need help in monitoring edmz client
list Santoshbabu Perumal
Hi, We have some servers in edmz.port 1984 is blocked by firewall.so client cannot able to communicate with hobbit server on port 1984.when I search around I read about msgcache,hobbitfetch utilities but I am not familiar with that. can anyone please give me the configuration steps that I need to make on both server side and edmz client site. Thanks in advance Thanks santhosh The information contained in this message is intended only for the recipient, and may be a confidential attorney-client communication or may otherwise be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, please be aware that any dissemination or copying of this communication is strictly prohibited. If you have received this communication in error, please immediately notify us by replying to the message and deleting it from your computer. The McGraw-Hill Companies, Inc. reserves the right, subject to applicable local law, to monitor and review the content of any electronic message or information sent to or from McGraw-Hill employee e-mail addresses without informing the sender or recipient of the message.
list Daniel Bourque
If the target machine is unix/linux. The simplest way is to use ssh keys & tunneling. from the hobbit server , run from inittab ssh user at taregt_machine -T -n -N -g -x -R1984:127.0.0.1:1984 on the target machine, set the hobbit client to connect to localhost. Daniel Bourque Sr. Systems Engineer WeatherData Service Inc An Accuweather Company
▸
Perumal, Santoshbabu wrote:Hi, We have some servers in edmz.port 1984 is blocked by firewall.so client cannot able to communicate with hobbit server on port 1984.when I search around I read about msgcache,hobbitfetch utilities but I am not familiar with that. can anyone please give me the configuration steps that I need to make on both server side and edmz client site. Thanks in advance Thanks santhosh The information contained in this message is intended only for the recipient, and may be a confidential attorney-client communication or may otherwise be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, please be aware that any dissemination or copying of this communication is strictly prohibited. If you have received this communication in error, please immediately notify us by replying to the message and deleting it from your computer. The McGraw-Hill Companies, Inc. reserves the right, subject to applicable local law, to monitor and review the content of any electronic message or information sent to or from McGraw-Hill employee e-mail addresses without informing the sender or recipient of the message.
list Santoshbabu Perumal
HI Daniel Thanks for your steps. Yes my target machine is UNIX box. from the hobbit server , run from inittab (I don't understand run from innittab ..I can run the below command from command line shell promt right)
▸
ssh user at taregt_machine -T -n -N -g -x -R1984:127.0.0.1:1984
on the target machine, set the hobbit client to connect to localhost
--I have to edit hobbitclient.cfg and change BBDISP value to 127.0.0.1
right..want to make sure...
Also hobbit server has to communicate with target machines(clients) on
port 1984 right.otherwise this step does not work right.
Thanks
▸
From: Daniel Bourque [mailto:user-a141068964db@xymon.invalid]
Sent: Wednesday, August 13, 2008 1:52 PM
To: user-ae9b8668bcde@xymon.invalid
Subject: Re: [hobbit] need help in monitoring edmz client
If the target machine is unix/linux. The simplest way is to use ssh keys
& tunneling.
from the hobbit server , run from inittab
ssh user at taregt_machine -T -n -N -g -x -R1984:127.0.0.1:1984
on the target machine, set the hobbit client to connect to localhost.
Daniel Bourque
Sr. Systems Engineer
WeatherData Service Inc
An Accuweather Company
Perumal, Santoshbabu wrote:
Hi,
We have some servers in edmz.port 1984 is blocked by firewall.so
client cannot able to communicate with hobbit server on port 1984.when I
search around I read about msgcache,hobbitfetch utilities but I am not
familiar with that. can anyone please give me the configuration steps
that I need to make on both server side and edmz client site.
Thanks in advance
Thanks
santhosh
The information contained in this message is intended only for the
recipient, and may be a confidential attorney-client communication or
may otherwise be privileged and confidential and protected from
disclosure. If the reader of this message is not the intended recipient,
or an employee or agent responsible for delivering this message to the
intended recipient, please be aware that any dissemination or copying of
this communication is strictly prohibited. If you have received this
communication in error, please immediately notify us by replying to the
message and deleting it from your computer. The McGraw-Hill Companies,
Inc. reserves the right, subject to applicable local law, to monitor and
review the content of any electronic message or information sent to or
from McGraw-Hill employee e-mail addresses without informing the sender
or recipient of the message.
The information contained in this message is intended only for the recipient, and may be a confidential attorney-client communication or may otherwise be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, please be aware that any dissemination or copying of this communication is strictly prohibited. If you have received this communication in error, please immediately notify us by replying to the message and deleting it from your computer. The McGraw-Hill Companies, Inc. reserves the right, subject to applicable local law, to monitor and review the content of any electronic message or information sent to or from McGraw-Hill employee e-mail addresses without informing the sender or recipient of the message.
list Johan Booysen
Daniel, Do you just simply add that command to inittab? Thanks.
▸
From: Perumal, Santoshbabu [mailto:user-bc15f54a09ea@xymon.invalid]
Sent: 13 August 2008 19:20
To: user-ae9b8668bcde@xymon.invalid
Subject: RE: [hobbit] need help in monitoring edmz client
HI Daniel
Thanks for your steps. Yes my target machine is UNIX box.
from the hobbit server , run from inittab (I don't understand run from
innittab ..I can run the below command from command line shell promt
right)
ssh user at taregt_machine -T -n -N -g -x -R1984:127.0.0.1:1984
on the target machine, set the hobbit client to connect to localhost
--I have to edit hobbitclient.cfg and change BBDISP value to 127.0.0.1
right..want to make sure...
Also hobbit server has to communicate with target machines(clients) on
port 1984 right.otherwise this step does not work right.
Thanks
From: Daniel Bourque [mailto:user-a141068964db@xymon.invalid]
Sent: Wednesday, August 13, 2008 1:52 PM
To: user-ae9b8668bcde@xymon.invalid
Subject: Re: [hobbit] need help in monitoring edmz client
If the target machine is unix/linux. The simplest way is to use ssh keys
& tunneling.
from the hobbit server , run from inittab
ssh user at taregt_machine -T -n -N -g -x -R1984:127.0.0.1:1984
on the target machine, set the hobbit client to connect to localhost.
Daniel Bourque
Sr. Systems Engineer
WeatherData Service Inc
An Accuweather Company
Perumal, Santoshbabu wrote:
Hi,
We have some servers in edmz.port 1984 is blocked by firewall.so
client cannot able to communicate with hobbit server on port 1984.when I
search around I read about msgcache,hobbitfetch utilities but I am not
familiar with that. can anyone please give me the configuration steps
that I need to make on both server side and edmz client site.
Thanks in advance
Thanks
santhosh
The information contained in this message is intended only for the
recipient, and may be a confidential attorney-client communication or
may otherwise be privileged and confidential and protected from
disclosure. If the reader of this message is not the intended recipient,
or an employee or agent responsible for delivering this message to the
intended recipient, please be aware that any dissemination or copying of
this communication is strictly prohibited. If you have received this
communication in error, please immediately notify us by replying to the
message and deleting it from your computer. The McGraw-Hill Companies,
Inc. reserves the right, subject to applicable local law, to monitor and
review the content of any electronic message or information sent to or
from McGraw-Hill employee e-mail addresses without informing the sender
or recipient of the message.
The information contained in this message is intended only for the
recipient, and may be a confidential attorney-client communication or
may otherwise be privileged and confidential and protected from
disclosure. If the reader of this message is not the intended recipient,
or an employee or agent responsible for delivering this message to the
intended recipient, please be aware that any dissemination or copying of
this communication is strictly prohibited. If you have received this
communication in error, please immediately notify us by replying to the
message and deleting it from your computer. The McGraw-Hill Companies,
Inc. reserves the right, subject to applicable local law, to monitor and
review the content of any electronic message or information sent to or
from McGraw-Hill employee e-mail addresses without informing the sender
or recipient of the message.
list Johan Booysen
Just to clarify: I've set up ssh keys authentication between the hobbit server and a client in our DMZ, for the hobbit user. I can ssh from server to client without entering a password, so it works. If I run ssh hobbit at x.x.x.x -T -n -N -g -x -R1984:127.0.0.1:1984 from the commanline on the server, communications between server and client works. If I add ssh hobbit at 10.2.0.5 -T -n -N -g -x -R1984:127.0.0.1:1984 either to initttab or /etc/rc.local, then the client stops reporting (after a server reboot). Anyone know what I should do? Thanks.
▸
From: Johan Booysen [mailto:user-6f017f1ad8a9@xymon.invalid]
Sent: 14 August 2008 12:49
To: user-ae9b8668bcde@xymon.invalid
Subject: RE: [hobbit] need help in monitoring edmz client
Daniel,
Do you just simply add that command to inittab?
Thanks.
From: Perumal, Santoshbabu [mailto:user-bc15f54a09ea@xymon.invalid]
Sent: 13 August 2008 19:20
To: user-ae9b8668bcde@xymon.invalid
Subject: RE: [hobbit] need help in monitoring edmz client
HI Daniel
Thanks for your steps. Yes my target machine is UNIX box.
from the hobbit server , run from inittab (I don't understand run from
innittab ..I can run the below command from command line shell promt
right)
ssh user at taregt_machine -T -n -N -g -x -R1984:127.0.0.1:1984
on the target machine, set the hobbit client to connect to localhost
--I have to edit hobbitclient.cfg and change BBDISP value to 127.0.0.1
right..want to make sure...
Also hobbit server has to communicate with target machines(clients) on
port 1984 right.otherwise this step does not work right.
Thanks
From: Daniel Bourque [mailto:user-a141068964db@xymon.invalid]
Sent: Wednesday, August 13, 2008 1:52 PM
To: user-ae9b8668bcde@xymon.invalid
Subject: Re: [hobbit] need help in monitoring edmz client
If the target machine is unix/linux. The simplest way is to use ssh keys
& tunneling.
from the hobbit server , run from inittab
ssh user at taregt_machine -T -n -N -g -x -R1984:127.0.0.1:1984
on the target machine, set the hobbit client to connect to localhost.
Daniel Bourque
Sr. Systems Engineer
WeatherData Service Inc
An Accuweather Company
Perumal, Santoshbabu wrote:
Hi,
We have some servers in edmz.port 1984 is blocked by firewall.so
client cannot able to communicate with hobbit server on port 1984.when I
search around I read about msgcache,hobbitfetch utilities but I am not
familiar with that. can anyone please give me the configuration steps
that I need to make on both server side and edmz client site.
Thanks in advance
Thanks
santhosh
The information contained in this message is intended only for the
recipient, and may be a confidential attorney-client communication or
may otherwise be privileged and confidential and protected from
disclosure. If the reader of this message is not the intended recipient,
or an employee or agent responsible for delivering this message to the
intended recipient, please be aware that any dissemination or copying of
this communication is strictly prohibited. If you have received this
communication in error, please immediately notify us by replying to the
message and deleting it from your computer. The McGraw-Hill Companies,
Inc. reserves the right, subject to applicable local law, to monitor and
review the content of any electronic message or information sent to or
from McGraw-Hill employee e-mail addresses without informing the sender
or recipient of the message.
The information contained in this message is intended only for the
recipient, and may be a confidential attorney-client communication or
may otherwise be privileged and confidential and protected from
disclosure. If the reader of this message is not the intended recipient,
or an employee or agent responsible for delivering this message to the
intended recipient, please be aware that any dissemination or copying of
this communication is strictly prohibited. If you have received this
communication in error, please immediately notify us by replying to the
message and deleting it from your computer. The McGraw-Hill Companies,
Inc. reserves the right, subject to applicable local law, to monitor and
review the content of any electronic message or information sent to or
from McGraw-Hill employee e-mail addresses without informing the sender
or recipient of the message.
list Johan Booysen
This works for me (RHEL5 machines), if it helps anyone else. Any comments most welcome: Create the .ssh folder (on both the hobbit server and the hobbit client) in /var/lib/hobbit as root, chown it to hobbit:hobbit, and chmod it to 700. On the hobbit server, now as the hobbit user: Generate a private/public keypair with an empty password: $ pwd /var/lib/hobbit $ ssh-keygen -t dsa Copy the generated public key to the hobbit client: $ scp .ssh/id_dsa.pub hobbit at hobbitclient:/var/lib/hobbit On the hobbit client: Rename the public key: $ mv id_dsa.pub authorized_keys Copy the authorized_keys file to the user's .ssh directory. $ mv authorized_keys .ssh/ Check that the authorized_keys file has the following permissions: -rw-r--r-- 1 hobbit hobbit 603 Aug 14 12:16 authorized_keys From the server, log on to the client. You should not be prompted for a password Modify the hobbit server's /etc/rc.local: su -c "ssh hobbit at hobbitclient -T -n -N -g -x -R1984:127.0.0.1:1984" hobbit Configure /etc/default/hobbit-client on the hobbit client in the DMZ to connect to localhost: HOBBITSERVERS="127.0.0.1" Add the client to /etc/hobbit/bb-hosts on the hobbit server: 10.2.0.5 target_machine
▸
From: Johan Booysen [mailto:user-6f017f1ad8a9@xymon.invalid]
Sent: 14 August 2008 13:26
To: user-ae9b8668bcde@xymon.invalid
Subject: RE: [hobbit] need help in monitoring edmz client
Just to clarify:
I've set up ssh keys authentication between the hobbit server and a
client in our DMZ, for the hobbit user.
I can ssh from server to client without entering a password, so it
works.
If I run ssh hobbit at x.x.x.x -T -n -N -g -x -R1984:127.0.0.1:1984 from
the commanline on the server, communications between server and client
works.
If I add ssh hobbit at 10.2.0.5 -T -n -N -g -x -R1984:127.0.0.1:1984 either
to initttab or /etc/rc.local, then the client stops reporting (after a
server reboot).
Anyone know what I should do?
Thanks.
From: Johan Booysen [mailto:user-6f017f1ad8a9@xymon.invalid]
Sent: 14 August 2008 12:49
To: user-ae9b8668bcde@xymon.invalid
Subject: RE: [hobbit] need help in monitoring edmz client
Daniel,
Do you just simply add that command to inittab?
Thanks.
From: Perumal, Santoshbabu [mailto:user-bc15f54a09ea@xymon.invalid]
Sent: 13 August 2008 19:20
To: user-ae9b8668bcde@xymon.invalid
Subject: RE: [hobbit] need help in monitoring edmz client
HI Daniel
Thanks for your steps. Yes my target machine is UNIX box.
from the hobbit server , run from inittab (I don't understand run from
innittab ..I can run the below command from command line shell promt
right)
ssh user at taregt_machine -T -n -N -g -x -R1984:127.0.0.1:1984
on the target machine, set the hobbit client to connect to localhost
--I have to edit hobbitclient.cfg and change BBDISP value to 127.0.0.1
right..want to make sure...
Also hobbit server has to communicate with target machines(clients) on
port 1984 right.otherwise this step does not work right.
Thanks
From: Daniel Bourque [mailto:user-a141068964db@xymon.invalid]
Sent: Wednesday, August 13, 2008 1:52 PM
To: user-ae9b8668bcde@xymon.invalid
Subject: Re: [hobbit] need help in monitoring edmz client
If the target machine is unix/linux. The simplest way is to use ssh keys
& tunneling.
from the hobbit server , run from inittab
ssh user at taregt_machine -T -n -N -g -x -R1984:127.0.0.1:1984
on the target machine, set the hobbit client to connect to localhost.
Daniel Bourque
Sr. Systems Engineer
WeatherData Service Inc
An Accuweather Company
Perumal, Santoshbabu wrote:
Hi,
We have some servers in edmz.port 1984 is blocked by firewall.so
client cannot able to communicate with hobbit server on port 1984.when I
search around I read about msgcache,hobbitfetch utilities but I am not
familiar with that. can anyone please give me the configuration steps
that I need to make on both server side and edmz client site.
Thanks in advance
Thanks
santhosh
The information contained in this message is intended only for the
recipient, and may be a confidential attorney-client communication or
may otherwise be privileged and confidential and protected from
disclosure. If the reader of this message is not the intended recipient,
or an employee or agent responsible for delivering this message to the
intended recipient, please be aware that any dissemination or copying of
this communication is strictly prohibited. If you have received this
communication in error, please immediately notify us by replying to the
message and deleting it from your computer. The McGraw-Hill Companies,
Inc. reserves the right, subject to applicable local law, to monitor and
review the content of any electronic message or information sent to or
from McGraw-Hill employee e-mail addresses without informing the sender
or recipient of the message.
The information contained in this message is intended only for the
recipient, and may be a confidential attorney-client communication or
may otherwise be privileged and confidential and protected from
disclosure. If the reader of this message is not the intended recipient,
or an employee or agent responsible for delivering this message to the
intended recipient, please be aware that any dissemination or copying of
this communication is strictly prohibited. If you have received this
communication in error, please immediately notify us by replying to the
message and deleting it from your computer. The McGraw-Hill Companies,
Inc. reserves the right, subject to applicable local law, to monitor and
review the content of any electronic message or information sent to or
from McGraw-Hill employee e-mail addresses without informing the sender
or recipient of the message.
list Johan Booysen
I want to be able to monitor 2 hosts in the dmz. Having su -c "ssh hobbit at hobbitclient -T -n -N -g -x -R1984:127.0.0.1:1984" hobbit in /etc/rc.local seems to work for the first host. I added a second line like that for a second host, but it doesn't work for the second host unless I execute the command manually - at which point both dmz hosts report back. Does anyone know why this is happening and how I can get it to work?
▸
Thanks.
From: Johan Booysen [mailto:user-6f017f1ad8a9@xymon.invalid]
Sent: 14 August 2008 14:02
To: user-ae9b8668bcde@xymon.invalid
Subject: RE: [hobbit] need help in monitoring edmz client
This works for me (RHEL5 machines), if it helps anyone else. Any
comments most welcome:
Create the .ssh folder (on both the hobbit server and the hobbit client)
in /var/lib/hobbit as root, chown it to hobbit:hobbit, and chmod it to
700.
On the hobbit server, now as the hobbit user:
Generate a private/public keypair with an empty password:
$ pwd
/var/lib/hobbit
$ ssh-keygen -t dsa
Copy the generated public key to the hobbit client:
$ scp .ssh/id_dsa.pub hobbit at hobbitclient:/var/lib/hobbit
On the hobbit client:
Rename the public key:
$ mv id_dsa.pub authorized_keys
Copy the authorized_keys file to the user's .ssh directory.
$ mv authorized_keys .ssh/
Check that the authorized_keys file has the following permissions:
-rw-r--r-- 1 hobbit hobbit 603 Aug 14 12:16 authorized_keys
From the server, log on to the client. You should not be prompted for a
password
Modify the hobbit server's /etc/rc.local:
su -c "ssh hobbit at hobbitclient -T -n -N -g -x -R1984:127.0.0.1:1984"
hobbit
Configure /etc/default/hobbit-client on the hobbit client in the DMZ to
connect to localhost:
HOBBITSERVERS="127.0.0.1"
Add the client to /etc/hobbit/bb-hosts on the hobbit server:
10.2.0.5 target_machine
From: Johan Booysen [mailto:user-6f017f1ad8a9@xymon.invalid]
Sent: 14 August 2008 13:26
To: user-ae9b8668bcde@xymon.invalid
Subject: RE: [hobbit] need help in monitoring edmz client
Just to clarify:
I've set up ssh keys authentication between the hobbit server and a
client in our DMZ, for the hobbit user.
I can ssh from server to client without entering a password, so it
works.
If I run ssh hobbit at x.x.x.x -T -n -N -g -x -R1984:127.0.0.1:1984 from
the commanline on the server, communications between server and client
works.
If I add ssh hobbit at 10.2.0.5 -T -n -N -g -x -R1984:127.0.0.1:1984 either
to initttab or /etc/rc.local, then the client stops reporting (after a
server reboot).
Anyone know what I should do?
Thanks.
From: Johan Booysen [mailto:user-6f017f1ad8a9@xymon.invalid]
Sent: 14 August 2008 12:49
To: user-ae9b8668bcde@xymon.invalid
Subject: RE: [hobbit] need help in monitoring edmz client
Daniel,
Do you just simply add that command to inittab?
Thanks.
From: Perumal, Santoshbabu [mailto:user-bc15f54a09ea@xymon.invalid]
Sent: 13 August 2008 19:20
To: user-ae9b8668bcde@xymon.invalid
Subject: RE: [hobbit] need help in monitoring edmz client
HI Daniel
Thanks for your steps. Yes my target machine is UNIX box.
from the hobbit server , run from inittab (I don't understand run from
innittab ..I can run the below command from command line shell promt
right)
ssh user at taregt_machine -T -n -N -g -x -R1984:127.0.0.1:1984
on the target machine, set the hobbit client to connect to localhost
--I have to edit hobbitclient.cfg and change BBDISP value to 127.0.0.1
right..want to make sure...
Also hobbit server has to communicate with target machines(clients) on
port 1984 right.otherwise this step does not work right.
Thanks
From: Daniel Bourque [mailto:user-a141068964db@xymon.invalid]
Sent: Wednesday, August 13, 2008 1:52 PM
To: user-ae9b8668bcde@xymon.invalid
Subject: Re: [hobbit] need help in monitoring edmz client
If the target machine is unix/linux. The simplest way is to use ssh keys
& tunneling.
from the hobbit server , run from inittab
ssh user at taregt_machine -T -n -N -g -x -R1984:127.0.0.1:1984
on the target machine, set the hobbit client to connect to localhost.
Daniel Bourque
Sr. Systems Engineer
WeatherData Service Inc
An Accuweather Company
Perumal, Santoshbabu wrote:
Hi,
We have some servers in edmz.port 1984 is blocked by firewall.so
client cannot able to communicate with hobbit server on port 1984.when I
search around I read about msgcache,hobbitfetch utilities but I am not
familiar with that. can anyone please give me the configuration steps
that I need to make on both server side and edmz client site.
Thanks in advance
Thanks
santhosh
The information contained in this message is intended only for the
recipient, and may be a confidential attorney-client communication or
may otherwise be privileged and confidential and protected from
disclosure. If the reader of this message is not the intended recipient,
or an employee or agent responsible for delivering this message to the
intended recipient, please be aware that any dissemination or copying of
this communication is strictly prohibited. If you have received this
communication in error, please immediately notify us by replying to the
message and deleting it from your computer. The McGraw-Hill Companies,
Inc. reserves the right, subject to applicable local law, to monitor and
review the content of any electronic message or information sent to or
from McGraw-Hill employee e-mail addresses without informing the sender
or recipient of the message.
The information contained in this message is intended only for the
recipient, and may be a confidential attorney-client communication or
may otherwise be privileged and confidential and protected from
disclosure. If the reader of this message is not the intended recipient,
or an employee or agent responsible for delivering this message to the
intended recipient, please be aware that any dissemination or copying of
this communication is strictly prohibited. If you have received this
communication in error, please immediately notify us by replying to the
message and deleting it from your computer. The McGraw-Hill Companies,
Inc. reserves the right, subject to applicable local law, to monitor and
review the content of any electronic message or information sent to or
from McGraw-Hill employee e-mail addresses without informing the sender
or recipient of the message.
list Padraig Lennon
Not sure if this is of any use to you Johan.. I have a server side script which controls the ssh tunnels to my windows/*nix clients which are in the DMZ Basically it requires that you put a tag at the end of the client name in bb-hosts called ssh-tunnel Its hardly a work of art but it works ok for us.. If it sees the connection is down it will warn and continue to retry the connection.. Hope this helps.. regards Padraig Lennon Senior Systems Engineer Production Services Pioneer Global Investments (Dublin) 5th Floor Georges Quay Plaza, Dublin 2 ext: XXXX Direct dial: 00353 1 480 2081
▸
From: Johan Booysen [mailto:user-6f017f1ad8a9@xymon.invalid]
Sent: 14 August 2008 16:57
To: user-ae9b8668bcde@xymon.invalid
Subject: RE: [hobbit] need help in monitoring edmz client
I want to be able to monitor 2 hosts in the dmz.
Having su -c "ssh hobbit at hobbitclient -T -n -N -g -x
-R1984:127.0.0.1:1984" hobbit in /etc/rc.local seems to work for the
first host. I added a second line like that for a second host, but it
doesn't work for the second host unless I execute the command manually -
at which point both dmz hosts report back.
Does anyone know why this is happening and how I can get it to work?
Thanks.
From: Johan Booysen [mailto:user-6f017f1ad8a9@xymon.invalid]
Sent: 14 August 2008 14:02
To: user-ae9b8668bcde@xymon.invalid
Subject: RE: [hobbit] need help in monitoring edmz client
This works for me (RHEL5 machines), if it helps anyone else. Any
comments most welcome:
Create the .ssh folder (on both the hobbit server and the hobbit client)
in /var/lib/hobbit as root, chown it to hobbit:hobbit, and chmod it to
700.
On the hobbit server, now as the hobbit user:
Generate a private/public keypair with an empty password:
$ pwd
/var/lib/hobbit
$ ssh-keygen -t dsa
Copy the generated public key to the hobbit client:
$ scp .ssh/id_dsa.pub hobbit at hobbitclient:/var/lib/hobbit
On the hobbit client:
Rename the public key:
$ mv id_dsa.pub authorized_keys
Copy the authorized_keys file to the user's .ssh directory.
$ mv authorized_keys .ssh/
Check that the authorized_keys file has the following permissions:
-rw-r--r-- 1 hobbit hobbit 603 Aug 14 12:16 authorized_keys
From the server, log on to the client. You should not be prompted for a
password
Modify the hobbit server's /etc/rc.local:
su -c "ssh hobbit at hobbitclient -T -n -N -g -x -R1984:127.0.0.1:1984"
hobbit
Configure /etc/default/hobbit-client on the hobbit client in the DMZ to
connect to localhost:
HOBBITSERVERS="127.0.0.1"
Add the client to /etc/hobbit/bb-hosts on the hobbit server:
10.2.0.5 target_machine
From: Johan Booysen [mailto:user-6f017f1ad8a9@xymon.invalid]
Sent: 14 August 2008 13:26
To: user-ae9b8668bcde@xymon.invalid
Subject: RE: [hobbit] need help in monitoring edmz client
Just to clarify:
I've set up ssh keys authentication between the hobbit server and a
client in our DMZ, for the hobbit user.
I can ssh from server to client without entering a password, so it
works.
If I run ssh hobbit at x.x.x.x -T -n -N -g -x -R1984:127.0.0.1:1984 from
the commanline on the server, communications between server and client
works.
If I add ssh hobbit at 10.2.0.5 -T -n -N -g -x -R1984:127.0.0.1:1984 either
to initttab or /etc/rc.local, then the client stops reporting (after a
server reboot).
Anyone know what I should do?
Thanks.
From: Johan Booysen [mailto:user-6f017f1ad8a9@xymon.invalid]
Sent: 14 August 2008 12:49
To: user-ae9b8668bcde@xymon.invalid
Subject: RE: [hobbit] need help in monitoring edmz client
Daniel,
Do you just simply add that command to inittab?
Thanks.
From: Perumal, Santoshbabu [mailto:user-bc15f54a09ea@xymon.invalid]
Sent: 13 August 2008 19:20
To: user-ae9b8668bcde@xymon.invalid
Subject: RE: [hobbit] need help in monitoring edmz client
HI Daniel
Thanks for your steps. Yes my target machine is UNIX box.
from the hobbit server , run from inittab (I don't understand run from
innittab ..I can run the below command from command line shell promt
right)
ssh user at taregt_machine -T -n -N -g -x -R1984:127.0.0.1:1984
on the target machine, set the hobbit client to connect to localhost
--I have to edit hobbitclient.cfg and change BBDISP value to 127.0.0.1
right..want to make sure...
Also hobbit server has to communicate with target machines(clients) on
port 1984 right.otherwise this step does not work right.
Thanks
From: Daniel Bourque [mailto:user-a141068964db@xymon.invalid]
Sent: Wednesday, August 13, 2008 1:52 PM
To: user-ae9b8668bcde@xymon.invalid
Subject: Re: [hobbit] need help in monitoring edmz client
If the target machine is unix/linux. The simplest way is to use ssh keys
& tunneling.
from the hobbit server , run from inittab
ssh user at taregt_machine -T -n -N -g -x -R1984:127.0.0.1:1984
on the target machine, set the hobbit client to connect to localhost.
Daniel Bourque
Sr. Systems Engineer
WeatherData Service Inc
An Accuweather Company
Perumal, Santoshbabu wrote:
Hi,
We have some servers in edmz.port 1984 is blocked by firewall.so
client cannot able to communicate with hobbit server on port 1984.when I
search around I read about msgcache,hobbitfetch utilities but I am not
familiar with that. can anyone please give me the configuration steps
that I need to make on both server side and edmz client site.
Thanks in advance
Thanks
santhosh
The information contained in this message is intended only for the
recipient, and may be a confidential attorney-client communication or
may otherwise be privileged and confidential and protected from
disclosure. If the reader of this message is not the intended recipient,
or an employee or agent responsible for delivering this message to the
intended recipient, please be aware that any dissemination or copying of
this communication is strictly prohibited. If you have received this
communication in error, please immediately notify us by replying to the
message and deleting it from your computer. The McGraw-Hill Companies,
Inc. reserves the right, subject to applicable local law, to monitor and
review the content of any electronic message or information sent to or
from McGraw-Hill employee e-mail addresses without informing the sender
or recipient of the message.
The information contained in this message is intended only for the
recipient, and may be a confidential attorney-client communication or
may otherwise be privileged and confidential and protected from
disclosure. If the reader of this message is not the intended recipient,
or an employee or agent responsible for delivering this message to the
intended recipient, please be aware that any dissemination or copying of
this communication is strictly prohibited. If you have received this
communication in error, please immediately notify us by replying to the
message and deleting it from your computer. The McGraw-Hill Companies,
Inc. reserves the right, subject to applicable local law, to monitor and
review the content of any electronic message or information sent to or
from McGraw-Hill employee e-mail addresses without informing the sender
or recipient of the message.
Attachments (1)
list Galen Johnson
How about put this up on The Shire? I would say under Add-ons... =G=
▸
From: Lennon, Padraig [mailto:user-7738cfcc6ae0@xymon.invalid]
Sent: Thursday, August 14, 2008 12:05 PM
To: user-ae9b8668bcde@xymon.invalid
Subject: RE: [hobbit] need help in monitoring edmz client
Not sure if this is of any use to you Johan..
I have a server side script which controls the ssh tunnels to my windows/*nix clients which are in the DMZ
Basically it requires that you put a tag at the end of the client name in bb-hosts called ssh-tunnel
Its hardly a work of art but it works ok for us.. If it sees the connection is down it will warn and continue to retry the connection..
Hope this helps..
regards
Padraig Lennon
Senior Systems Engineer
Production Services
Pioneer Global Investments (Dublin)
5th Floor Georges Quay Plaza, Dublin 2
ext: XXXX
Direct dial: 00353 1 480 2081
From: Johan Booysen [mailto:user-6f017f1ad8a9@xymon.invalid]
Sent: 14 August 2008 16:57
To: user-ae9b8668bcde@xymon.invalid
Subject: RE: [hobbit] need help in monitoring edmz client
I want to be able to monitor 2 hosts in the dmz.
Having su -c "ssh hobbit at hobbitclient -T -n -N -g -x -R1984:127.0.0.1:1984" hobbit in /etc/rc.local seems to work for the first host. I added a second line like that for a second host, but it doesn't work for the second host unless I execute the command manually - at which point both dmz hosts report back.
Does anyone know why this is happening and how I can get it to work?
Thanks.
From: Johan Booysen [mailto:user-6f017f1ad8a9@xymon.invalid]
Sent: 14 August 2008 14:02
To: user-ae9b8668bcde@xymon.invalid
Subject: RE: [hobbit] need help in monitoring edmz client
This works for me (RHEL5 machines), if it helps anyone else. Any comments most welcome:
Create the .ssh folder (on both the hobbit server and the hobbit client) in /var/lib/hobbit as root, chown it to hobbit:hobbit, and chmod it to 700.
On the hobbit server, now as the hobbit user:
Generate a private/public keypair with an empty password:
$ pwd
/var/lib/hobbit
$ ssh-keygen -t dsa
Copy the generated public key to the hobbit client:
$ scp .ssh/id_dsa.pub hobbit at hobbitclient:/var/lib/hobbit
On the hobbit client:
Rename the public key:
$ mv id_dsa.pub authorized_keys
Copy the authorized_keys file to the user's .ssh directory.
$ mv authorized_keys .ssh/
Check that the authorized_keys file has the following permissions:
-rw-r--r-- 1 hobbit hobbit 603 Aug 14 12:16 authorized_keys
From the server, log on to the client. You should not be prompted for a password
Modify the hobbit server's /etc/rc.local:
su -c "ssh hobbit at hobbitclient -T -n -N -g -x -R1984:127.0.0.1:1984" hobbit
Configure /etc/default/hobbit-client on the hobbit client in the DMZ to connect to localhost:
HOBBITSERVERS="127.0.0.1"
Add the client to /etc/hobbit/bb-hosts on the hobbit server:
10.2.0.5 target_machine
From: Johan Booysen [mailto:user-6f017f1ad8a9@xymon.invalid]
Sent: 14 August 2008 13:26
To: user-ae9b8668bcde@xymon.invalid
Subject: RE: [hobbit] need help in monitoring edmz client
Just to clarify:
I've set up ssh keys authentication between the hobbit server and a client in our DMZ, for the hobbit user.
I can ssh from server to client without entering a password, so it works.
If I run ssh hobbit at x.x.x.x -T -n -N -g -x -R1984:127.0.0.1:1984 from the commanline on the server, communications between server and client works.
If I add ssh hobbit at 10.2.0.5 -T -n -N -g -x -R1984:127.0.0.1:1984 either to initttab or /etc/rc.local, then the client stops reporting (after a server reboot).
Anyone know what I should do?
Thanks.
From: Johan Booysen [mailto:user-6f017f1ad8a9@xymon.invalid]
Sent: 14 August 2008 12:49
To: user-ae9b8668bcde@xymon.invalid
Subject: RE: [hobbit] need help in monitoring edmz client
Daniel,
Do you just simply add that command to inittab?
Thanks.
From: Perumal, Santoshbabu [mailto:user-bc15f54a09ea@xymon.invalid]
Sent: 13 August 2008 19:20
To: user-ae9b8668bcde@xymon.invalid
Subject: RE: [hobbit] need help in monitoring edmz client
HI Daniel
Thanks for your steps. Yes my target machine is UNIX box.
from the hobbit server , run from inittab (I don't understand run from innittab ..I can run the below command from command line shell promt right)
ssh user at taregt_machine -T -n -N -g -x -R1984:127.0.0.1:1984
on the target machine, set the hobbit client to connect to localhost --I have to edit hobbitclient.cfg and change BBDISP value to 127.0.0.1 right..want to make sure...
Also hobbit server has to communicate with target machines(clients) on port 1984 right.otherwise this step does not work right.
Thanks
From: Daniel Bourque [mailto:user-a141068964db@xymon.invalid]
Sent: Wednesday, August 13, 2008 1:52 PM
To: user-ae9b8668bcde@xymon.invalid
Subject: Re: [hobbit] need help in monitoring edmz client
If the target machine is unix/linux. The simplest way is to use ssh keys & tunneling.
from the hobbit server , run from inittab
ssh user at taregt_machine -T -n -N -g -x -R1984:127.0.0.1:1984
on the target machine, set the hobbit client to connect to localhost.
Daniel Bourque
Sr. Systems Engineer
WeatherData Service Inc
An Accuweather Company
Perumal, Santoshbabu wrote:
Hi,
We have some servers in edmz.port 1984 is blocked by firewall.so client cannot able to communicate with hobbit server on port 1984.when I search around I read about msgcache,hobbitfetch utilities but I am not familiar with that. can anyone please give me the configuration steps that I need to make on both server side and edmz client site.
Thanks in advance
Thanks
santhosh
The information contained in this message is intended only for the recipient, and may be a confidential attorney-client communication or may otherwise be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, please be aware that any dissemination or copying of this communication is strictly prohibited. If you have received this communication in error, please immediately notify us by replying to the message and deleting it from your computer. The McGraw-Hill Companies, Inc. reserves the right, subject to applicable local law, to monitor and review the content of any electronic message or information sent to or from McGraw-Hill employee e-mail addresses without informing the sender or recipient of the message.
The information contained in this message is intended only for the recipient, and may be a confidential attorney-client communication or may otherwise be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, please be aware that any dissemination or copying of this communication is strictly prohibited. If you have received this communication in error, please immediately notify us by replying to the message and deleting it from your computer. The McGraw-Hill Companies, Inc. reserves the right, subject to applicable local law, to monitor and review the content of any electronic message or information sent to or from McGraw-Hill employee e-mail addresses without informing the sender or recipient of the message.
list Johan Booysen
Hi, Thanks very much for that. I’ll have a look at it and see if I can get it work. Regards, Johan
▸
From: Lennon, Padraig [mailto:user-7738cfcc6ae0@xymon.invalid]
Sent: 14 August 2008 17:05
To: user-ae9b8668bcde@xymon.invalid
Subject: RE: [hobbit] need help in monitoring edmz client
Not sure if this is of any use to you Johan..
I have a server side script which controls the ssh tunnels to my windows/*nix clients which are in the DMZ
Basically it requires that you put a tag at the end of the client name in bb-hosts called ssh-tunnel
Its hardly a work of art but it works ok for us.. If it sees the connection is down it will warn and continue to retry the connection..
Hope this helps..
regards
Padraig Lennon
Senior Systems Engineer
Production Services
Pioneer Global Investments (Dublin)
5th Floor Georges Quay Plaza, Dublin 2
ext: XXXX
Direct dial: 00353 1 480 2081
From: Johan Booysen [mailto:user-6f017f1ad8a9@xymon.invalid]
Sent: 14 August 2008 16:57
To: user-ae9b8668bcde@xymon.invalid
Subject: RE: [hobbit] need help in monitoring edmz client
I want to be able to monitor 2 hosts in the dmz.
Having su -c "ssh hobbit at hobbitclient -T -n -N -g -x -R1984:127.0.0.1:1984" hobbit in /etc/rc.local seems to work for the first host. I added a second line like that for a second host, but it doesn’t work for the second host unless I execute the command manually – at which point both dmz hosts report back.
Does anyone know why this is happening and how I can get it to work?
Thanks.
From: Johan Booysen [mailto:user-6f017f1ad8a9@xymon.invalid]
Sent: 14 August 2008 14:02
To: user-ae9b8668bcde@xymon.invalid
Subject: RE: [hobbit] need help in monitoring edmz client
This works for me (RHEL5 machines), if it helps anyone else. Any comments most welcome:
Create the .ssh folder (on both the hobbit server and the hobbit client) in /var/lib/hobbit as root, chown it to hobbit:hobbit, and chmod it to 700.
On the hobbit server, now as the hobbit user:
Generate a private/public keypair with an empty password:
$ pwd
/var/lib/hobbit
$ ssh-keygen -t dsa
Copy the generated public key to the hobbit client:
$ scp .ssh/id_dsa.pub hobbit at hobbitclient:/var/lib/hobbit
On the hobbit client:
Rename the public key:
$ mv id_dsa.pub authorized_keys
Copy the authorized_keys file to the user’s .ssh directory.
$ mv authorized_keys .ssh/
Check that the authorized_keys file has the following permissions:
-rw-r--r-- 1 hobbit hobbit 603 Aug 14 12:16 authorized_keys
From the server, log on to the client. You should not be prompted for a password
Modify the hobbit server's /etc/rc.local:
su -c "ssh hobbit at hobbitclient -T -n -N -g -x -R1984:127.0.0.1:1984" hobbit
Configure /etc/default/hobbit-client on the hobbit client in the DMZ to connect to localhost:
HOBBITSERVERS="127.0.0.1"
Add the client to /etc/hobbit/bb-hosts on the hobbit server:
10.2.0.5 target_machine
From: Johan Booysen [mailto:user-6f017f1ad8a9@xymon.invalid]
Sent: 14 August 2008 13:26
To: user-ae9b8668bcde@xymon.invalid
Subject: RE: [hobbit] need help in monitoring edmz client
Just to clarify:
I’ve set up ssh keys authentication between the hobbit server and a client in our DMZ, for the hobbit user.
I can ssh from server to client without entering a password, so it works.
If I run ssh hobbit at x.x.x.x -T -n -N -g -x -R1984:127.0.0.1:1984 from the commanline on the server, communications between server and client works.
If I add ssh hobbit at 10.2.0.5 -T -n -N -g -x -R1984:127.0.0.1:1984 either to initttab or /etc/rc.local, then the client stops reporting (after a server reboot).
Anyone know what I should do?
Thanks.
From: Johan Booysen [mailto:user-6f017f1ad8a9@xymon.invalid]
Sent: 14 August 2008 12:49
To: user-ae9b8668bcde@xymon.invalid
Subject: RE: [hobbit] need help in monitoring edmz client
Daniel,
Do you just simply add that command to inittab?
Thanks.
From: Perumal, Santoshbabu [mailto:user-bc15f54a09ea@xymon.invalid]
Sent: 13 August 2008 19:20
To: user-ae9b8668bcde@xymon.invalid
Subject: RE: [hobbit] need help in monitoring edmz client
HI Daniel
Thanks for your steps. Yes my target machine is UNIX box.
from the hobbit server , run from inittab (I don’t understand run from innittab ..I can run the below command from command line shell promt right)
ssh user at taregt_machine -T -n -N -g -x -R1984:127.0.0.1:1984
on the target machine, set the hobbit client to connect to localhost --I have to edit hobbitclient.cfg and change BBDISP value to 127.0.0.1 right..want to make sure…
Also hobbit server has to communicate with target machines(clients) on port 1984 right.otherwise this step does not work right.
Thanks
From: Daniel Bourque [mailto:user-a141068964db@xymon.invalid]
Sent: Wednesday, August 13, 2008 1:52 PM
To: user-ae9b8668bcde@xymon.invalid
Subject: Re: [hobbit] need help in monitoring edmz client
If the target machine is unix/linux. The simplest way is to use ssh keys & tunneling.
from the hobbit server , run from inittab
ssh user at taregt_machine -T -n -N -g -x -R1984:127.0.0.1:1984
on the target machine, set the hobbit client to connect to localhost.
Daniel Bourque
Sr. Systems Engineer
WeatherData Service Inc
An Accuweather Company
Perumal, Santoshbabu wrote:
Hi,
We have some servers in edmz.port 1984 is blocked by firewall.so client cannot able to communicate with hobbit server on port 1984.when I search around I read about msgcache,hobbitfetch utilities but I am not familiar with that. can anyone please give me the configuration steps that I need to make on both server side and edmz client site.
Thanks in advance
Thanks
santhosh
The information contained in this message is intended only for the recipient, and may be a confidential attorney-client communication or may otherwise be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, please be aware that any dissemination or copying of this communication is strictly prohibited. If you have received this communication in error, please immediately notify us by replying to the message and deleting it from your computer. The McGraw-Hill Companies, Inc. reserves the right, subject to applicable local law, to monitor and review the content of any electronic message or information sent to or from McGraw-Hill employee e-mail addresses without informing the sender or recipient of the message.
The information contained in this message is intended only for the recipient, and may be a confidential attorney-client communication or may otherwise be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, please be aware that any dissemination or copying of this communication is strictly prohibited. If you have received this communication in error, please immediately notify us by replying to the message and deleting it from your computer. The McGraw-Hill Companies, Inc. reserves the right, subject to applicable local law, to monitor and review the content of any electronic message or information sent to or from McGraw-Hill employee e-mail addresses without informing the sender or recipient of the message.
list Craig Cook
I believe there is some confusion as to what you are doing.
Option 1
From my understanding Daniel was suggesting you setup a ssh tunnel from your hobbit server to your dmz host. Your client should work without any further changes i.e. your BBDISPLAY setting should be the real IP of your hobbit server (not the loopback you currently have).
You will then have to ensure the tunnel stays up.
Option 2.
Use msgcache, which is what I think you originally asked about.
On your dmz client, edit clientlaunch.cfg
Ensure in the section for [msgcache] your have a line with
ENABLED
hobbitclient.cfg on your dmz client should have
BBDISP="127.0.0.1"
This makes the client report results to itself.
On your hobbit server ensure hobbitlaunch.cfg has this:
[hobbitfetch]
ENABLED
...
Ensure your bb-hosts on hobbit server has the
pulldata
tag added for your dmz client.
e.g.
0.0.0.0 dmz-client # pulldata
Restart your hobbit server and wait 10+ minutes.
There are pros and cons with both options.
Craig
list Padraig Lennon
Hi Hobbit Admins, I have placed the server side script ssh_tunnels.sh on the Shire at the following link. http://www.trantor.org/theshire/doku.php/addons:ssh_tunnel If you see any issues, can suggest any improvements please feel free to edit it as you see fit. Hopefully someone will find it useful. I am out-of-office until Monday if you have any questions I will respond then
▸
regards
Padraig Lennon
Senior Systems Engineer
Production Services
Pioneer Global Investments (Dublin)
list Johan Booysen
I wonder if you’d mind helping me out on this. I’ve followed the instructions on http://www.trantor.org/theshire/doku.php/addons:ssh_tunnel, but must be missing something somewhere. I’ve got the following: 1. Password-less ssh between the server and the clients (for both hobbit and root users, to be sure) 2. The ssh-tunnels script copied to the appropriate location, chmodded to 750: -rwxr-xr-x 1 root root 5469 Aug 15 09:05 /usr/lib/hobbit/server/ext/ssh-tunnels.sh 3. Added the following to /usr/lib/hobbit/server/etc/hobbitlaunch.cfg: [ssh-tunnel] ENVFILE /usr/lib/hobbit/server/etc/hobbitserver.cfg CMD $BBHOME/ext/ssh-tunnels.sh LOGFILE $BBSERVERLOGS/ssh-tunnels.log INTERVAL 1m 4. Appended the following to client entries in bb-hosts (deliberately trying both ssh_tunnels and ssh_tunnel): 10.2.0.5 servername ssh_tunnels 10.2.0.6 servername ssh_tunnel 5. On the clients I’ve got this in /etc/default/hobbit-client: HOBBITSERVERS="127.0.0.1" So the one thing I’m missing is where to set BBDISPLAY to 127.0.0.1 on the client. Is this different from having HOBBITSERVERS="127.0.0.1" in /etc/default/hobbit-client? Restart the hobbit server, but the above don’t seem to be doing the trick. /var/log/hobbit/ssh-tunnels.log is empty at this stage. Would appreciate it if you could tell me if I’ve missed out on something somewhere, or the best way of troubleshooting this. The way I’ve done it before with the ssh tunnels being established via /etc/rc.local does not appear work out as well as I thought it would. Thanks.
▸
From: Lennon, Padraig [mailto:user-7738cfcc6ae0@xymon.invalid]
Sent: 14 August 2008 17:05
To: user-ae9b8668bcde@xymon.invalid
Subject: RE: [hobbit] need help in monitoring edmz client
Not sure if this is of any use to you Johan..
I have a server side script which controls the ssh tunnels to my windows/*nix clients which are in the DMZ
Basically it requires that you put a tag at the end of the client name in bb-hosts called ssh-tunnel
Its hardly a work of art but it works ok for us.. If it sees the connection is down it will warn and continue to retry the connection..
Hope this helps..
regards
Padraig Lennon
Senior Systems Engineer
Production Services
Pioneer Global Investments (Dublin)
5th Floor Georges Quay Plaza, Dublin 2
ext: XXXX
Direct dial: 00353 1 480 2081
From: Johan Booysen [mailto:user-6f017f1ad8a9@xymon.invalid]
Sent: 14 August 2008 16:57
To: user-ae9b8668bcde@xymon.invalid
Subject: RE: [hobbit] need help in monitoring edmz client
I want to be able to monitor 2 hosts in the dmz.
Having su -c "ssh hobbit at hobbitclient -T -n -N -g -x -R1984:127.0.0.1:1984" hobbit in /etc/rc.local seems to work for the first host. I added a second line like that for a second host, but it doesn’t work for the second host unless I execute the command manually – at which point both dmz hosts report back.
Does anyone know why this is happening and how I can get it to work?
Thanks.
From: Johan Booysen [mailto:user-6f017f1ad8a9@xymon.invalid]
Sent: 14 August 2008 14:02
To: user-ae9b8668bcde@xymon.invalid
Subject: RE: [hobbit] need help in monitoring edmz client
This works for me (RHEL5 machines), if it helps anyone else. Any comments most welcome:
Create the .ssh folder (on both the hobbit server and the hobbit client) in /var/lib/hobbit as root, chown it to hobbit:hobbit, and chmod it to 700.
On the hobbit server, now as the hobbit user:
Generate a private/public keypair with an empty password:
$ pwd
/var/lib/hobbit
$ ssh-keygen -t dsa
Copy the generated public key to the hobbit client:
$ scp .ssh/id_dsa.pub hobbit at hobbitclient:/var/lib/hobbit
On the hobbit client:
Rename the public key:
$ mv id_dsa.pub authorized_keys
Copy the authorized_keys file to the user’s .ssh directory.
$ mv authorized_keys .ssh/
Check that the authorized_keys file has the following permissions:
-rw-r--r-- 1 hobbit hobbit 603 Aug 14 12:16 authorized_keys
From the server, log on to the client. You should not be prompted for a password
Modify the hobbit server's /etc/rc.local:
su -c "ssh hobbit at hobbitclient -T -n -N -g -x -R1984:127.0.0.1:1984" hobbit
Configure /etc/default/hobbit-client on the hobbit client in the DMZ to connect to localhost:
HOBBITSERVERS="127.0.0.1"
Add the client to /etc/hobbit/bb-hosts on the hobbit server:
10.2.0.5 target_machine
From: Johan Booysen [mailto:user-6f017f1ad8a9@xymon.invalid]
Sent: 14 August 2008 13:26
To: user-ae9b8668bcde@xymon.invalid
Subject: RE: [hobbit] need help in monitoring edmz client
Just to clarify:
I’ve set up ssh keys authentication between the hobbit server and a client in our DMZ, for the hobbit user.
I can ssh from server to client without entering a password, so it works.
If I run ssh hobbit at x.x.x.x -T -n -N -g -x -R1984:127.0.0.1:1984 from the commanline on the server, communications between server and client works.
If I add ssh hobbit at 10.2.0.5 -T -n -N -g -x -R1984:127.0.0.1:1984 either to initttab or /etc/rc.local, then the client stops reporting (after a server reboot).
Anyone know what I should do?
Thanks.
From: Johan Booysen [mailto:user-6f017f1ad8a9@xymon.invalid]
Sent: 14 August 2008 12:49
To: user-ae9b8668bcde@xymon.invalid
Subject: RE: [hobbit] need help in monitoring edmz client
Daniel,
Do you just simply add that command to inittab?
Thanks.
From: Perumal, Santoshbabu [mailto:user-bc15f54a09ea@xymon.invalid]
Sent: 13 August 2008 19:20
To: user-ae9b8668bcde@xymon.invalid
Subject: RE: [hobbit] need help in monitoring edmz client
HI Daniel
Thanks for your steps. Yes my target machine is UNIX box.
from the hobbit server , run from inittab (I don’t understand run from innittab ..I can run the below command from command line shell promt right)
ssh user at taregt_machine -T -n -N -g -x -R1984:127.0.0.1:1984
on the target machine, set the hobbit client to connect to localhost --I have to edit hobbitclient.cfg and change BBDISP value to 127.0.0.1 right..want to make sure…
Also hobbit server has to communicate with target machines(clients) on port 1984 right.otherwise this step does not work right.
Thanks
From: Daniel Bourque [mailto:user-a141068964db@xymon.invalid]
Sent: Wednesday, August 13, 2008 1:52 PM
To: user-ae9b8668bcde@xymon.invalid
Subject: Re: [hobbit] need help in monitoring edmz client
If the target machine is unix/linux. The simplest way is to use ssh keys & tunneling.
from the hobbit server , run from inittab
ssh user at taregt_machine -T -n -N -g -x -R1984:127.0.0.1:1984
on the target machine, set the hobbit client to connect to localhost.
Daniel Bourque
Sr. Systems Engineer
WeatherData Service Inc
An Accuweather Company
Perumal, Santoshbabu wrote:
Hi,
We have some servers in edmz.port 1984 is blocked by firewall.so client cannot able to communicate with hobbit server on port 1984.when I search around I read about msgcache,hobbitfetch utilities but I am not familiar with that. can anyone please give me the configuration steps that I need to make on both server side and edmz client site.
Thanks in advance
Thanks
santhosh
The information contained in this message is intended only for the recipient, and may be a confidential attorney-client communication or may otherwise be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, please be aware that any dissemination or copying of this communication is strictly prohibited. If you have received this communication in error, please immediately notify us by replying to the message and deleting it from your computer. The McGraw-Hill Companies, Inc. reserves the right, subject to applicable local law, to monitor and review the content of any electronic message or information sent to or from McGraw-Hill employee e-mail addresses without informing the sender or recipient of the message.
The information contained in this message is intended only for the recipient, and may be a confidential attorney-client communication or may otherwise be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, please be aware that any dissemination or copying of this communication is strictly prohibited. If you have received this communication in error, please immediately notify us by replying to the message and deleting it from your computer. The McGraw-Hill Companies, Inc. reserves the right, subject to applicable local law, to monitor and review the content of any electronic message or information sent to or from McGraw-Hill employee e-mail addresses without informing the sender or recipient of the message.
list Padraig Lennon
Hi Johan,
The script should be used on the hobbit server, NOT the client side as
you are checking that the link from the server to the client is ok. It
is bad practice to run the software as root. You should really use a
dedicated user for the installs of hobbit.
1. You should setup ssh public/private key between the hobbit
application user (normally hobbit or something similar) and whatever
user you used on the client. This is normally hobbit too
4. An example of the bb-host entry is the following
0.0.0.0 server.domain.com # noconn ssh-tunnel (You should leave the
noconn there if you do not allow outgoing pings to the DMZ host.
5. This is an example of my client hobbitclient.cfg file (at the top) -
Change the BBDISP (this may have changed in 4.3??)
# Environment settings for the Hobbit client.
BBDISP="127.0.0.1" # IP address of the Hobbit server
▸
regards
Padraig Lennon
Senior Systems Engineer
Production Services
Pioneer Global Investments (Dublin)
5th Floor Georges Quay Plaza, Dublin 2
ext: XXXX
Direct dial: 00353 1 480 2081
▸
From: Johan Booysen [mailto:user-6f017f1ad8a9@xymon.invalid] Sent: 15 August 2008 11:22 To: user-ae9b8668bcde@xymon.invalid Subject: RE: [hobbit] need help in monitoring edmz client I wonder if you'd mind helping me out on this. I've followed the instructions on http://www.trantor.org/theshire/doku.php/addons:ssh_tunnel, but must be missing something somewhere. I've got the following: 1. Password-less ssh between the server and the clients (for both hobbit and root users, to be sure) 2. The ssh-tunnels script copied to the appropriate location, chmodded to 750: -rwxr-xr-x 1 root root 5469 Aug 15 09:05 /usr/lib/hobbit/server/ext/ssh-tunnels.sh 3. Added the following to /usr/lib/hobbit/server/etc/hobbitlaunch.cfg: [ssh-tunnel] ENVFILE /usr/lib/hobbit/server/etc/hobbitserver.cfg CMD $BBHOME/ext/ssh-tunnels.sh LOGFILE $BBSERVERLOGS/ssh-tunnels.log INTERVAL 1m 4. Appended the following to client entries in bb-hosts (deliberately trying both ssh_tunnels and ssh_tunnel): 10.2.0.5 servername ssh_tunnels 10.2.0.6 servername ssh_tunnel 5. On the clients I've got this in /etc/default/hobbit-client: HOBBITSERVERS="127.0.0.1" So the one thing I'm missing is where to set BBDISPLAY to 127.0.0.1 on the client. Is this different from having HOBBITSERVERS="127.0.0.1" in /etc/default/hobbit-client? Restart the hobbit server, but the above don't seem to be doing the trick. /var/log/hobbit/ssh-tunnels.log is empty at this stage. Would appreciate it if you could tell me if I've missed out on something somewhere, or the best way of troubleshooting this. The way I've done it before with the ssh tunnels being established via /etc/rc.local does not appear work out as well as I thought it would. Thanks. From: Lennon, Padraig [mailto:user-7738cfcc6ae0@xymon.invalid] Sent: 14 August 2008 17:05 To: user-ae9b8668bcde@xymon.invalid Subject: RE: [hobbit] need help in monitoring edmz client Not sure if this is of any use to you Johan.. I have a server side script which controls the ssh tunnels to my windows/*nix clients which are in the DMZ Basically it requires that you put a tag at the end of the client name in bb-hosts called ssh-tunnel Its hardly a work of art but it works ok for us.. If it sees the connection is down it will warn and continue to retry the connection.. Hope this helps.. regards Padraig Lennon Senior Systems Engineer Production Services Pioneer Global Investments (Dublin) 5th Floor Georges Quay Plaza, Dublin 2 ext: XXXX Direct dial: 00353 1 480 2081 From: Johan Booysen [mailto:user-6f017f1ad8a9@xymon.invalid] Sent: 14 August 2008 16:57 To: user-ae9b8668bcde@xymon.invalid Subject: RE: [hobbit] need help in monitoring edmz client I want to be able to monitor 2 hosts in the dmz. Having su -c "ssh hobbit at hobbitclient -T -n -N -g -x -R1984:127.0.0.1:1984" hobbit in /etc/rc.local seems to work for the first host. I added a second line like that for a second host, but it doesn't work for the second host unless I execute the command manually - at which point both dmz hosts report back. Does anyone know why this is happening and how I can get it to work? Thanks. From: Johan Booysen [mailto:user-6f017f1ad8a9@xymon.invalid] Sent: 14 August 2008 14:02 To: user-ae9b8668bcde@xymon.invalid Subject: RE: [hobbit] need help in monitoring edmz client This works for me (RHEL5 machines), if it helps anyone else. Any comments most welcome: Create the .ssh folder (on both the hobbit server and the hobbit client) in /var/lib/hobbit as root, chown it to hobbit:hobbit, and chmod it to 700. On the hobbit server, now as the hobbit user: Generate a private/public keypair with an empty password: $ pwd /var/lib/hobbit $ ssh-keygen -t dsa Copy the generated public key to the hobbit client: $ scp .ssh/id_dsa.pub hobbit at hobbitclient:/var/lib/hobbit On the hobbit client: Rename the public key: $ mv id_dsa.pub authorized_keys Copy the authorized_keys file to the user's .ssh directory. $ mv authorized_keys .ssh/ Check that the authorized_keys file has the following permissions: -rw-r--r-- 1 hobbit hobbit 603 Aug 14 12:16 authorized_keys From the server, log on to the client. You should not be prompted for a password Modify the hobbit server's /etc/rc.local: su -c "ssh hobbit at hobbitclient -T -n -N -g -x -R1984:127.0.0.1:1984" hobbit Configure /etc/default/hobbit-client on the hobbit client in the DMZ to connect to localhost: HOBBITSERVERS="127.0.0.1" Add the client to /etc/hobbit/bb-hosts on the hobbit server: 10.2.0.5 target_machine From: Johan Booysen [mailto:user-6f017f1ad8a9@xymon.invalid] Sent: 14 August 2008 13:26 To: user-ae9b8668bcde@xymon.invalid Subject: RE: [hobbit] need help in monitoring edmz client Just to clarify: I've set up ssh keys authentication between the hobbit server and a client in our DMZ, for the hobbit user. I can ssh from server to client without entering a password, so it works. If I run ssh hobbit at x.x.x.x -T -n -N -g -x -R1984:127.0.0.1:1984 from the commanline on the server, communications between server and client works. If I add ssh hobbit at 10.2.0.5 -T -n -N -g -x -R1984:127.0.0.1:1984 either to initttab or /etc/rc.local, then the client stops reporting (after a server reboot). Anyone know what I should do? Thanks. From: Johan Booysen [mailto:user-6f017f1ad8a9@xymon.invalid] Sent: 14 August 2008 12:49 To: user-ae9b8668bcde@xymon.invalid Subject: RE: [hobbit] need help in monitoring edmz client Daniel, Do you just simply add that command to inittab? Thanks. From: Perumal, Santoshbabu [mailto:user-bc15f54a09ea@xymon.invalid] Sent: 13 August 2008 19:20 To: user-ae9b8668bcde@xymon.invalid Subject: RE: [hobbit] need help in monitoring edmz client HI Daniel Thanks for your steps. Yes my target machine is UNIX box. from the hobbit server , run from inittab (I don't understand run from innittab ..I can run the below command from command line shell promt right) ssh user at taregt_machine -T -n -N -g -x -R1984:127.0.0.1:1984 on the target machine, set the hobbit client to connect to localhost --I have to edit hobbitclient.cfg and change BBDISP value to 127.0.0.1 right..want to make sure... Also hobbit server has to communicate with target machines(clients) on port 1984 right.otherwise this step does not work right. Thanks From: Daniel Bourque [mailto:user-a141068964db@xymon.invalid] Sent: Wednesday, August 13, 2008 1:52 PM To: user-ae9b8668bcde@xymon.invalid Subject: Re: [hobbit] need help in monitoring edmz client If the target machine is unix/linux. The simplest way is to use ssh keys & tunneling. from the hobbit server , run from inittab ssh user at taregt_machine -T -n -N -g -x -R1984:127.0.0.1:1984 on the target machine, set the hobbit client to connect to localhost. Daniel Bourque Sr. Systems Engineer WeatherData Service Inc An Accuweather Company Perumal, Santoshbabu wrote: Hi, We have some servers in edmz.port 1984 is blocked by firewall.so client cannot able to communicate with hobbit server on port 1984.when I search around I read about msgcache,hobbitfetch utilities but I am not familiar with that. can anyone please give me the configuration steps that I need to make on both server side and edmz client site. Thanks in advance Thanks santhosh The information contained in this message is intended only for the recipient, and may be a confidential attorney-client communication or may otherwise be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, please be aware that any dissemination or copying of this communication is strictly prohibited. If you have received this communication in error, please immediately notify us by replying to the message and deleting it from your computer. The McGraw-Hill Companies, Inc. reserves the right, subject to applicable local law, to monitor and review the content of any electronic message or information sent to or from McGraw-Hill employee e-mail addresses without informing the sender or recipient of the message. The information contained in this message is intended only for the recipient, and may be a confidential attorney-client communication or may otherwise be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, please be aware that any dissemination or copying of this communication is strictly prohibited. If you have received this communication in error, please immediately notify us by replying to the message and deleting it from your computer. The McGraw-Hill Companies, Inc. reserves the right, subject to applicable local law, to monitor and review the content of any electronic message or information sent to or from McGraw-Hill employee e-mail addresses without informing the sender or recipient of the message.
list Johan Booysen
Hi,
Thanks very much for the reply – I got it to work.
FYI, my config now looks like this:
On the hobbit server:
bb-hosts:
x.x.x.x servername # ssh-tunnel
hobbitlaunch.cfg:
[ssh-tunnel]
ENVFILE /usr/lib/hobbit/server/etc/hobbitserver.cfg
CMD $BBHOME/ext/ssh-tunnels.sh
LOGFILE $BBSERVERLOGS/ssh-tunnels.log
INTERVAL 1m
ssh-tunnesl.sh script location and permissions:
-rwxr-xr-x 1 root root 5469 Aug 15 09:05 /usr/lib/hobbit/server/ext/ssh-tunnels.sh
On the client in the DMZ:
/usr/lib/hobbit/client/etc/hobbitclient.cfg:
BBDISP="127.0.0.1"
I wasn’t sure about this, but when trying to restart hobbit-client, it insists on “Please configure HOBBITSERVERS in /etc/default/hobbit-client”, so I changed it as follows:
/etc/default/hobbit-client:
HOBBITSERVERS="127.0.0.1"
Then I noticed that var/log/hobbit/ssh-tunnels.log on the server reports “ssh:servername: Name or service not known”, so I added an entry to the hobbit server’s hosts file in /etc/hosts:
x.x.x.x servername
Then I noticed that var/log/hobbit/ssh-tunnels.log reports “Host key verification failed.”, so I ran the following command once (as the hobbit user) to add the client’s host key to the server’s known_hosts file:
# su – hobbit
$ ssh servername
After restarting the hobbit-client and the hobbit server, the web page updated correctly.
I can verify that the ssh tunnel is up:
# ps –ef | grep ssh
hobbit 2187 1 0 09:59 ? 00:00:00 ssh -fnNR 1984:hobbit:1984 servername
Thanks a lot for your help.
▸
Johan From: Lennon, Padraig [mailto:user-7738cfcc6ae0@xymon.invalid] Sent: 17 August 2008 12:41 To: user-ae9b8668bcde@xymon.invalid Subject: RE: [hobbit] need help in monitoring edmz client Hi Johan, The script should be used on the hobbit server, NOT the client side as you are checking that the link from the server to the client is ok. It is bad practice to run the software as root. You should really use a dedicated user for the installs of hobbit. 1. You should setup ssh public/private key between the hobbit application user (normally hobbit or something similar) and whatever user you used on the client. This is normally hobbit too 4. An example of the bb-host entry is the following 0.0.0.0 server.domain.com # noconn ssh-tunnel (You should leave the noconn there if you do not allow outgoing pings to the DMZ host. 5. This is an example of my client hobbitclient.cfg file (at the top) - Change the BBDISP (this may have changed in 4.3??) # Environment settings for the Hobbit client. BBDISP="127.0.0.1" # IP address of the Hobbit server regards Padraig Lennon Senior Systems Engineer Production Services Pioneer Global Investments (Dublin) 5th Floor Georges Quay Plaza, Dublin 2 ext: XXXX Direct dial: 00353 1 480 2081 From: Johan Booysen [mailto:user-6f017f1ad8a9@xymon.invalid] Sent: 15 August 2008 11:22 To: user-ae9b8668bcde@xymon.invalid Subject: RE: [hobbit] need help in monitoring edmz client I wonder if you’d mind helping me out on this. I’ve followed the instructions on http://www.trantor.org/theshire/doku.php/addons:ssh_tunnel, but must be missing something somewhere. I’ve got the following: 1. Password-less ssh between the server and the clients (for both hobbit and root users, to be sure) 2. The ssh-tunnels script copied to the appropriate location, chmodded to 750: -rwxr-xr-x 1 root root 5469 Aug 15 09:05 /usr/lib/hobbit/server/ext/ssh-tunnels.sh 3. Added the following to /usr/lib/hobbit/server/etc/hobbitlaunch.cfg: [ssh-tunnel] ENVFILE /usr/lib/hobbit/server/etc/hobbitserver.cfg CMD $BBHOME/ext/ssh-tunnels.sh LOGFILE $BBSERVERLOGS/ssh-tunnels.log INTERVAL 1m 4. Appended the following to client entries in bb-hosts (deliberately trying both ssh_tunnels and ssh_tunnel): 10.2.0.5 servername ssh_tunnels 10.2.0.6 servername ssh_tunnel 5. On the clients I’ve got this in /etc/default/hobbit-client: HOBBITSERVERS="127.0.0.1" So the one thing I’m missing is where to set BBDISPLAY to 127.0.0.1 on the client. Is this different from having HOBBITSERVERS="127.0.0.1" in /etc/default/hobbit-client? Restart the hobbit server, but the above don’t seem to be doing the trick. /var/log/hobbit/ssh-tunnels.log is empty at this stage. Would appreciate it if you could tell me if I’ve missed out on something somewhere, or the best way of troubleshooting this. The way I’ve done it before with the ssh tunnels being established via /etc/rc.local does not appear work out as well as I thought it would. Thanks. From: Lennon, Padraig [mailto:user-7738cfcc6ae0@xymon.invalid] Sent: 14 August 2008 17:05 To: user-ae9b8668bcde@xymon.invalid Subject: RE: [hobbit] need help in monitoring edmz client Not sure if this is of any use to you Johan.. I have a server side script which controls the ssh tunnels to my windows/*nix clients which are in the DMZ Basically it requires that you put a tag at the end of the client name in bb-hosts called ssh-tunnel Its hardly a work of art but it works ok for us.. If it sees the connection is down it will warn and continue to retry the connection.. Hope this helps.. regards Padraig Lennon Senior Systems Engineer Production Services Pioneer Global Investments (Dublin) 5th Floor Georges Quay Plaza, Dublin 2 ext: XXXX Direct dial: 00353 1 480 2081 From: Johan Booysen [mailto:user-6f017f1ad8a9@xymon.invalid] Sent: 14 August 2008 16:57 To: user-ae9b8668bcde@xymon.invalid Subject: RE: [hobbit] need help in monitoring edmz client I want to be able to monitor 2 hosts in the dmz. Having su -c "ssh hobbit at hobbitclient -T -n -N -g -x -R1984:127.0.0.1:1984" hobbit in /etc/rc.local seems to work for the first host. I added a second line like that for a second host, but it doesn’t work for the second host unless I execute the command manually – at which point both dmz hosts report back. Does anyone know why this is happening and how I can get it to work? Thanks. From: Johan Booysen [mailto:user-6f017f1ad8a9@xymon.invalid] Sent: 14 August 2008 14:02 To: user-ae9b8668bcde@xymon.invalid Subject: RE: [hobbit] need help in monitoring edmz client This works for me (RHEL5 machines), if it helps anyone else. Any comments most welcome: Create the .ssh folder (on both the hobbit server and the hobbit client) in /var/lib/hobbit as root, chown it to hobbit:hobbit, and chmod it to 700. On the hobbit server, now as the hobbit user: Generate a private/public keypair with an empty password: $ pwd /var/lib/hobbit $ ssh-keygen -t dsa Copy the generated public key to the hobbit client: $ scp .ssh/id_dsa.pub hobbit at hobbitclient:/var/lib/hobbit On the hobbit client: Rename the public key: $ mv id_dsa.pub authorized_keys Copy the authorized_keys file to the user’s .ssh directory. $ mv authorized_keys .ssh/ Check that the authorized_keys file has the following permissions: -rw-r--r-- 1 hobbit hobbit 603 Aug 14 12:16 authorized_keys From the server, log on to the client. You should not be prompted for a password Modify the hobbit server's /etc/rc.local: su -c "ssh hobbit at hobbitclient -T -n -N -g -x -R1984:127.0.0.1:1984" hobbit Configure /etc/default/hobbit-client on the hobbit client in the DMZ to connect to localhost: HOBBITSERVERS="127.0.0.1" Add the client to /etc/hobbit/bb-hosts on the hobbit server: 10.2.0.5 target_machine From: Johan Booysen [mailto:user-6f017f1ad8a9@xymon.invalid] Sent: 14 August 2008 13:26 To: user-ae9b8668bcde@xymon.invalid Subject: RE: [hobbit] need help in monitoring edmz client Just to clarify: I’ve set up ssh keys authentication between the hobbit server and a client in our DMZ, for the hobbit user. I can ssh from server to client without entering a password, so it works. If I run ssh hobbit at x.x.x.x -T -n -N -g -x -R1984:127.0.0.1:1984 from the commanline on the server, communications between server and client works. If I add ssh hobbit at 10.2.0.5 -T -n -N -g -x -R1984:127.0.0.1:1984 either to initttab or /etc/rc.local, then the client stops reporting (after a server reboot). Anyone know what I should do? Thanks. From: Johan Booysen [mailto:user-6f017f1ad8a9@xymon.invalid] Sent: 14 August 2008 12:49 To: user-ae9b8668bcde@xymon.invalid Subject: RE: [hobbit] need help in monitoring edmz client Daniel, Do you just simply add that command to inittab? Thanks. From: Perumal, Santoshbabu [mailto:user-bc15f54a09ea@xymon.invalid] Sent: 13 August 2008 19:20 To: user-ae9b8668bcde@xymon.invalid Subject: RE: [hobbit] need help in monitoring edmz client HI Daniel Thanks for your steps. Yes my target machine is UNIX box. from the hobbit server , run from inittab (I don’t understand run from innittab ..I can run the below command from command line shell promt right) ssh user at taregt_machine -T -n -N -g -x -R1984:127.0.0.1:1984 on the target machine, set the hobbit client to connect to localhost --I have to edit hobbitclient.cfg and change BBDISP value to 127.0.0.1 right..want to make sure… Also hobbit server has to communicate with target machines(clients) on port 1984 right.otherwise this step does not work right. Thanks From: Daniel Bourque [mailto:user-a141068964db@xymon.invalid] Sent: Wednesday, August 13, 2008 1:52 PM To: user-ae9b8668bcde@xymon.invalid Subject: Re: [hobbit] need help in monitoring edmz client If the target machine is unix/linux. The simplest way is to use ssh keys & tunneling. from the hobbit server , run from inittab ssh user at taregt_machine -T -n -N -g -x -R1984:127.0.0.1:1984 on the target machine, set the hobbit client to connect to localhost. Daniel Bourque Sr. Systems Engineer WeatherData Service Inc An Accuweather Company Perumal, Santoshbabu wrote: Hi, We have some servers in edmz.port 1984 is blocked by firewall.so client cannot able to communicate with hobbit server on port 1984.when I search around I read about msgcache,hobbitfetch utilities but I am not familiar with that. can anyone please give me the configuration steps that I need to make on both server side and edmz client site. Thanks in advance Thanks santhosh The information contained in this message is intended only for the recipient, and may be a confidential attorney-client communication or may otherwise be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, please be aware that any dissemination or copying of this communication is strictly prohibited. If you have received this communication in error, please immediately notify us by replying to the message and deleting it from your computer. The McGraw-Hill Companies, Inc. reserves the right, subject to applicable local law, to monitor and review the content of any electronic message or information sent to or from McGraw-Hill employee e-mail addresses without informing the sender or recipient of the message. The information contained in this message is intended only for the recipient, and may be a confidential attorney-client communication or may otherwise be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, please be aware that any dissemination or copying of this communication is strictly prohibited. If you have received this communication in error, please immediately notify us by replying to the message and deleting it from your computer. The McGraw-Hill Companies, Inc. reserves the right, subject to applicable local law, to monitor and review the content of any electronic message or information sent to or from McGraw-Hill employee e-mail addresses without informing the sender or recipient of the message.
list Santoshbabu Perumal
Can you send me the ssh-tunnel script Thanks Santosh.p
▸
From: Johan Booysen [mailto:user-6f017f1ad8a9@xymon.invalid] Sent: Monday, August 18, 2008 5:31 AM To: user-ae9b8668bcde@xymon.invalid Subject: RE: [hobbit] need help in monitoring edmz client Hi, Thanks very much for the reply - I got it to work. FYI, my config now looks like this: On the hobbit server: bb-hosts: x.x.x.x servername # ssh-tunnel hobbitlaunch.cfg: [ssh-tunnel] ENVFILE /usr/lib/hobbit/server/etc/hobbitserver.cfg CMD $BBHOME/ext/ssh-tunnels.sh LOGFILE $BBSERVERLOGS/ssh-tunnels.log INTERVAL 1m ssh-tunnesl.sh script location and permissions: -rwxr-xr-x 1 root root 5469 Aug 15 09:05 /usr/lib/hobbit/server/ext/ssh-tunnels.sh On the client in the DMZ: /usr/lib/hobbit/client/etc/hobbitclient.cfg: BBDISP="127.0.0.1" I wasn't sure about this, but when trying to restart hobbit-client, it insists on "Please configure HOBBITSERVERS in /etc/default/hobbit-client", so I changed it as follows: /etc/default/hobbit-client: HOBBITSERVERS="127.0.0.1" Then I noticed that var/log/hobbit/ssh-tunnels.log on the server reports "ssh:servername: Name or service not known", so I added an entry to the hobbit server's hosts file in /etc/hosts: x.x.x.x servername Then I noticed that var/log/hobbit/ssh-tunnels.log reports "Host key verification failed.", so I ran the following command once (as the hobbit user) to add the client's host key to the server's known_hosts file: # su - hobbit $ ssh servername After restarting the hobbit-client and the hobbit server, the web page updated correctly. I can verify that the ssh tunnel is up: # ps -ef | grep ssh hobbit 2187 1 0 09:59 ? 00:00:00 ssh -fnNR 1984:hobbit:1984 servername Thanks a lot for your help. Johan From: Lennon, Padraig [mailto:user-7738cfcc6ae0@xymon.invalid] Sent: 17 August 2008 12:41 To: user-ae9b8668bcde@xymon.invalid Subject: RE: [hobbit] need help in monitoring edmz client Hi Johan, The script should be used on the hobbit server, NOT the client side as you are checking that the link from the server to the client is ok. It is bad practice to run the software as root. You should really use a dedicated user for the installs of hobbit. 1. You should setup ssh public/private key between the hobbit application user (normally hobbit or something similar) and whatever user you used on the client. This is normally hobbit too 4. An example of the bb-host entry is the following 0.0.0.0 server.domain.com # noconn ssh-tunnel (You should leave the noconn there if you do not allow outgoing pings to the DMZ host. 5. This is an example of my client hobbitclient.cfg file (at the top) - Change the BBDISP (this may have changed in 4.3??) # Environment settings for the Hobbit client. BBDISP="127.0.0.1" # IP address of the Hobbit server regards Padraig Lennon Senior Systems Engineer Production Services Pioneer Global Investments (Dublin) 5th Floor Georges Quay Plaza, Dublin 2 ext: XXXX Direct dial: 00353 1 480 2081 From: Johan Booysen [mailto:user-6f017f1ad8a9@xymon.invalid] Sent: 15 August 2008 11:22 To: user-ae9b8668bcde@xymon.invalid Subject: RE: [hobbit] need help in monitoring edmz client I wonder if you'd mind helping me out on this. I've followed the instructions on http://www.trantor.org/theshire/doku.php/addons:ssh_tunnel, but must be missing something somewhere. I've got the following: 1. Password-less ssh between the server and the clients (for both hobbit and root users, to be sure) 2. The ssh-tunnels script copied to the appropriate location, chmodded to 750: -rwxr-xr-x 1 root root 5469 Aug 15 09:05 /usr/lib/hobbit/server/ext/ssh-tunnels.sh 3. Added the following to /usr/lib/hobbit/server/etc/hobbitlaunch.cfg: [ssh-tunnel] ENVFILE /usr/lib/hobbit/server/etc/hobbitserver.cfg CMD $BBHOME/ext/ssh-tunnels.sh LOGFILE $BBSERVERLOGS/ssh-tunnels.log INTERVAL 1m 4. Appended the following to client entries in bb-hosts (deliberately trying both ssh_tunnels and ssh_tunnel): 10.2.0.5 servername ssh_tunnels 10.2.0.6 servername ssh_tunnel 5. On the clients I've got this in /etc/default/hobbit-client: HOBBITSERVERS="127.0.0.1" So the one thing I'm missing is where to set BBDISPLAY to 127.0.0.1 on the client. Is this different from having HOBBITSERVERS="127.0.0.1" in /etc/default/hobbit-client? Restart the hobbit server, but the above don't seem to be doing the trick. /var/log/hobbit/ssh-tunnels.log is empty at this stage. Would appreciate it if you could tell me if I've missed out on something somewhere, or the best way of troubleshooting this. The way I've done it before with the ssh tunnels being established via /etc/rc.local does not appear work out as well as I thought it would. Thanks. From: Lennon, Padraig [mailto:user-7738cfcc6ae0@xymon.invalid] Sent: 14 August 2008 17:05 To: user-ae9b8668bcde@xymon.invalid Subject: RE: [hobbit] need help in monitoring edmz client Not sure if this is of any use to you Johan.. I have a server side script which controls the ssh tunnels to my windows/*nix clients which are in the DMZ Basically it requires that you put a tag at the end of the client name in bb-hosts called ssh-tunnel Its hardly a work of art but it works ok for us.. If it sees the connection is down it will warn and continue to retry the connection.. Hope this helps.. regards Padraig Lennon Senior Systems Engineer Production Services Pioneer Global Investments (Dublin) 5th Floor Georges Quay Plaza, Dublin 2 ext: XXXX Direct dial: 00353 1 480 2081 From: Johan Booysen [mailto:user-6f017f1ad8a9@xymon.invalid] Sent: 14 August 2008 16:57 To: user-ae9b8668bcde@xymon.invalid Subject: RE: [hobbit] need help in monitoring edmz client I want to be able to monitor 2 hosts in the dmz. Having su -c "ssh hobbit at hobbitclient -T -n -N -g -x -R1984:127.0.0.1:1984" hobbit in /etc/rc.local seems to work for the first host. I added a second line like that for a second host, but it doesn't work for the second host unless I execute the command manually - at which point both dmz hosts report back. Does anyone know why this is happening and how I can get it to work? Thanks. From: Johan Booysen [mailto:user-6f017f1ad8a9@xymon.invalid] Sent: 14 August 2008 14:02 To: user-ae9b8668bcde@xymon.invalid Subject: RE: [hobbit] need help in monitoring edmz client This works for me (RHEL5 machines), if it helps anyone else. Any comments most welcome: Create the .ssh folder (on both the hobbit server and the hobbit client) in /var/lib/hobbit as root, chown it to hobbit:hobbit, and chmod it to 700. On the hobbit server, now as the hobbit user: Generate a private/public keypair with an empty password: $ pwd /var/lib/hobbit $ ssh-keygen -t dsa Copy the generated public key to the hobbit client: $ scp .ssh/id_dsa.pub hobbit at hobbitclient:/var/lib/hobbit On the hobbit client: Rename the public key: $ mv id_dsa.pub authorized_keys Copy the authorized_keys file to the user's .ssh directory. $ mv authorized_keys .ssh/ Check that the authorized_keys file has the following permissions: -rw-r--r-- 1 hobbit hobbit 603 Aug 14 12:16 authorized_keys From the server, log on to the client. You should not be prompted for a password Modify the hobbit server's /etc/rc.local: su -c "ssh hobbit at hobbitclient -T -n -N -g -x -R1984:127.0.0.1:1984" hobbit Configure /etc/default/hobbit-client on the hobbit client in the DMZ to connect to localhost: HOBBITSERVERS="127.0.0.1" Add the client to /etc/hobbit/bb-hosts on the hobbit server: 10.2.0.5 target_machine From: Johan Booysen [mailto:user-6f017f1ad8a9@xymon.invalid] Sent: 14 August 2008 13:26 To: user-ae9b8668bcde@xymon.invalid Subject: RE: [hobbit] need help in monitoring edmz client Just to clarify: I've set up ssh keys authentication between the hobbit server and a client in our DMZ, for the hobbit user. I can ssh from server to client without entering a password, so it works. If I run ssh hobbit at x.x.x.x -T -n -N -g -x -R1984:127.0.0.1:1984 from the commanline on the server, communications between server and client works. If I add ssh hobbit at 10.2.0.5 -T -n -N -g -x -R1984:127.0.0.1:1984 either to initttab or /etc/rc.local, then the client stops reporting (after a server reboot). Anyone know what I should do? Thanks. From: Johan Booysen [mailto:user-6f017f1ad8a9@xymon.invalid] Sent: 14 August 2008 12:49 To: user-ae9b8668bcde@xymon.invalid Subject: RE: [hobbit] need help in monitoring edmz client Daniel, Do you just simply add that command to inittab? Thanks. From: Perumal, Santoshbabu [mailto:user-bc15f54a09ea@xymon.invalid] Sent: 13 August 2008 19:20 To: user-ae9b8668bcde@xymon.invalid Subject: RE: [hobbit] need help in monitoring edmz client HI Daniel Thanks for your steps. Yes my target machine is UNIX box. from the hobbit server , run from inittab (I don't understand run from innittab ..I can run the below command from command line shell promt right) ssh user at taregt_machine -T -n -N -g -x -R1984:127.0.0.1:1984 on the target machine, set the hobbit client to connect to localhost --I have to edit hobbitclient.cfg and change BBDISP value to 127.0.0.1 right..want to make sure... Also hobbit server has to communicate with target machines(clients) on port 1984 right.otherwise this step does not work right. Thanks From: Daniel Bourque [mailto:user-a141068964db@xymon.invalid] Sent: Wednesday, August 13, 2008 1:52 PM To: user-ae9b8668bcde@xymon.invalid Subject: Re: [hobbit] need help in monitoring edmz client If the target machine is unix/linux. The simplest way is to use ssh keys & tunneling. from the hobbit server , run from inittab ssh user at taregt_machine -T -n -N -g -x -R1984:127.0.0.1:1984 on the target machine, set the hobbit client to connect to localhost. Daniel Bourque Sr. Systems Engineer WeatherData Service Inc An Accuweather Company Perumal, Santoshbabu wrote: Hi, We have some servers in edmz.port 1984 is blocked by firewall.so client cannot able to communicate with hobbit server on port 1984.when I search around I read about msgcache,hobbitfetch utilities but I am not familiar with that. can anyone please give me the configuration steps that I need to make on both server side and edmz client site. Thanks in advance Thanks santhosh The information contained in this message is intended only for the recipient, and may be a confidential attorney-client communication or may otherwise be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, please be aware that any dissemination or copying of this communication is strictly prohibited. If you have received this communication in error, please immediately notify us by replying to the message and deleting it from your computer. The McGraw-Hill Companies, Inc. reserves the right, subject to applicable local law, to monitor and review the content of any electronic message or information sent to or from McGraw-Hill employee e-mail addresses without informing the sender or recipient of the message. The information contained in this message is intended only for the recipient, and may be a confidential attorney-client communication or may otherwise be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, please be aware that any dissemination or copying of this communication is strictly prohibited. If you have received this communication in error, please immediately notify us by replying to the message and deleting it from your computer. The McGraw-Hill Companies, Inc. reserves the right, subject to applicable local law, to monitor and review the content of any electronic message or information sent to or from McGraw-Hill employee e-mail addresses without informing the sender or recipient of the message.
list Johan Booysen
http://www.trantor.org/theshire/doku.php/addons:ssh_tunnel From: Perumal, Santoshbabu [mailto:user-bc15f54a09ea@xymon.invalid] Sent: 18 August 2008 14:50 To: user-ae9b8668bcde@xymon.invalid Subject: RE: [hobbit] need help in monitoring edmz client Can you send me the ssh-tunnel script Thanks Santosh.p From: Johan Booysen [mailto:user-6f017f1ad8a9@xymon.invalid] Sent: Monday, August 18, 2008 5:31 AM To: user-ae9b8668bcde@xymon.invalid Subject: RE: [hobbit] need help in monitoring edmz client Hi, Thanks very much for the reply - I got it to work. FYI, my config now looks like this: On the hobbit server: bb-hosts: x.x.x.x servername # ssh-tunnel hobbitlaunch.cfg: [ssh-tunnel] ENVFILE /usr/lib/hobbit/server/etc/hobbitserver.cfg CMD $BBHOME/ext/ssh-tunnels.sh LOGFILE $BBSERVERLOGS/ssh-tunnels.log INTERVAL 1m ssh-tunnesl.sh script location and permissions: -rwxr-xr-x 1 root root 5469 Aug 15 09:05 /usr/lib/hobbit/server/ext/ssh-tunnels.sh On the client in the DMZ: /usr/lib/hobbit/client/etc/hobbitclient.cfg: BBDISP="127.0.0.1" I wasn't sure about this, but when trying to restart hobbit-client, it insists on "Please configure HOBBITSERVERS in /etc/default/hobbit-client", so I changed it as follows: /etc/default/hobbit-client: HOBBITSERVERS="127.0.0.1" Then I noticed that var/log/hobbit/ssh-tunnels.log on the server reports "ssh:servername: Name or service not known", so I added an entry to the hobbit server's hosts file in /etc/hosts: x.x.x.x servername Then I noticed that var/log/hobbit/ssh-tunnels.log reports "Host key verification failed.", so I ran the following command once (as the hobbit user) to add the client's host key to the server's known_hosts file: # su - hobbit $ ssh servername After restarting the hobbit-client and the hobbit server, the web page updated correctly. I can verify that the ssh tunnel is up: # ps -ef | grep ssh hobbit 2187 1 0 09:59 ? 00:00:00 ssh -fnNR 1984:hobbit:1984 servername Thanks a lot for your help. Johan From: Lennon, Padraig [mailto:user-7738cfcc6ae0@xymon.invalid] Sent: 17 August 2008 12:41 To: user-ae9b8668bcde@xymon.invalid Subject: RE: [hobbit] need help in monitoring edmz client Hi Johan, The script should be used on the hobbit server, NOT the client side as you are checking that the link from the server to the client is ok. It is bad practice to run the software as root. You should really use a dedicated user for the installs of hobbit. 1. You should setup ssh public/private key between the hobbit application user (normally hobbit or something similar) and whatever user you used on the client. This is normally hobbit too 4. An example of the bb-host entry is the following 0.0.0.0 server.domain.com # noconn ssh-tunnel (You should leave the noconn there if you do not allow outgoing pings to the DMZ host. 5. This is an example of my client hobbitclient.cfg file (at the top) - Change the BBDISP (this may have changed in 4.3??) # Environment settings for the Hobbit client. BBDISP="127.0.0.1" # IP address of the Hobbit server regards Padraig Lennon Senior Systems Engineer Production Services Pioneer Global Investments (Dublin) 5th Floor Georges Quay Plaza, Dublin 2 ext: XXXX Direct dial: 00353 1 480 2081 From: Johan Booysen [mailto:user-6f017f1ad8a9@xymon.invalid] Sent: 15 August 2008 11:22 To: user-ae9b8668bcde@xymon.invalid Subject: RE: [hobbit] need help in monitoring edmz client I wonder if you'd mind helping me out on this. I've followed the instructions on http://www.trantor.org/theshire/doku.php/addons:ssh_tunnel, but must be missing something somewhere. I've got the following: 1. Password-less ssh between the server and the clients (for both hobbit and root users, to be sure) 2. The ssh-tunnels script copied to the appropriate location, chmodded to 750: -rwxr-xr-x 1 root root 5469 Aug 15 09:05 /usr/lib/hobbit/server/ext/ssh-tunnels.sh 3. Added the following to /usr/lib/hobbit/server/etc/hobbitlaunch.cfg: [ssh-tunnel] ENVFILE /usr/lib/hobbit/server/etc/hobbitserver.cfg CMD $BBHOME/ext/ssh-tunnels.sh LOGFILE $BBSERVERLOGS/ssh-tunnels.log INTERVAL 1m 4. Appended the following to client entries in bb-hosts (deliberately trying both ssh_tunnels and ssh_tunnel): 10.2.0.5 servername ssh_tunnels 10.2.0.6 servername ssh_tunnel 5. On the clients I've got this in /etc/default/hobbit-client: HOBBITSERVERS="127.0.0.1" So the one thing I'm missing is where to set BBDISPLAY to 127.0.0.1 on the client. Is this different from having HOBBITSERVERS="127.0.0.1" in /etc/default/hobbit-client? Restart the hobbit server, but the above don't seem to be doing the trick. /var/log/hobbit/ssh-tunnels.log is empty at this stage. Would appreciate it if you could tell me if I've missed out on something somewhere, or the best way of troubleshooting this. The way I've done it before with the ssh tunnels being established via /etc/rc.local does not appear work out as well as I thought it would. Thanks. From: Lennon, Padraig [mailto:user-7738cfcc6ae0@xymon.invalid] Sent: 14 August 2008 17:05 To: user-ae9b8668bcde@xymon.invalid Subject: RE: [hobbit] need help in monitoring edmz client Not sure if this is of any use to you Johan.. I have a server side script which controls the ssh tunnels to my windows/*nix clients which are in the DMZ Basically it requires that you put a tag at the end of the client name in bb-hosts called ssh-tunnel Its hardly a work of art but it works ok for us.. If it sees the connection is down it will warn and continue to retry the connection.. Hope this helps.. regards Padraig Lennon Senior Systems Engineer Production Services Pioneer Global Investments (Dublin) 5th Floor Georges Quay Plaza, Dublin 2 ext: XXXX Direct dial: 00353 1 480 2081 From: Johan Booysen [mailto:user-6f017f1ad8a9@xymon.invalid] Sent: 14 August 2008 16:57 To: user-ae9b8668bcde@xymon.invalid Subject: RE: [hobbit] need help in monitoring edmz client I want to be able to monitor 2 hosts in the dmz. Having su -c "ssh hobbit at hobbitclient -T -n -N -g -x -R1984:127.0.0.1:1984" hobbit in /etc/rc.local seems to work for the first host. I added a second line like that for a second host, but it doesn't work for the second host unless I execute the command manually - at which point both dmz hosts report back. Does anyone know why this is happening and how I can get it to work? Thanks. From: Johan Booysen [mailto:user-6f017f1ad8a9@xymon.invalid] Sent: 14 August 2008 14:02 To: user-ae9b8668bcde@xymon.invalid Subject: RE: [hobbit] need help in monitoring edmz client This works for me (RHEL5 machines), if it helps anyone else. Any comments most welcome: Create the .ssh folder (on both the hobbit server and the hobbit client) in /var/lib/hobbit as root, chown it to hobbit:hobbit, and chmod it to 700. On the hobbit server, now as the hobbit user: Generate a private/public keypair with an empty password: $ pwd /var/lib/hobbit $ ssh-keygen -t dsa Copy the generated public key to the hobbit client: $ scp .ssh/id_dsa.pub hobbit at hobbitclient:/var/lib/hobbit On the hobbit client: Rename the public key: $ mv id_dsa.pub authorized_keys Copy the authorized_keys file to the user's .ssh directory. $ mv authorized_keys .ssh/ Check that the authorized_keys file has the following permissions: -rw-r--r-- 1 hobbit hobbit 603 Aug 14 12:16 authorized_keys From the server, log on to the client. You should not be prompted for a password Modify the hobbit server's /etc/rc.local: su -c "ssh hobbit at hobbitclient -T -n -N -g -x -R1984:127.0.0.1:1984" hobbit Configure /etc/default/hobbit-client on the hobbit client in the DMZ to connect to localhost: HOBBITSERVERS="127.0.0.1" Add the client to /etc/hobbit/bb-hosts on the hobbit server: 10.2.0.5 target_machine From: Johan Booysen [mailto:user-6f017f1ad8a9@xymon.invalid] Sent: 14 August 2008 13:26 To: user-ae9b8668bcde@xymon.invalid Subject: RE: [hobbit] need help in monitoring edmz client Just to clarify: I've set up ssh keys authentication between the hobbit server and a client in our DMZ, for the hobbit user. I can ssh from server to client without entering a password, so it works. If I run ssh hobbit at x.x.x.x -T -n -N -g -x -R1984:127.0.0.1:1984 from the commanline on the server, communications between server and client works. If I add ssh hobbit at 10.2.0.5 -T -n -N -g -x -R1984:127.0.0.1:1984 either to initttab or /etc/rc.local, then the client stops reporting (after a server reboot). Anyone know what I should do? Thanks. From: Johan Booysen [mailto:user-6f017f1ad8a9@xymon.invalid] Sent: 14 August 2008 12:49 To: user-ae9b8668bcde@xymon.invalid Subject: RE: [hobbit] need help in monitoring edmz client Daniel, Do you just simply add that command to inittab? Thanks. From: Perumal, Santoshbabu [mailto:user-bc15f54a09ea@xymon.invalid] Sent: 13 August 2008 19:20 To: user-ae9b8668bcde@xymon.invalid Subject: RE: [hobbit] need help in monitoring edmz client HI Daniel Thanks for your steps. Yes my target machine is UNIX box. from the hobbit server , run from inittab (I don't understand run from innittab ..I can run the below command from command line shell promt right) ssh user at taregt_machine -T -n -N -g -x -R1984:127.0.0.1:1984 on the target machine, set the hobbit client to connect to localhost --I have to edit hobbitclient.cfg and change BBDISP value to 127.0.0.1 right..want to make sure... Also hobbit server has to communicate with target machines(clients) on port 1984 right.otherwise this step does not work right. Thanks From: Daniel Bourque [mailto:user-a141068964db@xymon.invalid] Sent: Wednesday, August 13, 2008 1:52 PM To: user-ae9b8668bcde@xymon.invalid Subject: Re: [hobbit] need help in monitoring edmz client If the target machine is unix/linux. The simplest way is to use ssh keys & tunneling. from the hobbit server , run from inittab ssh user at taregt_machine -T -n -N -g -x -R1984:127.0.0.1:1984 on the target machine, set the hobbit client to connect to localhost. Daniel Bourque Sr. Systems Engineer WeatherData Service Inc An Accuweather Company Perumal, Santoshbabu wrote: Hi, We have some servers in edmz.port 1984 is blocked by firewall.so client cannot able to communicate with hobbit server on port 1984.when I search around I read about msgcache,hobbitfetch utilities but I am not familiar with that. can anyone please give me the configuration steps that I need to make on both server side and edmz client site. Thanks in advance Thanks santhosh The information contained in this message is intended only for the recipient, and may be a confidential attorney-client communication or may otherwise be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, please be aware that any dissemination or copying of this communication is strictly prohibited. If you have received this communication in error, please immediately notify us by replying to the message and deleting it from your computer. The McGraw-Hill Companies, Inc. reserves the right, subject to applicable local law, to monitor and review the content of any electronic message or information sent to or from McGraw-Hill employee e-mail addresses without informing the sender or recipient of the message. The information contained in this message is intended only for the recipient, and may be a confidential attorney-client communication or may otherwise be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, please be aware that any dissemination or copying of this communication is strictly prohibited. If you have received this communication in error, please immediately notify us by replying to the message and deleting it from your computer. The McGraw-Hill Companies, Inc. reserves the right, subject to applicable local law, to monitor and review the content of any electronic message or information sent to or from McGraw-Hill employee e-mail addresses without informing the sender or recipient of the message.