no way to compare when less than two revisions
Differences
This shows you the differences between two versions of the page.
— | addons:ssh_tunnel [2011/04/07 13:37] (current) – created - external edit 127.0.0.1 | ||
---|---|---|---|
Line 1: | Line 1: | ||
+ | ====== ssh_tunnel.sh ====== | ||
+ | ^ Author | [[ padraig.lennon@pioneerinvestments.com | Padraig Lennon ]] | | ||
+ | ^ Compatibility | All Versions | | ||
+ | ^ Requirements | Linux/ | ||
+ | ^ Download | None | | ||
+ | ^ Last Update | 2011-04-07 | | ||
+ | |||
+ | ===== Description ===== | ||
+ | If you have servers in a DMZ which do not allow inbound connections to port 1984 hobbit, then a common way around it is to allow out ssh (port 22) and create a reverse ssh tunnel to the hobbit server (port 1984) using ssh keys for password-less connections. | ||
+ | |||
+ | Full details on setting this up can be found on the hobbit wiki: [[http:// | ||
+ | |||
+ | (Thanks to Johan Booysen for writing this up) | ||
+ | |||
+ | **ssh_tunnels.sh** is a server side bash script which reads the **bb-hosts** file for clients with the appended tag **ssh-tunnels**. | ||
+ | |||
+ | The script will loop through the list gathered from bb-hosts and check that the reverse ssh tunnel process is up and running. If it is not it will turn red, but it will attempt to restart the tunnel. It will continue to do this until the tunnel is ok. | ||
+ | |||
+ | This will result in a new column called **ssh-tunnel** being added to the client display. | ||
+ | |||
+ | **Update 0.0.3** - You can now specify non-standard ssh ports to connect to the ssh client. You can do this by using the following syntax: **ssh-tunnel: | ||
+ | |||
+ | Please note that if you upgrade your existing version to 0.0.3 you will need to kill all existing tunnels first. This is because the process listing will change. To kill all existing tunnels you can run the command | ||
+ | |||
+ | < | ||
+ | for PROCESS in `ps -ef | grep " | ||
+ | </ | ||
+ | |||
+ | where xymon_server is the name of the host running the ssh-tunnels.sh script.. If in doubt just do a directory listing. The script will recreate the tunnels once running | ||
+ | |||
+ | |||
+ | ===== Installation ===== | ||
+ | 1. Place the script on the Xymon Server in the **/ | ||
+ | |||
+ | 2. chmod 755 / | ||
+ | |||
+ | 3. Edit the file **/ | ||
+ | |||
+ | Add the following: | ||
+ | < | ||
+ | [ssh-tunnel] | ||
+ | ENVFILE / | ||
+ | CMD $BBHOME/ | ||
+ | LOGFILE $BBSERVERLOGS/ | ||
+ | INTERVAL 1m | ||
+ | </ | ||
+ | |||
+ | 4. Restart the Xymon Server application | ||
+ | |||
+ | ===== Source ===== | ||
+ | ==== ssh_tunnel.sh ==== | ||
+ | <hidden onHidden=" | ||
+ | < | ||
+ | #!/bin/ksh | ||
+ | #set -xv | ||
+ | ##################################################################### | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | # ######################################################### | ||
+ | # | ||
+ | # Date - Modifier - Version - Change | ||
+ | # | ||
+ | # | ||
+ | # web page | ||
+ | # | ||
+ | # bb-host using ssh-tunnel: | ||
+ | # | ||
+ | # | ||
+ | # with Key Checking | ||
+ | # | ||
+ | |||
+ | ########################################################################### | ||
+ | # | ||
+ | ########################################################################### | ||
+ | |||
+ | PROGNAME=$(basename $0) # Script Name | ||
+ | TEMP_FILE=/ | ||
+ | TEST=ssh-tunnel | ||
+ | COLUMN=$TEST | ||
+ | AUTHOR=padraig.lennon@pioneerinvestments.com # Test Author | ||
+ | VERSION="< | ||
+ | SSH_PORT=" | ||
+ | |||
+ | ########################################################################### | ||
+ | # | ||
+ | ########################################################################### | ||
+ | |||
+ | ##### | ||
+ | # | ||
+ | # | ||
+ | ##### | ||
+ | function clean_up | ||
+ | { | ||
+ | rm -f ${TEMP_FILE} | ||
+ | } | ||
+ | |||
+ | |||
+ | ##### | ||
+ | # | ||
+ | # | ||
+ | ##### | ||
+ | function graceful_exit | ||
+ | { | ||
+ | clean_up | ||
+ | exit | ||
+ | } | ||
+ | |||
+ | |||
+ | |||
+ | ##### | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | ##### | ||
+ | function error_exit | ||
+ | { | ||
+ | local ERR_MSG | ||
+ | |||
+ | ERR_MSG="## | ||
+ | echo -e ${ERR_MSG} >&2 | ||
+ | clean_up | ||
+ | exit 255 | ||
+ | } | ||
+ | |||
+ | |||
+ | |||
+ | ##### | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | ##### | ||
+ | function warning | ||
+ | { | ||
+ | local WARN_MSG | ||
+ | |||
+ | WARN_MSG="## | ||
+ | echo -e ${WARN_MSG} >&2 | ||
+ | } | ||
+ | |||
+ | |||
+ | |||
+ | ##### | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | ##### | ||
+ | function print_step | ||
+ | { | ||
+ | local STEP_MSG | ||
+ | |||
+ | STEP_MSG="# | ||
+ | echo -e ${STEP_MSG} | ||
+ | } | ||
+ | |||
+ | |||
+ | |||
+ | ##### | ||
+ | # | ||
+ | # | ||
+ | ##### | ||
+ | function int_exit | ||
+ | { | ||
+ | echo -e " | ||
+ | clean_up | ||
+ | exit 255 | ||
+ | } | ||
+ | |||
+ | |||
+ | |||
+ | |||
+ | ##### | ||
+ | # | ||
+ | # No arguments | ||
+ | ##### | ||
+ | function help | ||
+ | { | ||
+ | local tab=$(echo -en " | ||
+ | |||
+ | cat <<- -EOF- | ||
+ | |||
+ | Check ssh-tunnels to dmz clients | ||
+ | |||
+ | |||
+ | Usage: ${PROGNAME} [-h] | ||
+ | |||
+ | Required parameters: | ||
+ | |||
+ | Optional parameters: | ||
+ | |||
+ | -h, --help | ||
+ | |||
+ | |||
+ | Example(s): | ||
+ | |||
+ | ${PROGNAME} | ||
+ | |||
+ | |||
+ | Exit Codes: | ||
+ | 0 | ||
+ | 255 Error | ||
+ | |||
+ | |||
+ | Author: Padraig Lennon | ||
+ | |||
+ | -EOF- | ||
+ | } | ||
+ | |||
+ | |||
+ | ##### USER DEFINED FUNCTIONS | ||
+ | ########################################################################### | ||
+ | # Check command line parameters | ||
+ | ########################################################################### | ||
+ | |||
+ | # Trap INT signals and properly exit | ||
+ | |||
+ | trap int_exit INT | ||
+ | |||
+ | |||
+ | |||
+ | # Process command line arguments | ||
+ | # | ||
+ | # | ||
+ | while getopts ": | ||
+ | case $opt in | ||
+ | h ) help | ||
+ | graceful_exit | ||
+ | ;; | ||
+ | * ) help | ||
+ | error_exit "Wrong parameter passed" | ||
+ | ;; | ||
+ | esac | ||
+ | done | ||
+ | |||
+ | |||
+ | |||
+ | ########################################################################### | ||
+ | # Main Body of Script | ||
+ | ########################################################################### | ||
+ | |||
+ | ${GREP} -i " | ||
+ | do | ||
+ | set $L # To get one line of output from the grep output | ||
+ | |||
+ | | ||
+ | | ||
+ | | ||
+ | |||
+ | for OPTION in `echo $* | $AWK -F# {' | ||
+ | do | ||
+ | OPTION_VAL=`echo $OPTION | $GREP ${TEST} 2>/ | ||
+ | if [ " | ||
+ | # We have found the test definition. Check if an alternative port was supplied | ||
+ | SSH_PORT_VAL=`echo $OPTION_VAL | $AWK -F: {' | ||
+ | if [ " | ||
+ | SSH_PORT=$SSH_PORT_VAL | ||
+ | else | ||
+ | SSH_PORT=22 | ||
+ | fi | ||
+ | fi | ||
+ | done | ||
+ | |||
+ | |||
+ | |||
+ | | ||
+ | | ||
+ | CLIENT=`echo $MACHINEDOTS | $AWK -F. {' | ||
+ | |||
+ | COUNT=`$PS -ef|$GREP "ssh -fnNR [1]984" | ||
+ | if [ $COUNT -eq 0 ] ; then | ||
+ | COLOR=yellow | ||
+ | # | ||
+ | ssh -fnNR 1984: | ||
+ | if [ $? -ne 0 ] ; then | ||
+ | MSG="& | ||
+ | COLOR=red | ||
+ | else | ||
+ | MSG="& | ||
+ | COLOR=yellow | ||
+ | fi | ||
+ | elif [ $COUNT -gt 1 ] ; then | ||
+ | for PROCESS in `$PS -ef | $GREP "ssh -fnNR" | ||
+ | do | ||
+ | kill $PROCESS | ||
+ | done | ||
+ | |||
+ | # | ||
+ | ssh -fnNR 1984: | ||
+ | if [ $? -ne 0 ] ; then | ||
+ | MSG="& | ||
+ | COLOR=red | ||
+ | else | ||
+ | MSG="& | ||
+ | COLOR=yellow | ||
+ | fi | ||
+ | else | ||
+ | MSG="& | ||
+ | fi | ||
+ | |||
+ | $BB $BBDISP " | ||
+ | |||
+ | ${MSG} | ||
+ | |||
+ | |||
+ | | ||
+ | " | ||
+ | |||
+ | done | ||
+ | |||
+ | graceful_exit | ||
+ | </ | ||
+ | </ | ||
+ | |||
+ | ===== Known Bugs and Issues ===== | ||
+ | |||
+ | ===== To Do ===== | ||
+ | |||
+ | ===== Credits ===== | ||
+ | |||
+ | ===== Changelog ===== | ||
+ | |||
+ | * **2008-08-14 - 0.0.1** | ||
+ | * Initial release | ||
+ | * **2008-08-19 - 0.0.2** | ||
+ | * Updated the script to display the coloured icon on the client web page | ||
+ | * **2009-08-03 - 0.0.3** | ||
+ | * Allow user define the ssh port (if non-standard) in bb-hosts using ssh-tunnel: | ||
+ | * **2010-02-26 - 0.0.4** | ||
+ | * Match exact name of client in COUNT (Thanks Tony Larco for testing) | ||
+ | * **2011-04-07 - 0.0.5** | ||
+ | * Added "-o StrictHostKeyChecking=no" |