Ad Widget

Collapse

Initialize SSH tunnel before active agent sends?

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • freak
    Member
    • Oct 2007
    • 52
    #1

    Initialize SSH tunnel before active agent sends?

    Could I somehow initialize an SSH tunnel before active agent sends its data?

    I guess the problem would be to get some kind of signal from the agent some time before it starts sending its data (since making the connection might need some time).
    And probably I should be able to detect when all data has been sent to destroy the tunnel again.

    Of course it would be possible to have the tunnel stay open all the time.. but I don't think that's a good solution

    It's not only a problem of missing encryption in server<->agent communication but also when you're in a firewalled environment and don't want to go VPN..


    Cheers
    Sebastian
    Tags: None
    • Niels
      Senior Member
      • May 2007
      • 239
      #2
      What problem do you see in keeping the tunnel open?

        Comment

        • freak
          Member
          • Oct 2007
          • 52
          #3
          We experienced ssh tuns just going dead after a couple of weeks - they just won't transport anything more.

          So they could be restarted like once a day but one might as well just open them as needed.

            Comment

            • freak
              Member
              • Oct 2007
              • 52
              #4
              I wrote a bit of code in the meantime that will fork() and execvp() ssh then.

              Now the problem I have is: when should I start the ssh connection?

              So far I've been placing sshtun_open() in active.c refresh_metrics() because initially I only wanted it to work for the active agent. But
              • it might be interesting for all of agentd (or even agent)
              • when the agent forks, it calls sshtun_open() a second time, which is not what I actually meant to happen

              So where should I place the function call?

              The idea is to keep the tun open for a reasonable amount of time.
              Maybe if RefreshActiveChecks is 3600, it wouldn't have to be open all the time. Maybe five minutes would be enough. Or if RefreshActiveChecks is <300, it should stay open all the time.

              Maybe zabbix_agentd could even check if the tun is still there and in doubt reinitialize it.

              Any suggestions?

                Comment

                • Niels
                  Senior Member
                  • May 2007
                  • 239
                  #5
                  I use ssh with autossh between nodes, but not between agents and servers. So my tunnels are open all the time, but I don't have a problem with that.

                    Comment

                    Previous template Next
                    Working...