I’ve got a proxmox machine which I’d like to monitor with a checkmk installation which is outside of this network. Checkmk uses ssh to access the proxmox machine. The proxmox web interface over port 8006 is not accessible from outside. But as it seems the proxmox special agent would need access to it? Is there any posibility to use the proxmox special agent without providing access to 8006 to the outside world? Somehow over ssh tunnels? Something else?
Can I teach check-mk to open a tunnel when doing the normal agent check, and to use the tunnel with the special agent, or will the ssh connection for the normal agent already be closed by then? Or would I need a static ssh-tunnel (or openVpn/Wireguard connection)?
If i assume the proxmox server is a.example.com then, as far as I understood, the special agent would try to connect to a.example.com. How can I convince it to connect to localhost to use the ssh-tunnel?
I was afraid that would be the answer ;-).
As far as I understand it, I can’t let the normal agent connect to a.example.com and the proxmox agent to localhost. Both use the same domain name, right?
So I would need two static tunnels and both connecting at localhost, so it would be something like:
localhost:2222 => a.example.com:22 (ssh) (normal agent)
localhost:8006 => a-example-com:8006 (proxmox agent)
I’ve only got one Proxmox Server standing around, so I can handle that. But that seems overly complicated for companies which monitor a lot.
This topic was automatically closed 365 days after the last reply. New replies are no longer allowed. Contact an admin if you think this should be re-opened.