I am trying to monitor multiple JVMs running on different servers through an ssh tunnel.
Thanks to one of the UNIX gurus here, I have managed to get this running for a single server by:
- Run
jstatd
on the target server - Set up Visual VM to use 9696 as its socks proxy port.
-
On my local PC, run:
ssh -L 2222:server1:22 bastion-host
-
On my local PC, run:
ssh -o port=2222 -D 9696 -L 1099:localhost:1099 localhost
This does the trick. Now when I try and tunnel to a second server I try:
-
On my local PC, run:
ssh -L 3333:server2:22 bastion-host
-
On my local PC, run:
ssh -o port=3333 -D 9696 -L 2099:localhost:1099 localhost
However, the last step complains with:
bind: Address already in use
channel_setup_fwd_listener: cannot listen to port: 9696
Has anyone managed to do something similar?
Update:
The reason this is so complex is that jstatd is an RMI server application:
http://download.oracle.com/javase/1.5.0/docs/tooldocs/share/jstatd.html
As with RMI applications, these register with an rmiregistry. Using rmi through a firewall requires me to use SOCKS as described here:
http://download.oracle.com/javase/1.4.2/docs/guide/rmi/faq.html#firewallOut
Unfortunately, visualvm only lets me set the SOCKS proxy port once, and the -D option won't allow me to forward the same local port to both servers…
Best Answer
Am I right in thinking you've got your computer (computer A), and say two servers (A and B) which you can't connect to directly on a certain port and so want to tunnel to them over SSH?
If so, you create two tunnels from your machine (one to each target server) on different local ports using -L not -D, and then in your monitoring tool you connect to your local machine (no proxy settings) as if it was the remote server you want to check.
Then using your local monitor you connect to localhost:9000 and localhost:9001 and those tunnels connect you to your target jstatd's.
If there's an intermediate server, then a two hop tunnel,
Hmm, if bastion-host can talk to all the JVM's, then
Is enough to create a socks proxy you can then just use over port 9000.