror-message\n

where error-number is one of the possible error numbers described in intro(2) and error-message is the corresponding error string as printed from a call to perror(3).

The protocol is comprised of the following commands, which are sent as indicated - no spaces are supplied between the command and its arguments, or between its arguments, and \n indicates that a newline should be supplied:

Open the specified device using the indicated mode. Device is a full pathname and mode is an ASCII representation of a decimal number suitable for passing to open(2). If a device had already been opened, it is closed before a new open is performed.
Close the currently open device. The device specified is ignored.
Perform an lseek(2) operation using the specified parameters. The response value is that returned from the lseek call.
Write data onto the open device. Rmt reads count bytes from the connection, aborting if a premature end-of-file is encountered. The response value is that returned from the write(2) call.
Rcount\n
Read count bytes of data from the open device. If count exceeds the size of the data buffer (10 kilobytes), it is truncated to the data buffer size. Rmt then performs the requested read(2) and responds with Acount-read\n if the read was successful; otherwise an error in the standard format is returned. If the read was successful, the data read is then sent.
Perform a MTIOCOP ioctl(2) command using the specified parameters. The parameters are interpreted as the ASCII representations of the decimal values to place in the mt_op and mt_count fields of the structure used in the ioctl call. The return value is the count parameter when the operation is successful.
By issuing the I-1\n0\n command, a client will specify that he is using the VERSION 1 protocol.
For a VERSION 0 client, the operation parameter is the platform mt_op value (could be different if the client and the rmt server are on two different platforms). For a VERSION 1 client, the operation parameter is standardized as below:
0
Issue a MTWEOF command (write count end-of-file records).
1
Issue a MTFSF command (forward space over count file marks).
2
Issue a MTBSF command (backward space over count file marks).
3
Issue a MTFSR command (forward space count inter-record gaps).
4
Issue a MTBSR command (backward space count inter-record gaps).
5
Issue a MTREW command (rewind).
6
Issue a MTOFFL command (rewind and put the drive offline).
7
Issue a MTNOP command (no operation, set status only).
Perform an extended MTIOCOP ioctl(2) command using the specified parameters. The parameters are interpreted as the ASCII representations of the decimal values to place in the mt_op and mt_count fields of the structure used in the ioctl call. The return value is the count parameter when the operation is successful. The possible operations are:
0
Issue a MTCACHE command (switch cache on).
1
Issue a MTNOCACHE command (switch cache off).
2
Issue a MTRETEN command (retension the tape).
3
Issue a MTERASE command (erase the entire tape).
4
Issue a MTEOM command (position to end of media).
5
Issue a MTNBSF command (backward space count files to BOF).
Return the status of the open device, as obtained with a MTIOCGET ioctl call. If the operation was successful, an “ack” is sent with the size of the status buffer, then the status buffer is sent (in binary, which is non-portable between different platforms).
This is a replacement for the previous S command, portable across different platforms. If the open device is a magnetic tape, return members of the magnetic tape status structure, as obtained with a MTIOCGET ioctl call. If the open device is not a magnetic tape, an error is returned. If the MTIOCGET operation was successful, the numerical value of the structure member is returned in decimal. The following sub commands are supported:
return the content of the structure member mt_type which contains the type of the magnetic tape device.
return the content of the structure member mt_dsreg which contains the "drive status register".
return the content of the structure member mt_erreg which contains the "error register". This structure member must be retrieved first because it is cleared after each MTIOCGET ioctl call.
return the content of the structure member mt_resid which contains the residual count of the last I/O.
return the content of the structure member mt_fileno which contains the file number of the current tape position.
return the content of the structure member mt_blkno which contains the block number of the current tape position.
return the content of the structure member mt_flags which contains MTF_ flags from the driver.
return the content of the structure member mt_bf which contains the optimum blocking factor.

Any other command causes rmt to exit.

ENCRYPTION

This version "rmt" utility - ermt have a transparent encryption support. Data is encrypted before it is written to tape, and decrypted when read. and tar) can manipulate encrypted data without modification.

ermt reads the secret key from ".ermt.key" and use openssl(1) for perform encryption and decryption. The symmetric cipher is currently hardwired as Blowfish.

EXAMPLES

Run-time setup:

- Create a user for remote tape access, which we will call "dump":

	su - dump
	openssl rand -out .ermt.key 32
	chmod 400 .ermt.key

Due to the way "openssl enc -kfile .ermt.key" reads the key file, you should ensure that the key contains no \0 or \r or \n characters, which would prematurely truncate the key length.

- Protect the key: copy to many floppies, "od -x .ermt.key|lpr", etc.

- Set up ssh access from root (or whoever you run dump as)

- Copy the ermt binary to ~dump and change dump's shell to ~dump/ermt

or

- If user who run backup program is a same with the user who must to run rmt, just install ermt binary into a bin folder.

Backup usage:

Just dump remotely to localhost:

	dump -0u -f dump@localhost:/dev/st0 /
	restore -i -f dump@localhost:/dev/st0
	# You can use GNU tar too

If your device is doing hardware compression, it's best to turn it off, since encrypted data compresses very poorly.

Emergency decrypting:

If you need to restore a tape and don't have access to a host running ermt, you have two choices:

- If you have a copy of the ermt binary, run it with the -d switch
to decrypt stdin to stdout:

	dd if=/dev/st0 bs=10k |
	(cd ~dump; ./ermt -d) |		# assuming ermt is in ~dump
	restore -i -f -

- If not, use the OpenSSL "openssl" command, which does the same thing:

	dd if=/dev/st0 bs=10k |
	openssl enc -d -kfile ~dump/.ermt.key -blowfish -nosalt -nopad |
	restore -i -f -

ERRORS

If "~/.ermt.key" will not be found, any opertion will fail.

DIAGNOSTICS

All responses are of the form described above.

SEE ALSO

ssh(1), rcmd(3), rexec(3), /usr/include/sys/mtio.h, dump(8), restore(8)

BUGS

People should be discouraged from using this for a remote file access protocol.

AUTHOR

The dump/restore backup suit was ported to Linux's Second Extended File System by Remy Card <card@Linux.EU.Org>. He maintained the initial versions of dump (up and including 0.4b4, released in january 1997).

Starting with 0.4b5, the new maintainer is Stelian Pop <stelian@popies.net>.

AVAILABILITY

The dump/restore backup suit is available from <http://dump.sourceforge.net>

HISTORY

The rmt command appeared in 4.2BSD.

version 0.4b47 of 1 Jan 2021 BSD