[hobbit] Future of Hobbit

Hobbit User in Richmond hobbit at epperson.homelinux.net
Fri Jan 25 21:24:01 CET 2008


On Fri, January 25, 2008 14:43, Charles Jones wrote:
> I think Henriks stance on having the server collect data via ssh
> connections just doesn't scale.  Sure it works fine for a few dozen
> hosts, but let's say you have 2000 servers...now you are expecting be
> able to make 2000 trouble-free ssh connections before the next polling
> cycle begins. This introduces many problems:

I don't recall Henrik advocating this as a Good Thing.  In fact, I
suggested building the ssh capability into Hobbit a while back, and he
explained why it was not the Right Thing to Do.

>
> A good solution would be an ssl-encrypted, bi-directional protocol. This
> would allow secure transfer of client data, either push or pull, without
> the overhead, management, and security risks of using ssh.
>

Sounds rather like what Henrik said he'd pursue at some point in future,
when he demurred on the ssh-integration suggestion.  In lieu of it, I
generally have the Hobbit server push an ssh-based port forward for tcp
1984 to each client with such a need and let the clients happily report to
localhost.  High port, doesn't have to be a privileged user, and you can
limit the user via .ssh/authorized_keys.  Autossh makes it persistent. 
You have the tunnel overhead, but not the constant setup/teardown of the
connection.  Just another way to skin the cat, has its trade-offs too.



More information about the Xymon mailing list