This works for me (RHEL5 machines), if it helps anyone else. Any
comments most welcome:
Create the .ssh folder (on both the hobbit server and the hobbit client)
in /var/lib/hobbit as root, chown it to hobbit:hobbit, and chmod it to
700.
On the hobbit server, now as the hobbit user:
Generate a private/public keypair with an empty password:
$ pwd
/var/lib/hobbit
$ ssh-keygen -t dsa
Copy the generated public key to the hobbit client:
$ scp .ssh/id_dsa.pub hobbit at hobbitclient:/var/lib/hobbit
On the hobbit client:
Rename the public key:
$ mv id_dsa.pub authorized_keys
Copy the authorized_keys file to the user's .ssh directory.
$ mv authorized_keys .ssh/
Check that the authorized_keys file has the following permissions:
-rw-r--r-- 1 hobbit hobbit 603 Aug 14 12:16 authorized_keys
From the server, log on to the client. You should not be prompted for a
password
Modify the hobbit server's /etc/rc.local:
su -c "ssh hobbit at hobbitclient -T -n -N -g -x -R1984:127.0.0.1:1984"
hobbit
Configure /etc/default/hobbit-client on the hobbit client in the DMZ to
connect to localhost:
HOBBITSERVERS="127.0.0.1"
Add the client to /etc/hobbit/bb-hosts on the hobbit server:
10.2.0.5 target_machine
From: Johan Booysen [mailto:user-6f017f1ad8a9@xymon.invalid]
Sent: 14 August 2008 13:26
To: user-ae9b8668bcde@xymon.invalid
Subject: RE: [hobbit] need help in monitoring edmz client
Just to clarify:
I've set up ssh keys authentication between the hobbit server and a
client in our DMZ, for the hobbit user.
I can ssh from server to client without entering a password, so it
works.
If I run ssh hobbit at x.x.x.x -T -n -N -g -x -R1984:127.0.0.1:1984 from
the commanline on the server, communications between server and client
works.
If I add ssh hobbit at 10.2.0.5 -T -n -N -g -x -R1984:127.0.0.1:1984 either
to initttab or /etc/rc.local, then the client stops reporting (after a
server reboot).
Anyone know what I should do?
Thanks.
From: Johan Booysen [mailto:user-6f017f1ad8a9@xymon.invalid]
Sent: 14 August 2008 12:49
To: user-ae9b8668bcde@xymon.invalid
Subject: RE: [hobbit] need help in monitoring edmz client
Daniel,
Do you just simply add that command to inittab?
Thanks.
From: Perumal, Santoshbabu [mailto:user-bc15f54a09ea@xymon.invalid]
Sent: 13 August 2008 19:20
To: user-ae9b8668bcde@xymon.invalid
Subject: RE: [hobbit] need help in monitoring edmz client
HI Daniel
Thanks for your steps. Yes my target machine is UNIX box.
from the hobbit server , run from inittab (I don't understand run from
innittab ..I can run the below command from command line shell promt
right)
ssh user at taregt_machine -T -n -N -g -x -R1984:127.0.0.1:1984
on the target machine, set the hobbit client to connect to localhost
--I have to edit hobbitclient.cfg and change BBDISP value to 127.0.0.1
right..want to make sure...
Also hobbit server has to communicate with target machines(clients) on
port 1984 right.otherwise this step does not work right.
Thanks
From: Daniel Bourque [mailto:user-a141068964db@xymon.invalid]
Sent: Wednesday, August 13, 2008 1:52 PM
To: user-ae9b8668bcde@xymon.invalid
Subject: Re: [hobbit] need help in monitoring edmz client
If the target machine is unix/linux. The simplest way is to use ssh keys
& tunneling.
from the hobbit server , run from inittab
ssh user at taregt_machine -T -n -N -g -x -R1984:127.0.0.1:1984
on the target machine, set the hobbit client to connect to localhost.
Daniel Bourque
Sr. Systems Engineer
WeatherData Service Inc
An Accuweather Company
Perumal, Santoshbabu wrote:
Hi,
We have some servers in edmz.port 1984 is blocked by firewall.so
client cannot able to communicate with hobbit server on port 1984.when I
search around I read about msgcache,hobbitfetch utilities but I am not
familiar with that. can anyone please give me the configuration steps
that I need to make on both server side and edmz client site.
Thanks in advance
Thanks
santhosh
The information contained in this message is intended only for the
recipient, and may be a confidential attorney-client communication or
may otherwise be privileged and confidential and protected from
disclosure. If the reader of this message is not the intended recipient,
or an employee or agent responsible for delivering this message to the
intended recipient, please be aware that any dissemination or copying of
this communication is strictly prohibited. If you have received this
communication in error, please immediately notify us by replying to the
message and deleting it from your computer. The McGraw-Hill Companies,
Inc. reserves the right, subject to applicable local law, to monitor and
review the content of any electronic message or information sent to or
from McGraw-Hill employee e-mail addresses without informing the sender
or recipient of the message.
The information contained in this message is intended only for the
recipient, and may be a confidential attorney-client communication or
may otherwise be privileged and confidential and protected from
disclosure. If the reader of this message is not the intended recipient,
or an employee or agent responsible for delivering this message to the
intended recipient, please be aware that any dissemination or copying of
this communication is strictly prohibited. If you have received this
communication in error, please immediately notify us by replying to the
message and deleting it from your computer. The McGraw-Hill Companies,
Inc. reserves the right, subject to applicable local law, to monitor and
review the content of any electronic message or information sent to or
from McGraw-Hill employee e-mail addresses without informing the sender
or recipient of the message.