[Bro] configure sshd port for bro nodes in cluster mode
OpenShift Ninja
openshift.ninja at gmail.com
Mon Jul 2 08:47:29 PDT 2018
Also, I understand how to make sshd use a different port. What I'm asking
is how to make the bro manager connect to the nodes over that different
port.
On Mon, Jul 2, 2018 at 11:46 AM OpenShift Ninja <openshift.ninja at gmail.com>
wrote:
> I understand, but I'm trying to run in cluster mode, which means there is
> a manager that is talking to the nodes over ssh. I could run it in
> non-cluster mode and just have the bro instances analyzing traffic going
> through the local interface, but we thought going the cluster route would
> be better.
>
> On Mon, Jul 2, 2018 at 11:25 AM Azoff, Justin S <jazoff at illinois.edu>
> wrote:
>
>>
>> > On Jul 2, 2018, at 11:03 AM, OpenShift Ninja <openshift.ninja at gmail.com>
>> wrote:
>> >
>> > So I realized a couple of things when I got into work today:
>> >
>> > 1) I can't remap the port that my sshd is listening on because I'm
>> using host networking - Docker discards the port mapping in host networking
>> mode.
>> > 2) My issue isn't the port that bro is listening on but rather the port
>> the manager uses to ssh into the other nodes to run the bro commands to run
>> the workers - you specify the hostnames in the node.cfg, but there doesn't
>> appear to be a way to specify that I need it to ssh on port 2022 instead of
>> the normal 22. This is only a problem because the hosts I'm running this on
>> are already running an sshd that listens on 22. I might be able to get the
>> port changed for that, but it seems easier to just get bro to connect on a
>> different port. I can't use the built-in sshd because I want to run the
>> workers, logger, etc in containers.
>> >
>> > Obviously I have the source for bro, so I can go and modify it myself,
>> but before I go down that rabbit hole, I want to make sure there isn't a
>> way to do it already.
>>
>> echo "Port 2022" > ~/.ssh/config
>>
>> Though I must say, if you are trying to get bro running on openshift or
>> k8s by running broctl, you are doing it wrong. You don't
>> need to run sshd so broctl can run bro in containers, you just need to
>> run bro in the containers.
>>
>> —
>> Justin Azoff
>>
>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20180702/d357a067/attachment-0001.html
More information about the Bro
mailing list