[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [hobbit] Future of Hobbit
- To: hobbit (at) hswn.dk
- Subject: Re: [hobbit] Future of Hobbit
- From: "Larry Barber" <lebarber (at) gmail.com>
- Date: Fri, 25 Jan 2008 15:01:25 -0600
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:references; bh=DFWSMySb/gYUHvFdvhkS2/IZcArzIawZIqxttdVVgKU=; b=JCpT15etwWJ+wLQS/k4+PPdvweg4/7qQ0nQSvtHEjV4ncgO+8rJOTs86P69oh83SNZQmkV4kBB2vp4qatMh9VFuvmjO1lxOwaeNFbdauKiNE1ZJZkd8OyLJYRPrsxYOOWTzqB/XEKdUCnJvrN8M0GclxInP0hoaSZpJGEPNt+Rk=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:in-reply-to:mime-version:content-type:references; b=XXIgHjSai/NgzLXKNSKQ4bN2ZLK4HMj7f4FqXR7PDwy5MQkssRoCyoHf2fpOU/wuL+g8nUav4Vix2WbphE1KwYXMultT0xI3k278Y/nJ00uA/3KKclATlX8F42QeYWR65X9LjKs8mtH3GsXHOZC4jiPo7rZmyM0PVjdSIUjqa6U=
- References: <C3BF7B35.16E1%tim.rotunda (at) twcable.com> <479A3BED.5020804 (at) cisco.com> <63019.24.125.67.188.1201292641.squirrel (at) epperson.homelinux.net> <479A48B3.6070200 (at) cisco.com>
<i>people ask what will happen if Henrik leaves the scene for any
reason.</i>
Henrik's code is very clean, any competent C programmer should be able to
maintain it.
Thanks,
Larry Barber
On Jan 25, 2008 2:38 PM, Charles Jones <jonescr (at) cisco.com> wrote:
> Hobbit User in Richmond wrote:
>
> On Fri, January 25, 2008 14:43, Charles Jones wrote:
>
>
> I think Henriks stance on having the server collect data via ssh
> connections just doesn't scale. Sure it works fine for a few dozen
> hosts, but let's say you have 2000 servers...now you are expecting be
> able to make 2000 trouble-free ssh connections before the next polling
> cycle begins. This introduces many problems:
>
>
> I don't recall Henrik advocating this as a Good Thing. In fact, I
> suggested building the ssh capability into Hobbit a while back, and he
> explained why it was not the Right Thing to Do.
>
>
> I think I worded what I said wrong..I meant to say that Henriks stance
> "was that using ssh does not scale". Sorry for the confusion!
>
> A good solution would be an ssl-encrypted, bi-directional protocol. This
> would allow secure transfer of client data, either push or pull, without
> the overhead, management, and security risks of using ssh.
>
>
> Sounds rather like what Henrik said he'd pursue at some point in future,
> when he demurred on the ssh-integration suggestion. In lieu of it, I
> generally have the Hobbit server push an ssh-based port forward for tcp
> 1984 to each client with such a need and let the clients happily report to
> localhost. High port, doesn't have to be a privileged user, and you can
> limit the user via .ssh/authorized_keys. Autossh makes it persistent.
> You have the tunnel overhead, but not the constant setup/teardown of the
> connection. Just another way to skin the cat, has its trade-offs too.
>
>
> Yeah I think he has planned to implement SSL, just hasn't gotten around
> to it, and since he is the only coder, we have to wait...or do we? If
> someone out there is good at C++, why not help Henrik out and do some of the
> coding for him? I've had the fact that Hobbit "only has one coder/author"
> raised as a red flag when I was advocating Hobbit...people ask what will
> happen if Henrik leaves the scene for any reason.
>