Munin

From LinuxServerTech

Jump to: navigation, search


Install Munin and configure 

apt-get install munin-node libio-socket-ssl-perl libwww-perl libnet-irc-perl smartmontools acpi lm-sensors ethtool

This FAQ entry was developed by Lupe Christoph, with the help of Jim Cheetham. You have to configure the node thusly: 

[ssh-node]
address 127.0.0.1
port 5050

Then use ssh to establish the tunnel: 

ssh -L 5050:localhost:4949 -f -N -i keyfile user@ssh-node

This will establish a tunnel between TCP ports 5050 on the calling machine to 4949 on the called machine. It will also send ssh in the background after possibly asking for a passphrase, a password or something like that. Since we are using a key made for this purpose, we have to specify that file with this key.

You should protect against misuse of ssh by creating a special key (and possibly also a special user). On the node, put something like this in ~user/.ssh/authorized_keys: 

from="192.168.1.35",command="/bin/false",no-pty,no-X11-forwarding,no-agent-forwarding,no-port-forwarding,permitopen="localhost:4949" ssh-dss AAAAB3......

Thus, we are restricting the key to a forced command "/bin/false" that is run independent of the request from the calling side. We are also restricting a few options:

  • from="192.168.1.35" accept the key only from this IP address
  • command="/bin/false" always run this command
  • no-pty never allocate a PTY for interactivity
  • no-X11-forwarding do not forward X11 client connections
  • no-agent-forwarding prevent ssh-agent usage
  • no-port-forwarding prevent ssh -R ...
  • permitopen="localhost:4949" only allow this for ssh -L ...
Retrieved from "http://wiki.linuxservertech.com/index.php/Munin"