On Sat, June 2, 2007 22:50, Haertig, David F (Dave) wrote:
I guess what I'm looking for is a hobbitfetch variant that uses ssh/scp rather than connecting to a msgcache listener. And along with that, a way to configure the client to collect data normally, but skip starting a listening service.
Why not just use msgcache bound to a localhost address and ssh port tunneling, front-ended by autossh for persistence?
AUTOSSH_GATETIME=0
autossh -M 0 -f -f -N -L 127.0.0.2:1984:127.0.0.2:1984
-i <path-to-rsa-private-key> someunprivilegeduser at dmzserver.example.com
Install autossh. Do your key exchange, test ssh PKI authentication. Set msgcache to --listen=127.0.0.2 and --server=127.0.0.1, use "dmzserver.example.com 127.0.0.2 # testip pulldata" in bb-hosts, and you should be good to go, with a msgcache that cannot be fetched except via your tunnel. Note that the conn check for this bb-host entry will be meaningless, and you'll need to add -L port mappings for any other server-side tests you want.
Writing this from memory, so there might be a syntax error or misspelled option. But it's pretty close. You do need a very up-to-date ssh to specify the near-side IP on the -L port forward (which helps you to keep up with tunnels for different hosts--otherwise you have to use different ports; I actually put in /etc/hosts entries for the 127.0.0.x entries so I can call them by name). I know that the near-side ip spec is supported in the current repo versions for FC5 and up, RHEL5, and Centos5, but not in RHEL4 and down. Hope this helps.