[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [hobbit] Alternate to msgcache/hobbitfetch?
- To: hobbit (at) hswn.dk
- Subject: Re: [hobbit] Alternate to msgcache/hobbitfetch?
- From: "Hobbit User" <hobbit (at) epperson.homelinux.net>
- Date: Sun, 3 Jun 2007 10:33:34 -0400 (EDT)
- Importance: Normal
- References: <9836EA7D7FDAE34099AED87A2D9C3A8D186BB1 (at) 306181ANEX2.global.avaya.com>
- User-agent: SquirrelMail/1.4.10a-1.fc6
On Sat, June 2, 2007 22:50, Haertig, David F (Dave) wrote:
> I guess what I'm looking for is a hobbitfetch variant that uses ssh/scp
> rather than connecting to a msgcache listener. And along with that, a
> way to configure the client to collect data normally, but skip starting
> a listening service.
>
Why not just use msgcache bound to a localhost address and ssh port
tunneling, front-ended by autossh for persistence?
AUTOSSH_GATETIME=0
autossh -M 0 -f -f -N -L 127.0.0.2:1984:127.0.0.2:1984 \
-i <path-to-rsa-private-key> someunprivilegeduser (at) dmzserver.example.com
Install autossh. Do your key exchange, test ssh PKI authentication. Set
msgcache to --listen=127.0.0.2 and --server=127.0.0.1, use
"dmzserver.example.com 127.0.0.2 # testip pulldata" in bb-hosts, and you
should be good to go, with a msgcache that cannot be fetched except via
your tunnel. Note that the conn check for this bb-host entry will be
meaningless, and you'll need to add -L port mappings for any other
server-side tests you want.
Writing this from memory, so there might be a syntax error or misspelled
option. But it's pretty close. You do need a very up-to-date ssh to
specify the near-side IP on the -L port forward (which helps you to keep
up with tunnels for different hosts--otherwise you have to use different
ports; I actually put in /etc/hosts entries for the 127.0.0.x entries so I
can call them by name). I know that the near-side ip spec is supported in
the current repo versions for FC5 and up, RHEL5, and Centos5, but not in
RHEL4 and down. Hope this helps.