fmangeant
Cacti Guru User
Joined: 19 Sep 2003
Posts: 2325
Location: Sophia-Antipolis, France
|
 Posted: Thu Dec 20, 2007 10:46 am Post subject: [HOWTO] Using SSH tunnels to graph a remote Unix server |
 |
|
- Version 0.2 (01/09/2008) : added details about SSH options
- Version 0.1 (12/20/2007) : intial release
This HowTo will explain how to use SSH tunnels to graph a Unix server that isn't directly reachable by your Cacti server :
In this example, the Cacti server can reach the Gateway, which can reach the target server.
Chapter I: Configuring the SSH tunnel
On Gateway, create a "cactiuser" user :
| Code: | | # useradd -d /home/cactiuser -m cactiuser |
Then you have to generate SSH keys (without passphrase) :
| Code: | # su - cactiuser
$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/cactiuser/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/cactiuser/.ssh/id_rsa.
Your public key has been saved in /home/cactiuser/.ssh/id_rsa.pub.
The key fingerprint is:
40:f6:91:a1:2d:d1:46:d4:76:e3:d8:c6:3f:c2:cf:f2 cactiuser@gateway |
The public key of the "cactiuser" user has then to be authorized as an input key :
| Code: | $ cd $HOME/.ssh
$ cp -p id_rsa.pub authorized_keys |
Finally, create the SSH tunnel :
| Code: | | # su - cactiuser -c "ssh -f -N -g -L 192.168.0.2:10000:192.168.1.2:161 cactiuser@localhost" |
This SSH tunnel will forward all packets sent to 192.168.0.2 on TCP port 10000, to 192.168.1.2 on port TCP 161.
The options that are used are the following :
- -f : requests SSH to go to background just before command execution
- -N : do not execute a remote command
- -g : allows remote hosts to connect to local forwarded ports
- -L : specifies that the given port on the local (client) host is to be forwarded to the given host and port on the remote side.
You can add this command to /etc/rc.local, so it will be executed at boot time.
Chapter II: Configuring Net-SNMP
By default, the Net-SNMP agent listens on UDP port 161; we'll modify its configuration to listen on TCP port 161.
To do so, use that in snmpd.conf on the target server :
| Code: | agentaddress tcp:161
rocommunity mycommunity |
For a more detailed configuration of snmpd.conf, follow this other HowTo.
Chapter III: Testing the SNMP connectivity
From the Gateway host, run this command :
| Code: | $ snmpwalk -v 1 -c mycommunity tcp:192.168.1.2 sysname
SNMPv2-MIB::sysName.0 = STRING: target_server |
From the Cacti server, run this command :
| Code: | $ snmpwalk -v 1 -c mycommunity tcp:192.168.0.2:10000 sysname
SNMPv2-MIB::sysName.0 = STRING: target_server |
If everything works fine, your host is then ready to be added to Cacti.
If not, review your network configuration (firewall rules, especially).
Chapter IV: Adding the device to Cacti
In Cacti, create a new device like that :
Voila ! Your target server is graphed by Cacti 
Last edited by fmangeant on Wed Jan 09, 2008 9:57 am; edited 2 times in total |
|
FAQ
Search
Memberlist
Register
Profile
Log in to check your private messages
Log in
