Scroll to navigation

SC_REMOTED(1) General Commands Manual SC_REMOTED(1)

NAME

sc_remoted
interact with a collection of remotely controlled scamper instances

SYNOPSIS

sc_remoted [-?46D] [-O options] [-P port] [-U directory] [-c tls-certificate] [-p tls-privatekey]

DESCRIPTION

The sc_remoted utility provides the ability to connect to a scamper(1) instance running remotely and interact with it by issuing commands and receiving results in warts format. The options are as follows:
-?
prints a list of command line options and a synopsis of each.
causes sc_remoted to operate as a daemon.
causes sc_remoted to only listen for IPv4-based connections.
causes sc_remoted to only listen for IPv6-based connections.
options
allows the behavior of sc_remoted to be further tailored. The current choices for this option are:
  • allowgroup: allow members of the unix domain socket's group to access to the unix domain sockets created by sc_remoted
  • allowother: allow anyone on the system access to the unix domain sockets created by sc_remoted
  • select: use select(2) with all sockets, rather than epoll(2) or kqueue(2)
  • tka: use TCP keepalives with all remote scamper processes, sent every 2 minutes.
port
specifies the port on the local host where sc_remoted should listen for incoming connections.
directory
specifies the directory on the local host where unix domain sockets corresponding to remote hosts should be placed.
tls-certificate
specifies the server certificate file in PEM format to advertise to remote scamper instances.
tls-privatekey
specifies the private key file in PEM format that corresponds to the certificate file. This key should have a passphrase. sc_remoted will prompt for the passphrase when starting up.

EXAMPLES

The intended use of scamper's remote control socket is as follows. A central server with IP addresses 192.0.2.1 and 2001:db8::1 runs a sc_remoted process listening on a port for remote scamper process, placing control sockets in a specified directory:

sc_remoted -P 31337 -U scamper-remote-sockets

Then, a remote host with IP address 198.51.100.55 runs scamper and connects to the remote controller:

scamper -R 192.0.2.1:31337

The sc_remoted process places a unix domain socket in the directory corresponding to the remote process. The name corresponds to the source IP address and port the remote scamper process connected to controller with. If the scamper process used source port 1025, then the unix domain socket's name will be

scamper-remote-sockets/198.51.100.55:1025

If a second remote host with IP address 2001:db8:1234::1 runs scamper and connects to the remote controller:

scamper -R [2001:db8::1]:31337

The same sc_remoted process will place another unix domain socket in the directory corresponding to the remote process. If the scamper process used source port 1026, then the unix domain socket's name will be

scamper-remote-sockets/2001:db8:1234::1.1026

USING TRANSPORT LAYER SECURITY

sc_remoted and scamper support the use of transport layer security (TLS) using OpenSSL to authenticate and encrypt communications between sc_remoted and scamper. To use this support requires a public certificate signed by a certificate authority or signed by the certificate authority built into scamper. Scamper will verify the certificate presented by sc_remoted and disconnect if the certificate presented by sc_remoted cannot be validated.

Generating a certificate that will be accepted by scamper requires you to create a certificate request and pass it for signing either to a certificate authority or to scamper's author, whose details are found in the authors section of this page. To generate a private key in file remotepriv.pem, and a request to sign the key in remotereq.pem:

openssl req -new -keyout remotepriv.pem -out remotereq.pem

and then send the remotereq.pem file to the certificate authority for signing. Do not send remotepriv.pem; that key must remain private to you. When openssl prompts for a passphrase, choose a passphrase that is unique and keep the passphrase secret. When your chosen certificate authority signs your private key, it will return a file which we will call remotecert.pem. Both remotecert.pem and remotepriv.pem are required parameters to sc_remoted to enable TLS support:

sc_remoted -P 31337 -U scamper-remote-sockets -c remotecert.pem -p remotepriv.pem

and then passing the -O tls option to scamper:

scamper -R example.com:31337 -O tls

SEE ALSO

scamper(1), sc_attach(1), sc_wartsdump(1), warts(5), openssl(1)

AUTHORS

sc_remoted was written by Matthew Luckie <mjl@luckie.org.nz>.
September 21, 2014 Linux 4.9.0-9-amd64