[hobbit] Future of Hobbit
Hobbit User in Richmond
hobbit at epperson.homelinux.net
Fri Jan 25 21:24:01 CET 2008
On Fri, January 25, 2008 14:43, Charles Jones wrote:
> I think Henriks stance on having the server collect data via ssh
> connections just doesn't scale. Sure it works fine for a few dozen
> hosts, but let's say you have 2000 servers...now you are expecting be
> able to make 2000 trouble-free ssh connections before the next polling
> cycle begins. This introduces many problems:
I don't recall Henrik advocating this as a Good Thing. In fact, I
suggested building the ssh capability into Hobbit a while back, and he
explained why it was not the Right Thing to Do.
>
> A good solution would be an ssl-encrypted, bi-directional protocol. This
> would allow secure transfer of client data, either push or pull, without
> the overhead, management, and security risks of using ssh.
>
Sounds rather like what Henrik said he'd pursue at some point in future,
when he demurred on the ssh-integration suggestion. In lieu of it, I
generally have the Hobbit server push an ssh-based port forward for tcp
1984 to each client with such a need and let the clients happily report to
localhost. High port, doesn't have to be a privileged user, and you can
limit the user via .ssh/authorized_keys. Autossh makes it persistent.
You have the tunnel overhead, but not the constant setup/teardown of the
connection. Just another way to skin the cat, has its trade-offs too.
More information about the Xymon
mailing list