- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Re: How to tunnel swagentd through ssh?
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО10-15-2008 04:48 AM
тАО10-15-2008 04:48 AM
How to tunnel swagentd through ssh?
I want to temporarily tunnel the swagentd port 2121 from my install server into our DMZ onto a single host.
I can't forward port 2121 since it is blocked by swagentd on the target machine and necessary for software installation.
So this is what I did:
1. setup the ssh tunnel
- ssh remote_host -R 2122:localhost:2121
- this creates a tunnel from remote_host:2121 to the ssh (admin) host's port 2121
2. configure /var/adm/sw/defaults
add the line: rpc_binding_info=ncacn_ip_tcp:[2122]
But I can't even get a simple swlist working.
The remote_host complains about missing permissions:
# swlist -l depot @ localhost
# Initializing...
ERROR: "localhost: ": You do not have permission for this operation.
The depot owner, system administrator, or alternate root owner
may need to use the "swreg" or "swacl" command to give you
permission. Or, to manage applications designed and packaged
for nonprivileged mode, see the "run_as_superuser" option in
the "sd" man page.
On the admin host I find in /var/adm/sw/swagentd.log the lines:
ERROR: Cannot authenticate local principal "root".
ERROR: Access denied to list socs on host. No user authenticated.
I'm not very familiar with swacl, I tried a view combinations without knowing exactly what I'm doing.
Anybody ran into this? Or any ideas how to setup the tunnel a different way?
Thanks,
Armin
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО10-15-2008 05:50 AM
тАО10-15-2008 05:50 AM
Re: How to tunnel swagentd through ssh?
By default the swacl permissions are wide open so unless you changed them or ran bastille they should be good to go for anyone to access(which BTW is a security issue).
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО10-15-2008 05:59 AM
тАО10-15-2008 05:59 AM
Re: How to tunnel swagentd through ssh?
Currently it looks like default:
# swacl -l host|grep -v ^#
any_other:-r--t
# swacl -l root|grep -v ^#
object_owner:crwit
any_other:-r---
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО10-15-2008 08:45 AM
тАО10-15-2008 08:45 AM
Re: How to tunnel swagentd through ssh?
Get things working without the tunnel first. Then at least it would not be the appilcation configuration that is wasting your time.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО10-15-2008 11:53 PM
тАО10-15-2008 11:53 PM
Re: How to tunnel swagentd through ssh?
Every time I try the swlist on the admin server the error line appears. This proves to me that it's working, otherwise the error message looks different e.g. connection refused.
For testing I changed the swagentd port on the server too and tried the swlist with the same options from an internal host. It's working fine.
So from my point of view the problem is represented by the first error line: Cannot authenticate local principal "root".
Anybody knows how root is authenticated here?
Do I need some more connections/ports to tunnel? E.g. some RPC ports?
Is there a (real) description of the swagentd funtion? The man-page and the online documentation are not really helpfull in this case.
Armin
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО10-16-2008 12:11 AM
тАО10-16-2008 12:11 AM
Re: How to tunnel swagentd through ssh?
The results and error messages are the same.
So the questions stay the same: How is root authenticated? Can this be faked? Maybe by tunneling other ports?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО10-16-2008 05:14 AM
тАО10-16-2008 05:14 AM
Re: How to tunnel swagentd through ssh?
Otherwise you may just be the only one doing this and have to blaze your own trail. But please post your findings, it may help someone in the future.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-13-2009 09:15 AM
тАО01-13-2009 09:15 AM
Re: How to tunnel swagentd through ssh?
I'll try to get the mentioned ports through the firewall.