[Nagiosplug-help] secure remote checks

Jesse Callaway jesse at cyber-ny.com
Fri Aug 8 04:34:18 CEST 2008

Previous message: [Nagiosplug-help] secure remote checks
Next message: [Nagiosplug-help] secure remote checks
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi All,

I like the idea of using certs. I'm guessing we're talking SSL certs and 
not a liquor license. I got a reply offlist by Vinay Kumar whom I'd 
appreciate more input from. He says that NRPE plays with SSL.
I did lie ( cardinal sin when soliciting help ) when I said that only 
SSH is allowed. I am willing to live with SSL for security. I looked up 
the NRPE + SSL stuff and it looks like it uses some Diffie-Hellman SSL 
stuff. Without much rigamarole it gives instructions on how to create a 
C header file populated with "DH parameters", which I'm assuming is a 
private key. I'm still in the dark as to how the authentication would 
happen. Can anyone do a key-exchange with my remote host and start 
asking for uptime, and disk information?
I think I'm getting into core Nagios questions, but I'm not sure. What 
list is most appropriate for these questions???

I'm going to stop pursuing the check_by_ssh multi-plugin approach since 
it is more hackish. Would really love to hear input from anyone who has 
gone down the road of using NRPE and SSL.

(Can't wait to get this all working with PNP...)

-jesse

Marshall, Charles wrote:
> Thomas,
> Not sure about certificates, but would you do that? Or instead you can
> tell nrpe to only accept requests from certain Ips.
> Thanks,
> Charles
>
> -----Original Message-----
> From: nagiosplug-help-bounces at lists.sourceforge.net
> [mailto:nagiosplug-help-bounces at lists.sourceforge.net] On Behalf Of
> Thomas Guyot-Sionnest
> Sent: Thursday, August 07, 2008 8:13 PM
> To: nagiosplug-help at lists.sourceforge.net
> Subject: Re: [Nagiosplug-help] secure remote checks
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 07/08/08 06:04 PM, vinay kumar wrote:
>   
>> You can use nrpe with ssl.
>>     
>
> Slightly offtopic; I'm wondering how hard it would be to make nrpe allow
> certificate-based authentication?
>
>
> - --
> Thomas
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.6 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iD8DBQFIm52Q6dZ+Kt5BchYRAn8CAKDVbITITn3u7zlnmjeQi6Ba3wFlIgCfUvWz
> a/X9hqvANSoylz+HTnXavMc=
> =AyXT
> -----END PGP SIGNATURE-----
>
>

Previous message: [Nagiosplug-help] secure remote checks
Next message: [Nagiosplug-help] secure remote checks
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Help mailing list