HomeForumsArticlesMarketplaceDownloadsHostingFreebiesJobs
Applications|Desktop|Installation|Misc|Multimedia|Network|Programming|Reviews|Security|Servers
Welcome to Linux Forums! With a comprehensive Linux Forum, information on various types of Linux software and many Linux Reviews articles, we have all the knowledge you need a click away, or accessible via our knowledgeable members.
Find the answer to your Linux question:
Site Navigation
Linux Forums
Linux Articles
Product Showcase
Linux Downloads
Linux Hosting
Free Magazines
Job Board
IRC Chat
RSS Feeds
Free Publications


SNMP over SSH

User Score User Score
Editor Score Editor Score
Contributed by: Neelesh Gurjar
Category: Network
Distribution: CentOS
Views: 4010
License: Linux Forums Article License
Posted: 04 July, 2009
ToolsTools »
 BookmarkShare
 
Many monitoring softwares like EM7, Nagios need SNMP service running on servers to be monitored. However administrator or security admin never want to make SNMP running on their production servers because of Security issues. Here is workaround for this issue. We will run SNMP through SSH (encrypted) channel and will make it secured.


We will be using few terms here:



1. Producer: The Server which you want to Monitor running net-snmp

2. Proxy: Accessible to Both to Monitoring Server (MS) and to the Producer. Proxy machine will be in local network of MS.


3. MS: Monitoring Server


Prerequisites:


socat should be installed on

Scenario:

I want to monitor my Personal System from MS. I have setup Firewall to access my system. In that Only port 22 is open. You cannot access SNMP running on my personal system directly. So I have setup one Proxy Machine i.e. ABC which is accessible to MS and you can access my machine from ABC also.

Proxy Machine: ABC  10.0.0.1


On Proxy Machine:

ssh -f -N root@<PRODUCER IP> -L 6004:localhost:6004


Start TCP to UDP socat on Producer:

socat -d -d -d  -lffoo.log TCP4-LISTEN:6004,fork UDP4:localhost:161


Start UDP to TCP socat on Proxy:

socat -d -d -d -lffoo.log UDP4-LISTEN:161,fork TCP:localhost:6004


Test by running snmpwalk on Proxy Machine:

snmpwalk -v1 -c public localhost
Now use port 161 of Proxy machine to access SNMP data of Producer and start monitoring it.



Rate This Article: poorexcellent
 
Comments about this article

Comment title: * please do not put your response text here