Friday, January 13, 2012

Ssh tunnels are great


At work I'm connecting to multiple Munin statistics servers. On my lappytop I'm only running one server, so how do I get multiple sets of results?  Answer: create a tunnel to another server!


The Munin protocol is extremely easy, send "fetch X" to get statistics on X.  In my example df=Disk File usage.  Here's how to get local information, via Munin running locally on port 4949.



$ echo 'fetch df' | nc -q1 localhost 4949
# munin node at freebeer
_dev_sda1.value 5.29318865322941
_dev.value 0.0339391645617528
_dev_shm.value 0.378827479751794
_var_run.value 0.00922469512382616
_var_lock.value 0
.

Here's how to make a remote machine's Munin (on port 4949) show up on localhost (port 4950). This means we can scan multiple local ports to get information on many different machines.

ssh -fNL localport/localhost/remoteport remotehost

Option "-f" means drop into the background after asking for a password.  Next option "-N" is so the ssh connection doens't try to run anything remotely.  The next bit actually creates the tunnel.  It reads (L)ocal port 4950 maps to remotehost 4949.  The "localhost" in slashes is in respect to the connected session -- from our perspective it's remotehost.

Here it is in context.  Establish a tunnel, use it to get Munin Disk Filesystem information for the remote host.


$ ssh -fNL 4950/localhost/4949 myremotehost


$ echo 'fetch df' | nc -q1 localhost 4950
# munin node at myremotehost
_dev_xvda2.value 3.15090884943856
_dev.value 0.022631566185207
_dev_shm.value 0
_var_run.value 10.3138711271508
_var_lock.value 0
_lib_init_rw.value 0
.

http://www.engadget.com/2006/03/21/how-to-ssh-tunnels-for-secure-network-access/