[Nagiosplug-help] secure remote checks

[Thomas Guyot-Sionnest]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 07/08/08 10:34 PM, Jesse Callaway wrote:
> Hi All,
> 
> I like the idea of using certs. I'm guessing we're talking SSL certs and
> not a liquor license. I got a reply offlist by Vinay Kumar whom I'd
> appreciate more input from. He says that NRPE plays with SSL.
> I did lie ( cardinal sin when soliciting help ) when I said that only
> SSH is allowed. I am willing to live with SSL for security. I looked up
> the NRPE + SSL stuff and it looks like it uses some Diffie-Hellman SSL
> stuff. Without much rigamarole it gives instructions on how to create a
> C header file populated with "DH parameters", which I'm assuming is a
> private key. I'm still in the dark as to how the authentication would
> happen. Can anyone do a key-exchange with my remote host and start
> asking for uptime, and disk information?
> I think I'm getting into core Nagios questions, but I'm not sure. What
> list is most appropriate for these questions???

SSL in nrpe works pretty much like when you connect to an ssl-enabled
web site, minus the DN check. It's not authentication, just ancryption.

The only "authentication" mechanism available in NRPE so far is IP-based
authentication.

- --
Thomas
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFIm8bj6dZ+Kt5BchYRAj0UAJ0W3MQGqX3U3oR7QAbSe8T+Kw1EfQCgij7K
OokG65JmKUfmZWBcvXxyhm4=
=vRyS
-----END PGP SIGNATURE-----