[prev in list] [next in list] [prev in thread] [next in thread]
List: spacewalk-list
Subject: Re: [Spacewalk-list] Questions regarding Spacewalk ports
From: "Duncan Mac-Vicar P." <dmacvicar () suse ! de>
Date: 2014-07-30 12:12:04
Message-ID: 53D8E114.4030100 () suse ! de
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
On 30/07/14 13:34, Sam Caise wrote:
> Hi everyone,
>
> My company have recently been looking at using Spacewalk for
> package/configuration management for our client systems.
>
> Our clients are very uptight about security, and as this is the case
> inbound/outbound ports are severely restricted. We currently use
> outbound SSH tunnels to our Gateway to connect to their systems and
> provide support.
>
> We would like to fully implement Spacewalk, however to do this we need
> to change the ports of the Spacewalk host server (mainly so we don't
> route 80/443 through our SSH tunnels).
>
I am not sure if it is possible to change the ports, may be someone else
can comment.
If you have restrictions on the managed client accessing the server,
SUSE Manager (commercial, Spacewalk based) allows to set individual
clients to be set as "SSH push"
where it will be the server who will connect to the client every X
interval, setup a tunnel so that the client can get the actions and
packages, and then disconnect.
Then you only need the server to be able to reach the client on port 22
and not vice versa.
Unfortunately this feature was not accepted upstream:
http://www.redhat.com/archives/spacewalk-devel/2013-March/msg00015.html
Cheers,
--
Duncan Mac-Vicar P. - http://www.suse.com/
SUSE LINUX Products GmbH, GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer, HRB 16746 (AG Nürnberg)
Maxfeldstraße 5, 90409 Nürnberg, Germany
[Attachment #5 (text/html)]
<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">On 30/07/14 13:34, Sam Caise wrote:<br>
</div>
<blockquote
cite="mid:CAPDtpBoOfDOPQey8o2vxx1_4BrReVXepuznJ-EZaYMppSJ4a1A@mail.gmail.com"
type="cite">
<div dir="ltr"><span
style="font-family:arial,sans-serif;font-size:11px">Hi
everyone,</span>
<div style="font-family:arial,sans-serif;font-size:11px"><br>
</div>
<div style="font-family:arial,sans-serif;font-size:11px">My
company have recently been looking at using Spacewalk for
package/configuration management for our client systems.</div>
<div style="font-family:arial,sans-serif;font-size:11px"><br>
</div>
<div style="font-family:arial,sans-serif;font-size:11px">Our
clients are very uptight about security, and as this is the
case inbound/outbound ports are severely restricted. We
currently use outbound SSH tunnels to our Gateway to connect
to their systems and provide support.</div>
<div style="font-family:arial,sans-serif;font-size:11px"><br>
</div>
<div style="font-family:arial,sans-serif;font-size:11px">We
would like to fully implement Spacewalk, however to do this we
need to change the ports of the Spacewalk host server (mainly
so we don't route 80/443 through our SSH tunnels).</div>
<div style="font-family:arial,sans-serif;font-size:11px"><br>
</div>
</div>
</blockquote>
I am not sure if it is possible to change the ports, may be someone
else can comment.<br>
<br>
If you have restrictions on the managed client accessing the server,
SUSE Manager (commercial, Spacewalk based) allows to set individual
clients to be set as "SSH push"<br>
where it will be the server who will connect to the client every X
interval, setup a tunnel so that the client can get the actions and
packages, and then disconnect.<br>
Then you only need the server to be able to reach the client on port
22 and not vice versa.<br>
<br>
Unfortunately this feature was not accepted upstream:
<a class="moz-txt-link-freetext" \
href="http://www.redhat.com/archives/spacewalk-devel/2013-March/msg00015.html">http://www.redhat.com/archives/spacewalk-devel/2013-March/msg00015.html</a><br>
<br>
Cheers,<br>
<pre class="moz-signature" cols="72">--
Duncan Mac-Vicar P. - <a class="moz-txt-link-freetext" \
href="http://www.suse.com/">http://www.suse.com/</a>
SUSE LINUX Products GmbH, GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer, HRB \
16746 (AG Nürnberg) Maxfeldstraße 5, 90409 Nürnberg, Germany
</pre>
</body>
</html>
_______________________________________________
Spacewalk-list mailing list
Spacewalk-list@redhat.com
https://www.redhat.com/mailman/listinfo/spacewalk-list
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic