[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [hobbit] Future of Hobbit
- To: hobbit (at) hswn.dk
- Subject: Re: [hobbit] Future of Hobbit
- From: "Hobbit User in Richmond" <hobbit (at) epperson.homelinux.net>
- Date: Fri, 25 Jan 2008 15:24:01 -0500 (EST)
- Importance: Normal
- References: <C3BF7B35.16E1%tim.rotunda (at) twcable.com> <479A3BED.5020804 (at) cisco.com>
- User-agent: SquirrelMail/1.4.10a-1.fc7
On Fri, January 25, 2008 14:43, Charles Jones wrote:
> I think Henriks stance on having the server collect data via ssh
> connections just doesn't scale. Sure it works fine for a few dozen
> hosts, but let's say you have 2000 servers...now you are expecting be
> able to make 2000 trouble-free ssh connections before the next polling
> cycle begins. This introduces many problems:
I don't recall Henrik advocating this as a Good Thing. In fact, I
suggested building the ssh capability into Hobbit a while back, and he
explained why it was not the Right Thing to Do.
>
> A good solution would be an ssl-encrypted, bi-directional protocol. This
> would allow secure transfer of client data, either push or pull, without
> the overhead, management, and security risks of using ssh.
>
Sounds rather like what Henrik said he'd pursue at some point in future,
when he demurred on the ssh-integration suggestion. In lieu of it, I
generally have the Hobbit server push an ssh-based port forward for tcp
1984 to each client with such a need and let the clients happily report to
localhost. High port, doesn't have to be a privileged user, and you can
limit the user via .ssh/authorized_keys. Autossh makes it persistent.
You have the tunnel overhead, but not the constant setup/teardown of the
connection. Just another way to skin the cat, has its trade-offs too.