[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [hobbit] Using ssh to retrieve hobbit data

To: <hobbit (at) hswn.dk>
Subject: Re: [hobbit] Using ssh to retrieve hobbit data
From: Scott Walters <scott (at) PacketPushers.com>
Date: Wed, 4 Jan 2006 12:39:16 -0500 (EST)

> On Tue, Jan 03, 2006 at 02:37:15PM -0500, James B Horwath wrote:
> > I am converting my BB 19.c system to Hobbit 4.1.2p1.  With BB I used to
> > use ssh to fetch data from remote servers in a DMZ (using the
> > bb-fetchtab).   Can I do this in Hobbit.  I have searched the mail archive
> > and manuals and didn't see the option anywhere.
>
> I haven't done this, but off the top of my head it could be done like
> this:

In these scenarios, I have done a poor mans VPN with SSH instead of
fetching.  Using RSA keys, build a port forward from the BB/hobbit client
local 1984 to the BB/hobbit server.  You then configure the BB/hobbit
client to use localhost as its BB/hobbit server for communications.

This is "trusted Network' to 'DMZ" security friendly . . .

I then run a monitor on the BB/hobbit server, that attempts to detect the
VPN, and create if it doesn't exist.  The VPN is 'activated' by an "rvs"
tag in the bb-hosts file.  I have had issues with the monitor attempting
to build multiple tunnels, but haven't pinned it down.

This all presumes the bb/hobbit user on the bb/hobbit server can signing
via ssh to the bb/hobbit client without passwords (using keys).

Personally, I prefer unencrypted user private keys over HostBased.

-- 
Scott Walters
-PacketPusher

Follow-Ups:
- Re: [hobbit] Using ssh to retrieve hobbit data
  - From: Scott Walters

References:
- Re: [hobbit] Using ssh to retrieve hobbit data
  - From: Henrik Stoerner

Prev by Date: MRTG & Hobbit
Next by Date: Agentless clients
Previous by thread: Re: [hobbit] Using ssh to retrieve hobbit data
Next by thread: Re: [hobbit] Using ssh to retrieve hobbit data
Index(es):
- Date
- Thread