rsync 'Connection refused'

K

Kal

Verified User
Joined
Nov 18, 2019
Messages
135
Location
Australia
I'm following these instructions to migrate an account from my old cPanel server to the new Direct Admin server. It's failing here:

rsync -avt -e "ssh -p 12345" /home/user_backups/ [email protected]:/home/admin/converted_user_backup/

This is the error message:
ssh: connect to host host.mydomain.com port 12345: Connection refused
rsync: connection unexpectedly closed (0 bytes received so far) [sender]
rsync error: unexplained error (code 255) at io.c(600) [sender=3.0.6]
Click to expand...

SSH and rsync are installed on both servers. Both servers are using the same custom port. I've searched here and on Stack for answers, but can't find a fix. Can anyone suggest where I might start troubleshooting this?
 
ssh -p 12345 ; it's define a SSH Port.

Your SSH port is "12345" ? sure?
Please check it with " telnet " between your server

if you want to pass " SSH Password " to command , you should use other command to combined with rsync

eg.

Bash: 
SSHPASS='myPassword'
/usr/bin/rsync -a -r -p -o -g --progress --modify-window=1 --exclude /folderOne -s -u --rsh="/usr/bin/sshpass -p $SSHPASS ssh -o StrictHostKeyChecking=no -l root"  source-path  myDomain:dest-path  >&2

this code is combined between rsync and sshpass
 
jamgames2 said:
Your SSH port is "12345" ? sure?
Click to expand...

I used a dummy hostname and port number—I never share actual server config details in a public post. But yes, I'm sure the port number is correct.

jamgames2 said:
if you want to pass " SSH Password " to command , you should use other command to combined with rsync
Click to expand...

I'd rather keep it simple and let rsync prompt me for the password—but it never even gets that far. Any other ideas?
 
If port ssh open, It's can telnet with Lan IP or Wan IP between your server.
Please check it.
 
Kal said:
But yes, I'm sure the port number is correct.
Click to expand...
That might be the case, but it says connection refused, so either connection to the port is limited to certain ip's by the firewall or maybe hosts.allow or something like that, or the port is not open on the remote server.
Edit: Additionaly, remember to also open port 12345 on your current server.
 
Thanks for all the suggestions. Port 12345 is definitely open on both servers—I connect to both regularly over SSH.

I just tested rsync from my Mac to the new server, and it worked! But it still fails from the old server. There's nothing in hosts.allow or hosts.deny on the new server. I'm using CSF, but I don't recall setting up any kind of IP blocks yet. I'll have a closer look at the CSF config and see if I can find anything…
 
Kal said:
Thanks for all the suggestions. Port 12345 is definitely open on both servers—I connect to both regularly over SSH.

I just tested rsync from my Mac to the new server, and it worked! But it still fails from the old server. There's nothing in hosts.allow or hosts.deny on the new server. I'm using CSF, but I don't recall setting up any kind of IP blocks yet. I'll have a closer look at the CSF config and see if I can find anything…
Click to expand...
Is the ssh port open for outgoing connections on the old server(csf: tcp_out)? I saw you could connect incoming on both servers but if you’re connecting incoming to the new server from the old server, the the old server will need the ssh port open outbound.
 
You're spot on @scriptkitty. I figured it out a few hours ago, but hadn't got around to posting yet. I checked /var/log/messages on the outgoing server and saw 'Firewall: *TCP_OUT Blocked*'. In CSF, port 12345 was allowed for incoming TCP ports but not for outgoing. I'd forgotten that they were separate settings in CSF.

Thanks everyone!
 
I'm off the original topic now… but restoring from the cpmove file failed with 'unknown RR type ''_dmarc''. Anyone know what I have to do to get this to work? My first thought was maybe to delete the DMARC record from the old server before migrating it across, then adding it back in manually after restoring in DA?
 
Kal said:
TCP ports but not for outgoing.
Click to expand...
You seem to have misse my edit on post 5 I made a minute after posting. :)

But l'm glad it's working now.

Kal said:
'unknown RR type ''_dmarc''
Click to expand...
That's odd. DA also uses _dmarc for the dmarc records, but not as type. The type is TXT.
It should however be no problem to remove them and add them back after the migration.
 
Richard G said:
Oh you did see it, but did not check it???
Click to expand...

Thanks @Richard G, I did see your edited comment to 'open port 12345 on [my] current server', but since I was connecting to both servers regularly over SSH, the port was clearly open in my mind, as I said before! (scriptkitty spotted my flawed logic there.) Like I said in my last comment, it hadn't actually crossed my mind that there were separate settings for incoming and outgoing ports in CSF. It seems completely obvious to me now, but hey… I'm human and I'm still learning.

Richard G said:
That's odd. DA also uses _dmarc for the dmarc records, but not as type. The type is TXT.
It should however be no problem to remove them and add them back after the migration.
Click to expand...

Yes, DMARC records are really just TXT records, so I agree that it's odd for DA to throw this error.

Thanks again for all your help.
 
Having a closer look at the DA message, it includes a copy of the zone file it was trying to make… The last line is:

Code: 
echo '_dmarc    14400    IN    TXT    "v=DMARC1; p=none; rua=mailto:[email protected]"' >> dns_txt.conf

So something has clearly gone amiss. It looks like it's trying to interpret a line of code as an actual resource record! So it's misinterpreted `echo` as the label, and `'_dmarc` as the resource type. Also, I just checked the zone file on the old server, and it doesn't even have a DMARC record!

Edit: Oops. The line of code is from the custom/dns_txt.conf file which I edited some time ago according to these instructions to automate new DMARC records for all new domains. The echo command was supposed to add the DMARC template to the file, but I somehow added the whole command to the file itself! 🤦‍♂️ Another rookie error I'm afraid, but at least the problem is solved.
 
Last edited:
Kal said:
It seems completely obvious to me now, but hey… I'm human and I'm still learning.
Click to expand...
No problem, I was just wondering why, but now I understand. I could also have been a bit clearer in my answer too. ;)

Kal said:
Another rookie error I'm afraid, but at least the problem is solved.
Click to expand...
Great you found it because errors in custom things can cause some nice search party's if people forget (or forget to mention) they have made custom changes somewhere. So good you remembered and found it!

I presume you also enabled automatic DKIM records? Or just SPF and DMARC?
 
  • Like
Reactions: Kal
Richard G said:
No problem, I was just wondering why, but now I understand. I could also have been a bit clearer in my answer too. ;)
Click to expand...

No worries, all good. :)

Richard G said:
Great you found it because errors in custom things can cause some nice search party's if people forget (or forget to mention) they have made custom changes somewhere. So good you remembered and found it!
Click to expand...

Indeed! That small voice reminded me that I'd made some changes. Thankfully I keep good records (breadcrumbs) of all my changes, so I was able to track it down pretty quickly.

Richard G said:
I presume you also enabled automatic DKIM records? Or just SPF and DMARC?
Click to expand...

Yep. I intend to use all three.
 
You must log in or register to reply here.
Back
Top