Solved

Creating a script to test a local website

Posted on 2006-07-17
9
247 Views
Last Modified: 2013-12-16
Hello all,

I have a requirement for a script to test certificate expiry on particular ports on a server.  However the server is located in a DMZ and is accessable only via SSH.  I thought about opening the ports up, but there are roughly about 100 of these servers, the over head is far too much, also the script uses specific SSLEAY and various other perl modules to work.  I'm looking to have a central reporting server that basically periodicaly logs on via SSH, creates a SSH Tunnel, Perl script executes and examines specific ports on the destination server out put is pushed into a file.  I know I can get around the SSH logon stuff with creating certificates on the client and destination servers, but how can I tunnel the ports in a script and keep them open to allow another script  to execute on the client server?

I have the Perl script etc.., I only want to know how the SSH stuff will work

More info if required.

And Thanks to all in advance.
0
Comment
Question by:london_mccourt
  • 3
  • 3
  • 2
  • +1
9 Comments
 
LVL 15

Expert Comment

by:DonConsolio
ID: 17122280
you might want to have a look at "nessus"
0
 
LVL 40

Expert Comment

by:noci
ID: 17122374
man ssh

will show options like -L & -R You can experiment with that.

If you are looking for a more generic monitor nagios might be usefull for the reporting & monitoring.

0
 

Author Comment

by:london_mccourt
ID: 17122378
thanks Don, Nessus is a little colossus for me, I like the output I get from this script, I'd rather stick to it.
0
Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

 

Author Comment

by:london_mccourt
ID: 17122749
I'm kinda looking for a few examples, I've gone through the man pages.
0
 
LVL 40

Accepted Solution

by:
noci earned 400 total points
ID: 17124723
ssh -L localhost:12345:anotherremotehost:5678 someuser@remotehost -f

I am assuming you have setup private/public keys ...

will open a tunnel from your host to the remotehost and build a tunnel ,
then allow connections on the localsystem to port 127.0.0.1:12345 to have the
remotehost connect to another remotehost port 5678

0
 
LVL 22

Expert Comment

by:pjedmond
ID: 17124953
I know you said you were familiar with client and server certificates....but are you doing them properly, and protecting them with a password?

http://www.cvrti.utah.edu/~dustman/no-more-pw-ssh/

You can execute a command on the remote server:

ssh someuser@remotehost command

so if you want to ls a directory and put the data into a file on the local machine:

echo `ssh someuser@remotehost ls -al ` > output.txt

(   (()
(`-' _\
 ''  ''



0
 
LVL 22

Expert Comment

by:pjedmond
ID: 17202429
..or alternatively, stick your perl script on the server concerned, and record the output locally:

echo `ssh someuser@serverindmz.com myscript.pl ` > output.txt

(   (()
(`-' _\
 ''  ''
0
 

Author Comment

by:london_mccourt
ID: 17295458
noci, thanks for your help

Oddly I'm using the below line in my script (cert passwordless connections working great.

$SERVNM = remote host name
$SERVPRT = remote post port

ssh -v -N -L 12345:$SERVNM:$SERVPRT user@$SERVNM -i $HOME/identity-test/id_rsa

I have done a combination of nohup, -f, sh, and traling & to have the tunnel 'spawned' off so that the rest of the script can execute, but the script stops everytime and doesn't continue until I break it.

The tunnel works really well, I can open another console and telnet to the new port no problem.

Any ideas?
0
 
LVL 40

Expert Comment

by:noci
ID: 17306941
a -n is required to disconnect the stdin from the controlling terminal.

a -f should imply a -n... (open ssh at least).
0

Featured Post

Master Your Team's Linux and Cloud Stack!

The average business loses $13.5M per year to ineffective training (per 1,000 employees). Keep ahead of the competition and combine in-person quality with online cost and flexibility by training with Linux Academy.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Access_log 17 121
How can i set a Environment Variable in my Unix script ? 3 68
Reset Root Password on CentOS 6 4 55
How to mount nfs share on this CentOS server? 6 29
rdate is a Linux command and the network time protocol for immediate date and time setup from another machine. The clocks are synchronized by entering rdate with the -s switch (command without switch just checks the time but does not set anything). …
Linux users are sometimes dumbfounded by the severe lack of documentation on a topic. Sometimes, the documentation is copious, but other times, you end up with some obscure "it varies depending on your distribution" over and over when searching for …
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question