[prev in list] [next in list] [prev in thread] [next in thread] 

List:       spacewalk-list
Subject:    Re: [Spacewalk-list] Questions regarding Spacewalk ports
From:       "Duncan Mac-Vicar P." <dmacvicar () suse ! de>
Date:       2014-07-30 12:12:04
Message-ID: 53D8E114.4030100 () suse ! de
[Download RAW message or body]

[Attachment #2 (multipart/alternative)]


On 30/07/14 13:34, Sam Caise wrote:
> Hi everyone,
>
> My company have recently been looking at using Spacewalk for
> package/configuration management for our client systems.
>
> Our clients are very uptight about security, and as this is the case
> inbound/outbound ports are severely restricted. We currently use
> outbound SSH tunnels to our Gateway to connect to their systems and
> provide support.
>
> We would like to fully implement Spacewalk, however to do this we need
> to change the ports of the Spacewalk host server (mainly so we don't
> route 80/443 through our SSH tunnels).
>
I am not sure if it is possible to change the ports, may be someone else
can comment.

If you have restrictions on the managed client accessing the server,
SUSE Manager (commercial, Spacewalk based) allows to set individual
clients to be set as "SSH push"
where it will be the server who will connect to the client every X
interval, setup a tunnel so that the client can get the actions and
packages, and then disconnect.
Then you only need the server to be able to reach the client on port 22
and not vice versa.

Unfortunately this feature was not accepted upstream:
http://www.redhat.com/archives/spacewalk-devel/2013-March/msg00015.html

Cheers,

-- 
Duncan Mac-Vicar P. - http://www.suse.com/

SUSE LINUX Products GmbH, GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer, HRB 16746 (AG Nürnberg) 
Maxfeldstraße 5, 90409 Nürnberg, Germany


[Attachment #5 (text/html)]

<html>
  <head>
    <meta content="text/html; charset=ISO-8859-1"
      http-equiv="Content-Type">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    <div class="moz-cite-prefix">On 30/07/14 13:34, Sam Caise wrote:<br>
    </div>
    <blockquote
cite="mid:CAPDtpBoOfDOPQey8o2vxx1_4BrReVXepuznJ-EZaYMppSJ4a1A@mail.gmail.com"
      type="cite">
      <div dir="ltr"><span
          style="font-family:arial,sans-serif;font-size:11px">Hi
          everyone,</span>
        <div style="font-family:arial,sans-serif;font-size:11px"><br>
        </div>
        <div style="font-family:arial,sans-serif;font-size:11px">My
          company have recently been looking at using Spacewalk for
          package/configuration management for our client systems.</div>
        <div style="font-family:arial,sans-serif;font-size:11px"><br>
        </div>
        <div style="font-family:arial,sans-serif;font-size:11px">Our
          clients are very uptight about security, and as this is the
          case inbound/outbound ports are severely restricted. We
          currently use outbound SSH tunnels to our Gateway to connect
          to their systems and provide support.</div>
        <div style="font-family:arial,sans-serif;font-size:11px"><br>
        </div>
        <div style="font-family:arial,sans-serif;font-size:11px">We
          would like to fully implement Spacewalk, however to do this we
          need to change the ports of the Spacewalk host server (mainly
          so we don't route 80/443 through our SSH tunnels).</div>
        <div style="font-family:arial,sans-serif;font-size:11px"><br>
        </div>
      </div>
    </blockquote>
    I am not sure if it is possible to change the ports, may be someone
    else can comment.<br>
    <br>
    If you have restrictions on the managed client accessing the server,
    SUSE Manager (commercial, Spacewalk based) allows to set individual
    clients to be set as "SSH push"<br>
    where it will be the server who will connect to the client every X
    interval, setup a tunnel so that the client can get the actions and
    packages, and then disconnect.<br>
    Then you only need the server to be able to reach the client on port
    22 and not vice versa.<br>
    <br>
    Unfortunately this feature was not accepted upstream:
    <a class="moz-txt-link-freetext" \
href="http://www.redhat.com/archives/spacewalk-devel/2013-March/msg00015.html">http://www.redhat.com/archives/spacewalk-devel/2013-March/msg00015.html</a><br>
  <br>
    Cheers,<br>
    <pre class="moz-signature" cols="72">-- 
Duncan Mac-Vicar P. - <a class="moz-txt-link-freetext" \
href="http://www.suse.com/">http://www.suse.com/</a>

SUSE LINUX Products GmbH, GF: Jeff Hawn, Jennifer Guild, Felix Imend&ouml;rffer, HRB \
16746 (AG N&uuml;rnberg)  Maxfeldstra&szlig;e 5, 90409 N&uuml;rnberg, Germany

</pre>
  </body>
</html>



_______________________________________________
Spacewalk-list mailing list
Spacewalk-list@redhat.com
https://www.redhat.com/mailman/listinfo/spacewalk-list

[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic