I wonder if you’d mind helping me out on this.
I’ve followed the instructions on http://www.trantor.org/theshire/doku.php/addons:ssh_tunnel, but must be missing something somewhere.
I’ve got the following:
Password-less ssh between the server and the clients (for both hobbit and root users, to be sure)The ssh-tunnels script copied to the appropriate location, chmodded to 750:-rwxr-xr-x 1 root root 5469 Aug 15 09:05 /usr/lib/hobbit/server/ext/ssh-tunnels.sh
Added the following to /usr/lib/hobbit/server/etc/hobbitlaunch.cfg:[ssh-tunnel] ENVFILE /usr/lib/hobbit/server/etc/hobbitserver.cfg CMD $BBHOME/ext/ssh-tunnels.sh LOGFILE $BBSERVERLOGS/ssh-tunnels.log INTERVAL 1m
Appended the following to client entries in bb-hosts (deliberately trying both ssh_tunnels and ssh_tunnel):10.2.0.5 servername ssh_tunnels 10.2.0.6 servername ssh_tunnel
On the clients I’ve got this in /etc/default/hobbit-client:HOBBITSERVERS="127.0.0.1"
So the one thing I’m missing is where to set BBDISPLAY to 127.0.0.1 on the client. Is this different from having HOBBITSERVERS="127.0.0.1" in /etc/default/hobbit-client?
Restart the hobbit server, but the above don’t seem to be doing the trick. /var/log/hobbit/ssh-tunnels.log is empty at this stage.
Would appreciate it if you could tell me if I’ve missed out on something somewhere, or the best way of troubleshooting this. The way I’ve done it before with the ssh tunnels being established via /etc/rc.local does not appear work out as well as I thought it would.
Thanks.
From: Lennon, Padraig [mailto:Padraig.Lennon at pioneerinvestments.com] Sent: 14 August 2008 17:05 To: hobbit at hswn.dk Subject: RE: [hobbit] need help in monitoring edmz client
Not sure if this is of any use to you Johan..
I have a server side script which controls the ssh tunnels to my windows/*nix clients which are in the DMZ
Basically it requires that you put a tag at the end of the client name in bb-hosts called ssh-tunnel
Its hardly a work of art but it works ok for us.. If it sees the connection is down it will warn and continue to retry the connection..
Hope this helps..
regards
Padraig Lennon
Senior Systems Engineer
Production Services
Pioneer Global Investments (Dublin)
5th Floor Georges Quay Plaza, Dublin 2
ext: 2081
Direct dial: 00353 1 480 2081
From: Johan Booysen [mailto:johan at matrix-data.co.uk] Sent: 14 August 2008 16:57 To: hobbit at hswn.dk Subject: RE: [hobbit] need help in monitoring edmz client
I want to be able to monitor 2 hosts in the dmz.
Having su -c "ssh hobbit at hobbitclient -T -n -N -g -x -R1984:127.0.0.1:1984" hobbit in /etc/rc.local seems to work for the first host. I added a second line like that for a second host, but it doesn’t work for the second host unless I execute the command manually – at which point both dmz hosts report back.
Does anyone know why this is happening and how I can get it to work?
Thanks.
From: Johan Booysen [mailto:johan at matrix-data.co.uk] Sent: 14 August 2008 14:02 To: hobbit at hswn.dk Subject: RE: [hobbit] need help in monitoring edmz client
This works for me (RHEL5 machines), if it helps anyone else. Any comments most welcome:
Create the .ssh folder (on both the hobbit server and the hobbit client) in /var/lib/hobbit as root, chown it to hobbit:hobbit, and chmod it to 700.
On the hobbit server, now as the hobbit user:
Generate a private/public keypair with an empty password:
$ pwd
/var/lib/hobbit
$ ssh-keygen -t dsa
Copy the generated public key to the hobbit client:
$ scp .ssh/id_dsa.pub hobbit at hobbitclient:/var/lib/hobbit
On the hobbit client:
Rename the public key:
$ mv id_dsa.pub authorized_keys
Copy the authorized_keys file to the user’s .ssh directory.
$ mv authorized_keys .ssh/
Check that the authorized_keys file has the following permissions:
-rw-r--r-- 1 hobbit hobbit 603 Aug 14 12:16 authorized_keys