Table of Contents

ssh_tunnel.sh

Author Padraig Lennon
Compatibility All Versions
Requirements Linux/Solaris
Download None
Last Update 2011-04-07

Description

If you have servers in a DMZ which do not allow inbound connections to port 1984 hobbit, then a common way around it is to allow out ssh (port 22) and create a reverse ssh tunnel to the hobbit server (port 1984) using ssh keys for password-less connections.

Full details on setting this up can be found on the hobbit wiki: http://en.wikibooks.org/wiki/System_Monitoring_with_Xymon/Other_Docs/HOWTO#Monitor_Xymon_clients_in_a_DMZ_using_reverse_SSH_tunnels

(Thanks to Johan Booysen for writing this up)

ssh_tunnels.sh is a server side bash script which reads the bb-hosts file for clients with the appended tag ssh-tunnels.

The script will loop through the list gathered from bb-hosts and check that the reverse ssh tunnel process is up and running. If it is not it will turn red, but it will attempt to restart the tunnel. It will continue to do this until the tunnel is ok.

This will result in a new column called ssh-tunnel being added to the client display.

Update 0.0.3 - You can now specify non-standard ssh ports to connect to the ssh client. You can do this by using the following syntax: ssh-tunnel:NNNN where NNNN is the port in question. Example ssh-tunnel:2222 This is only needed if a non-standard port is used. The script defaults to port 22

Please note that if you upgrade your existing version to 0.0.3 you will need to kill all existing tunnels first. This is because the process listing will change. To kill all existing tunnels you can run the command

for PROCESS in `ps -ef | grep "[:]xymon_server:" | awk {'print $2'}`;do kill $PROCESS ; done

where xymon_server is the name of the host running the ssh-tunnels.sh script.. If in doubt just do a directory listing. The script will recreate the tunnels once running

Installation

1. Place the script on the Xymon Server in the /path/to/hobbit/server/ext folder

2. chmod 755 /path/to/hobbit/server/ext/ssh_tunnels.sh

3. Edit the file /path/to/hobbit/server/etc/hobbitlaunch.cfg

Add the following:

[ssh-tunnel]
    ENVFILE /path/to/hobbit/server/etc/hobbitserver.cfg
    CMD $BBHOME/ext/ssh-tunnels.sh
    LOGFILE $BBSERVERLOGS/ssh-tunnels.log
    INTERVAL 1m

4. Restart the Xymon Server application

Source

ssh_tunnel.sh

Show Code ⇲

Hide Code ⇱

#!/bin/ksh
#set -xv
#####################################################################
#
#       Name:                   Padraig Lennon
#       Date:                   07-Apr-2011
#       Script Description:     Check the SSH tunnels to DMZ (External) Hobbit/Xymon clients
#       Version:                0.05
#       Licence:                        Please feel free to modify, and use without cost
#                                       Please leave reference to original author.
#
#       #########################################################
#
#       Date - Modifier - Version - Change
#       12-Dec-2007 - P.Lennon - 0.01 - Initial Release
#       19-Aug-2008 - P.Lennon - 0.02 - Updated the script to display the coloured icon on the client
#                                                                web page
#       03-Aug-2009 - P.Lennon - 0.03 - Allow user define the ssh port (if non-standard) in
#                                                                bb-host using ssh-tunnel:port syntax
#       26-Feb-2010 - P.Lennon - 0.04 - Match exact name of client in COUNT
#       07-Apr-2011 - P.Lennon - 0.05 - Add "-o StrictHostKeyChecking=no" to avoid issues 
#                                                                with Key Checking
#

###########################################################################
#       Constants/Global variables
###########################################################################

PROGNAME=$(basename $0)                 # Script Name
TEMP_FILE=/tmp/${PROGNAME}.$$.$RANDOM   # Temp Output File
TEST=ssh-tunnel                                         # Hobbit/Xymon test name
COLUMN=$TEST                                            # Hobbit/Xymon test name
AUTHOR=padraig.lennon@pioneerinvestments.com # Test Author
VERSION="<p><center><h5>`basename $0`, $AUTHOR </h5></center>"
SSH_PORT="22"

###########################################################################
#       Functions
###########################################################################

#####
#       Function to remove temporary files and other housekeeping
#       Arguments=0
#####
function clean_up
{
        rm -f ${TEMP_FILE}              # Remove the temp output file
}


#####
#       Function called for a graceful exit
#       Arguments=0
#####
function graceful_exit
{
        clean_up
        exit
}



#####
#       Function for exit due to fatal program error
#       Arguments=1
#       Argument 0: string containing descriptive error message
#####
function error_exit
{
        local ERR_MSG

        ERR_MSG="##\n#Error: ${1}\n##\n"
        echo -e ${ERR_MSG} >&2
        clean_up
        exit 255
}



#####
#       Function for printing warning messages
#       Arguments=1
#       Argument 0: string containing descriptive warning message
#####
function warning
{
        local WARN_MSG

        WARN_MSG="##\n#Warning: ${1}\n##\n"
        echo -e ${WARN_MSG} >&2
}



#####
#       Function for printing script steps
#       Arguments=1
#       Argument 0: string containing descriptive step message
#####
function print_step
{
        local STEP_MSG

        STEP_MSG="#----> ${1}"
        echo -e ${STEP_MSG}
}



#####
#       Function to perform exit if interrupt signal is trapped
#       Arguments=0
#####
function int_exit
{
        echo -e "${PROGNAME}: Aborted by user"
        clean_up
        exit 255
}




#####
#       Function to display help message for program
#       No arguments
#####
function help
{
        local tab=$(echo -en "\t\t")

cat <<- -EOF-

        Check ssh-tunnels to dmz clients


        Usage: ${PROGNAME} [-h]

        Required parameters:

        Optional parameters:

        -h, --help      Display this help message and exit.


        Example(s):

        ${PROGNAME}


        Exit Codes:
        0       Success
        255     Error


        Author: Padraig Lennon

-EOF-
}


#####   USER DEFINED FUNCTIONS  ######################
###########################################################################
#       Check command line parameters
###########################################################################

# Trap INT signals and properly exit

trap int_exit INT



# Process command line arguments
#       Parameters with arguments divide with : i.e. for option o use o:
#       Parameters with no arguments add the option after the h. no extra :
while getopts ":h" opt; do
        case $opt in
                h )     help
                        graceful_exit
                        ;;
                * )     help
                        error_exit "Wrong parameter passed"
                        ;;
        esac
done



###########################################################################
#       Main Body of Script
###########################################################################

${GREP} -i "^[0-9].*#.*${TEST}" ${BBHOSTS} | while read L
do
   set $L     # To get one line of output from the grep output

   HOSTIP=$1
   MACHINEDOTS=$2
   MACHINE=`echo $MACHINEDOTS | $SED -e 's/\./,/g'`

        for OPTION in `echo $* | $AWK -F# {'print $2'}| $SED s/\s+/\s/g`
        do
            OPTION_VAL=`echo $OPTION | $GREP ${TEST} 2>/dev/null`
            if [ "$OPTION_VAL" != "" ] ; then
                #       We have found the test definition. Check if an alternative port was supplied
                SSH_PORT_VAL=`echo $OPTION_VAL | $AWK -F: {'print $2'}`
                if [ "$SSH_PORT_VAL" != "" ] ; then
                        SSH_PORT=$SSH_PORT_VAL
                else
                        SSH_PORT=22
                fi
            fi
        done



   COLOR=green
   MSG="$TEST status for host $MACHINEDOTS"
        CLIENT=`echo $MACHINEDOTS | $AWK -F. {'print $1'}`

    COUNT=`$PS -ef|$GREP "ssh -fnNR [1]984"| $EGREP "$SSH_PORT $CLIENT$"| wc -l | $SED -e "s/\ //g"`
    if [  $COUNT -eq 0 ] ; then
            COLOR=yellow
        #   Restarting the Tunnel
        ssh -fnNR 1984:`hostname`:1984 -o StrictHostKeyChecking=no -p $SSH_PORT $CLIENT
        if [ $? -ne 0 ] ; then
            MSG="&red Tunnel is down.. Restart attempt failed"
            COLOR=red
        else
            MSG="&yellow Tunnel recently restarted"
            COLOR=yellow
        fi
    elif [ $COUNT -gt 1 ] ; then
        for PROCESS in `$PS -ef | $GREP "ssh -fnNR"| GREP "$CLIENT" | $AWK {'print $2'}`
        do
            kill $PROCESS
        done

        #   Restarting the Tunnel
        ssh -fnNR 1984:`hostname`:1984 -o StrictHostKeyChecking=no -p $SSH_PORT $CLIENT
            if [ $? -ne 0 ] ; then
                MSG="&red Tunnel is down.. Restart attempt failed"
                COLOR=red
            else
                MSG="&yellow Tunnel recently restarted"
                COLOR=yellow
            fi
    else
        MSG="&green SSH Tunnel to $CLIENT ok"
    fi

$BB $BBDISP "status $MACHINEDOTS.$COLUMN $COLOR `date`

${MSG}


 $VERSION
"

done

graceful_exit

Known Bugs and Issues

To Do

Credits

Changelog