Ports required by Casper

donmontalvo
Esteemed Contributor III

I looked at the KB:

http://www.jamfsoftware.com/kb/article.php?id=034

Does anyone know which ports are used by the Casper agent run recon (send inventory info to the server)?

We have a group that are on a separate LAN, and we want to request the network group open the required ports. For those Macs, we are only running inventory and nothing else.

Thanks,
Don

--
https://donmontalvo.com
9 REPLIES 9

ernstcs
Contributor III

Should just be the web ports not? 9006 or 8443 for SSL?

Craig E

tlarkin
Honored Contributor

and port 22 for ssh authentication, but it depends on your quickadd/casper client configurations

Walter
New Contributor II

The Casper documentation is very clear on what ports are required.
--
Walter Rowe, System Hosting
Enterprise Systems / OISM
walter.rowe at nist.gov<mailto:walter.rowe at nist.gov>
301-975-2885

donmontalvo
Esteemed Contributor III

Thanks Craig, that's what I thought (since the QuickAdd has the https://xxxxx:8443 URL in the postflight script's first line).

Thomas, is SSH authentication required for the Casper agent to run inventory? Seems like it would only require 8443?

Don

--
https://donmontalvo.com

tlarkin
Honored Contributor

The JSS uses the ssh account to run the job, so it needs some sort of authentication otherwise it won't have permission to run. If the passwords mismatch for the Casper management account on the JSS and the client, then it should error out.

A quick test reveals to me that if you invoke recon from the client side it doesn't use ssh at all, but if you do it from the server side it does, since the JSS must authenticate to the client to execute policy.

I just changed the password on my test machine in the JSS and ran recon from the client side and it ran through just fine.

-Tom

ernstcs
Contributor III

No SSH is only for requests into the box from Remote typically. Outgoing Recon reports should be just web.

jarednichols
Honored Contributor

I concur with Craig. Port 22/SSH Authentication is only required for server-initiated comm. Anything based upon the client doing the "first move" (e.g. an every 15 to check for policies) doesn't require port 22.

j
---
Jared F. Nichols
Desktop Engineer, Client Services
Information Services Department
MIT Lincoln Laboratory
244 Wood Street
Lexington, Massachusetts 02420
781.981.5436

tlarkin
Honored Contributor

Yeah this is what my testing concluded. To be honest, I probably need to RTFM that part of the manual where ssh is used and needed.

-Tom

Not applicable

This is correct. All that needs to be open is the web port. I only have 8443 exposed and machines submit inventory reports on and off the network. I quickly learned that I needed to use network limitations for policies as machines will check in, see policies, but fail due to lack of AFP being exposed. I don't use HTTP on my distribution point. This affects all of the scripts, packages, etc. I got around it when I needed it by using Advanced > Run command in the policy.

-aaron