[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [hobbit] Future of Hobbit

To: hobbit (at) hswn.dk
Subject: Re: [hobbit] Future of Hobbit
From: Charles Jones <jonescr (at) cisco.com>
Date: Fri, 25 Jan 2008 13:38:11 -0700
Authentication-results: sj-dkim-1; header.From=jonescr (at) cisco.com; dkim=pass ( sig from cisco.com/sjdkim1004 verified; );
Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; l=5010; t=1201293685; x=1202157685; c=relaxed/simple; s=sjdkim1004; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=jonescr (at) cisco.com; z=From:=20Charles=20Jones=20<jonescr (at) cisco.com> |Subject:=20Re=3A=20[hobbit]=20Future=20of=20Hobbit |Sender:=20; bh=7/X4RR1ZfmST8LsToJvoxePvRdpG5qAkh/xPdV5jTvY=; b=TwGtxK23EF6F6LENt29MV80EN3m2JGpk7gF2WhZSRVDkSzAWEdAYyP612z tk74ZfiQTxTwxveHVdTWZIGJEJH+w1fE5wBwwPwRbFOtzD8rK9RCCXCeGuEA hFXOFFxT1yJRQ/xZ/njBtn3y7cZnTbxC4JiW8/AMTNnBagu8Fma1Y=;
References: <C3BF7B35.16E1%tim.rotunda (at) twcable.com> <479A3BED.5020804 (at) cisco.com> <63019.24.125.67.188.1201292641.squirrel (at) epperson.homelinux.net>
User-agent: Thunderbird 2.0.0.9 (X11/20071115)

Hobbit User in Richmond wrote:

On Fri, January 25, 2008 14:43, Charles Jones wrote:

I think Henriks stance on having the server collect data via ssh
connections just doesn't scale.  Sure it works fine for a few dozen
hosts, but let's say you have 2000 servers...now you are expecting be
able to make 2000 trouble-free ssh connections before the next polling
cycle begins. This introduces many problems:


I don't recall Henrik advocating this as a Good Thing.  In fact, I
suggested building the ssh capability into Hobbit a while back, and he
explained why it was not the Right Thing to Do.

I think I worded what I said wrong..I meant to say that Henriks stance"was that using ssh does not scale". Sorry for the confusion!

A good solution would be an ssl-encrypted, bi-directional protocol. This
would allow secure transfer of client data, either push or pull, without
the overhead, management, and security risks of using ssh.


Sounds rather like what Henrik said he'd pursue at some point in future,
when he demurred on the ssh-integration suggestion.  In lieu of it, I
generally have the Hobbit server push an ssh-based port forward for tcp
1984 to each client with such a need and let the clients happily report to
localhost.  High port, doesn't have to be a privileged user, and you can

limit the user via .ssh/authorized_keys. Autossh makes it persistent.You have the tunnel overhead, but not the constant setup/teardown of the

connection.  Just another way to skin the cat, has its trade-offs too.

Yeah I think he has planned to implement SSL, just hasn't gotten aroundto it, and since he is the only coder, we have to wait...or do we? Ifsomeone out there is good at C++, why not help Henrik out and do some ofthe coding for him? I've had the fact that Hobbit "only has onecoder/author" raised as a red flag when I was advocating Hobbit...peopleask what will happen if Henrik leaves the scene for any reason.

Follow-Ups:
- RE: [hobbit] Future of Hobbit
  - From: T.J. Yang
- Re: [hobbit] Future of Hobbit
  - From: Larry Barber

References:
- Re: [hobbit] Future of Hobbit
  - From: Tim Rotunda
- Re: [hobbit] Future of Hobbit
  - From: Charles Jones
- Re: [hobbit] Future of Hobbit
  - From: Hobbit User in Richmond

Prev by Date: SNMPTRAPD
Next by Date: Re: [hobbit] Future of Hobbit
Previous by thread: Re: [hobbit] Future of Hobbit
Next by thread: Re: [hobbit] Future of Hobbit
Index(es):
- Date
- Thread