Help

Ports required by Casper

donmontalvo
Esteemed Contributor III

Posted on ‎10-18-2011 12:48 AM

I looked at the KB:

http://www.jamfsoftware.com/kb/article.php?id=034

Does anyone know which ports are used by the Casper agent run recon (send inventory info to the server)?

We have a group that are on a separate LAN, and we want to request the network group open the required ports. For those Macs, we are only running inventory and nothing else.

Thanks,
Don

--
https://donmontalvo.com
0 Kudos
9 REPLIES 9

ernstcs
Contributor III

Posted on ‎10-18-2011 12:51 AM

Should just be the web ports not? 9006 or 8443 for SSL?

Craig E

0 Kudos

tlarkin
Honored Contributor

Posted on ‎10-18-2011 12:53 AM

and port 22 for ssh authentication, but it depends on your quickadd/casper client configurations

0 Kudos

Walter
New Contributor II

Posted on ‎10-18-2011 12:57 AM

The Casper documentation is very clear on what ports are required.
--
Walter Rowe, System Hosting
Enterprise Systems / OISM
walter.rowe at nist.gov<mailto:walter.rowe at nist.gov>
301-975-2885

0 Kudos

donmontalvo
Esteemed Contributor III

Posted on ‎10-18-2011 12:58 AM

Thanks Craig, that's what I thought (since the QuickAdd has the https://xxxxx:8443 URL in the postflight script's first line).

Thomas, is SSH authentication required for the Casper agent to run inventory? Seems like it would only require 8443?

Don

--
https://donmontalvo.com
0 Kudos

tlarkin
Honored Contributor

Posted on ‎10-18-2011 01:09 PM

The JSS uses the ssh account to run the job, so it needs some sort of authentication otherwise it won't have permission to run. If the passwords mismatch for the Casper management account on the JSS and the client, then it should error out.

A quick test reveals to me that if you invoke recon from the client side it doesn't use ssh at all, but if you do it from the server side it does, since the JSS must authenticate to the client to execute policy.

I just changed the password on my test machine in the JSS and ran recon from the client side and it ran through just fine.

-Tom

0 Kudos

ernstcs
Contributor III

Posted on ‎10-18-2011 01:10 PM

No SSH is only for requests into the box from Remote typically. Outgoing Recon reports should be just web.

0 Kudos

jarednichols
Honored Contributor

Posted on ‎10-19-2011 05:18 AM

I concur with Craig. Port 22/SSH Authentication is only required for server-initiated comm. Anything based upon the client doing the "first move" (e.g. an every 15 to check for policies) doesn't require port 22.

j
---
Jared F. Nichols
Desktop Engineer, Client Services
Information Services Department
MIT Lincoln Laboratory
244 Wood Street
Lexington, Massachusetts 02420
781.981.5436

0 Kudos

tlarkin
Honored Contributor

Posted on ‎10-19-2011 07:37 AM

Yeah this is what my testing concluded. To be honest, I probably need to RTFM that part of the manual where ssh is used and needed.

-Tom

0 Kudos

Not applicable

Posted on ‎10-19-2011 08:04 AM

This is correct. All that needs to be open is the web port. I only have 8443 exposed and machines submit inventory reports on and off the network. I quickly learned that I needed to use network limitations for policies as machines will check in, see policies, but fail due to lack of AFP being exposed. I don't use HTTP on my distribution point. This affects all of the scripts, packages, etc. I got around it when I needed it by using Advanced > Run command in the policy.

-aaron

0 Kudos