Let me begin by stating that I am still a Ruby novice, although I’ve
some simple appls (sudoku, TCP and UDP servers and other mundane appls)
the input of the team.
I worked with AIX and I support more than a hundred servers in a complex
Although some vendors have packages to perform “distributed” remote
it is not allowed in my environment.
At first tried to design my own poor-man distributed package using what
allowed, ssh (port 22).
But this did not provide the flexibility to manage all the servers from
So, I went ahead and designed in Ruby a TCP Client/Server that works as
On every server I have a server listening on a predefined port.
The server gets started from the cron and every 10 minutes the cron
to ensure that the server is running.
Lets say the client wants to execute a remote command like creating a
on all servers or just checking paging or memory consumption, etc.
It sends a request to the server and the server executes the command and
returns the output to the client.
So the client can:
shc -s hostname cmd
shc -p full_path_of_a_file_with_list_of_servers
hsc -a cmd (This version uses a file /etc/servers with the list of all
I also have another client named shp with the same flags as above and
uses the same TCP server and which is listening on the same port.
The shp program is used to push files to one or multiple or all servers.
All the UNIX admin actually love the application. BTW, the shc shp are
executable by root.
However, although we are behind multiple firewalls (at least 6) a
tool detected the listener (TCP Server) and marked it as a security risk
a particular server.
I was asked and of course I complied, to shutdown the server on that
I was also asked to redesign the tool adding a bit more security and
would allow it. They suggested “handshaking” between client and server,
initial comm or perhaps all comm should be encrypted. I was asked if
So here is where I am looking for some recommendations.
Reading a new book I just acquired I came across a package called
was wondering if this will be suitable for what I need.
Also, what type of encryption should I use?
They were talking something like:
Client sends connection request
Server replies with client’s hostname and time
Client sends back the time received from server together with the
which the client wants to execute at the remote server.
Server executes command if it is “happy” with the reply from the client.
Of course all communication must be ciphered.
Any suggestions will be greatly appreciated.