Re: [fw-wiz] Query on OS hardening

From: John Adams (jna@retina.net)
Date: 02/20/03

  • Next message: Volker Tanger: "Re: [fw-wiz] Query on OS hardening" 
    From: John Adams <jna@retina.net>
To: Carson Gaspar <carson@taltos.org>
Date: Thu, 20 Feb 2003 04:21:52 -0800 (PST)

    On Thu, 20 Feb 2003, Carson Gaspar wrote:

    > Ah yes... and how much CPU do you have to spare for SSH session setup (on
    > both the systemn being monitored and your monitoring server)? And how often
    > do you want to collect the data? Doing this correctly requires something
    > better than:
    >
    > result="`ssh server-to-monitor test-script`"
    >
    > At least, it does if you want it to scale.

    Enh, don't knock this approach. We had 9700 machines on (an unnamed large
    Internet Search company's) Search Cluster running this sort of a solution
    plus some custom code to fork multiple ssh processes when things needed to
    get done quickly.

    I've also used similar solutions with Orca (for collection of host
    statistics) and RRDTool. You need to determine how many hosts you really
    want to support, and then how many machines you'll be connecting to. The
    SSH connection and startup expense is far outweighed by the advantages you
    receive -- encrypted connections, non-repudiation, and control over the
    connection.

    -john 

    -- 
J. Adams					http://www.retina.net/~jna
The secret of knowing where you are, is knowing what time it is. -- Anonymous
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

    Relevant Pages

    • Re: How to create an ssh chain A->B->C to do http over ssh across the chain?
      ... running the following on host A: ... will be forwarded over an SSH connection to port 8080 on host B. The ... second "ssh" command running on B, meanwhile, will then act as a SOCKS ...
      (Debian-User)
    • Re: Password Guessing
      ... > I have an ssh gateway linux-box which is the victim of daily visits by ... Like this, on any ssh connection the script ssh-throttle will be called, ... supplied with the IP address of the source host, ...
      (comp.security.ssh)
    • Re: What is The SSH?
      ... Building and Using SSH Tunnels ... What is an SSH tunnel? ... how to use it to make a connection to a server. ... You will need a working SSH client and server installation to build and test ...
      (microsoft.public.windows.server.networking)
    • Re: rcp and rlogin
      ... I just tried three ssh connections to work to machines my ip should not be ... Connection closed by remote host ... ssh: connect to host port 22: Connection timed out ...
      (RedHat)
    • Question on SSH configuration in a cluster environment.
      ... When a failover happens in a cluster, ... known_hosts file is picking up the public key from the physical host. ... In investigating the ssh configuration issue for the cluster I have ... there are ssh connection issues because the host_keys are ...
      (comp.unix.solaris)