[hobbit] Alternate to msgcache/hobbitfetch?

Hobbit User hobbit at epperson.homelinux.net
Sun Jun 3 16:33:34 CEST 2007


On Sat, June 2, 2007 22:50, Haertig, David F (Dave) wrote:
> I guess what I'm looking for is a hobbitfetch variant that uses ssh/scp
> rather than connecting to a msgcache listener.  And along with that, a
> way to configure the client to collect data normally, but skip starting
> a listening service.
>

Why not just use msgcache bound to a localhost address and ssh port
tunneling, front-ended by autossh for persistence?

AUTOSSH_GATETIME=0
autossh -M 0 -f -f -N -L 127.0.0.2:1984:127.0.0.2:1984 \
-i <path-to-rsa-private-key>  someunprivilegeduser at dmzserver.example.com

Install autossh.  Do your key exchange, test ssh PKI authentication.  Set
msgcache to --listen=127.0.0.2 and --server=127.0.0.1, use
"dmzserver.example.com 127.0.0.2 # testip pulldata" in bb-hosts, and you
should be good to go, with a msgcache that cannot be fetched except via
your tunnel.  Note that the conn check for this bb-host entry will be
meaningless, and you'll need to add -L port mappings for any other
server-side tests you want.

Writing this from memory, so there might be a syntax error or misspelled
option.  But it's pretty close.  You do need a very up-to-date ssh to
specify the near-side IP on the -L port forward (which helps you to keep
up with tunnels for different hosts--otherwise you have to use different
ports; I actually put in /etc/hosts entries for the 127.0.0.x entries so I
can call them by name).  I know that the near-side ip spec is supported in
the current repo versions for FC5 and up, RHEL5, and Centos5, but not in
RHEL4 and down.  Hope this helps.





More information about the Xymon mailing list