Forum: Cfengine Help Subject: Re: Cf-agent holding open hundreds of network sockets open Author: berntjernberg Link to topic: https://cfengine.com/forum/read.php?3,20203,20220#msg-20220
Hi, Why not use a central server (not the policy hub) which contains a local user, chroot:ed via sshd_config, read-perms on the homedirectory removed (user can't list files), create a subdirectory for every client in the homedirectrory. Generate a ssh-keypair, put the public one on not-policy-central-server, only execute perms on ~/.ssh, authorized_keys owned by root with only group-read for chroot:ed user. Distribute the private key to all clients with a promise. Use sftp to upload the files you want from each client with another. Fetch all ~//files from not-policy-central-server to policy hub with cf-agent->cf-serverd. With this solution you only need to pull files from one server. Yes, I know, it isn't clean cfengine but it should work. _______________________________________________ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
