Re: [hobbit] Alternate to msgcache/hobbitfetch?

["Hobbit User" <hobbit (at) epperson.homelinux.net>]

On Sat, June 2, 2007 22:50, Haertig, David F (Dave) wrote:
> I guess what I'm looking for is a hobbitfetch variant that uses ssh/scp
> rather than connecting to a msgcache listener.  And along with that, a
> way to configure the client to collect data normally, but skip starting
> a listening service.
>

Why not just use msgcache bound to a localhost address and ssh port
tunneling, front-ended by autossh for persistence?

AUTOSSH_GATETIME=0
autossh -M 0 -f -f -N -L 127.0.0.2:1984:127.0.0.2:1984 \
-i <path-to-rsa-private-key>  someunprivilegeduser (at) dmzserver.example.com

Install autossh.  Do your key exchange, test ssh PKI authentication.  Set
msgcache to --listen=127.0.0.2 and --server=127.0.0.1, use
"dmzserver.example.com 127.0.0.2 # testip pulldata" in bb-hosts, and you
should be good to go, with a msgcache that cannot be fetched except via
your tunnel.  Note that the conn check for this bb-host entry will be
meaningless, and you'll need to add -L port mappings for any other
server-side tests you want.

Writing this from memory, so there might be a syntax error or misspelled
option.  But it's pretty close.  You do need a very up-to-date ssh to
specify the near-side IP on the -L port forward (which helps you to keep
up with tunnels for different hosts--otherwise you have to use different
ports; I actually put in /etc/hosts entries for the 127.0.0.x entries so I
can call them by name).  I know that the near-side ip spec is supported in
the current repo versions for FC5 and up, RHEL5, and Centos5, but not in
RHEL4 and down.  Hope this helps.