On Sat, June 2, 2007 22:50, Haertig, David F (Dave) wrote:
I guess what I'm looking for is a hobbitfetch variant that uses ssh/scp
rather than connecting to a msgcache listener. And along with that, a
way to configure the client to collect data normally, but skip starting
a listening service.
Why not just use msgcache bound to a localhost address and ssh port
tunneling, front-ended by autossh for persistence?
AUTOSSH_GATETIME=0
autossh -M 0 -f -f -N -L 127.0.0.2:1984:127.0.0.2:1984 \
-i <path-to-rsa-private-key> user-df99d5171f96@xymon.invalid
Install autossh. Do your key exchange, test ssh PKI authentication. Set
msgcache to --listen=127.0.0.2 and --server=127.0.0.1, use
"dmzserver.example.com 127.0.0.2 # testip pulldata" in bb-hosts, and you
should be good to go, with a msgcache that cannot be fetched except via
your tunnel. Note that the conn check for this bb-host entry will be
meaningless, and you'll need to add -L port mappings for any other
server-side tests you want.
Writing this from memory, so there might be a syntax error or misspelled
option. But it's pretty close. You do need a very up-to-date ssh to
specify the near-side IP on the -L port forward (which helps you to keep
up with tunnels for different hosts--otherwise you have to use different
ports; I actually put in /etc/hosts entries for the 127.0.0.x entries so I
can call them by name). I know that the near-side ip spec is supported in
the current repo versions for FC5 and up, RHEL5, and Centos5, but not in
RHEL4 and down. Hope this helps.