--_000_4288A518A157EC4C8873FEE74F778BF011315A26WPSDGQFTOPRSTAT_
Content-Type: text/plain; charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable
On Feb 5, 2013, at 10:57 AM, Andreas Ericsson wrote:
Encryption is a must, ofcourse, as the packets will have to contain
passwords some of the time. There's a libssh2 available which we should
be able to use to set up preshared key authentication with security
that even NSA will approve of.
I like the idea of libssh2. SSH is simpler both in concept and
implementation than a PKI.
We could also go with unencrypted at first and just make sure it works
with stunnel or some such. It doesn't really matter, as organizations
large enough to require large-scale distributed setups will have
people who can handle encryption just fine.
In either case, we should definitely have a cleartext option too, for
debugging if nothing else.
I'd agree encryption is a must, well, for me anyway But it's always han=
dy to have a cleartext option available when things just aren't working rig=
ht and you need to trace and find out why.
So it almost seems like you could have a remote worker installed on each ho=
st, and just have it check that one host=85other than you'd have a ton of r=
emote workers, what would be the downside of doing that? Removes the need =
for nrpe or other options for remote checking=85
Dan
--_000_4288A518A157EC4C8873FEE74F778BF011315A26WPSDGQFTOPRSTAT_
Content-Type: text/html; charset="Windows-1252"
Content-ID:
Content-Transfer-Encoding: quoted-printable
On Feb 5, 2013, at 10:57 AM, Andreas Ericsson wrote:
Encryption is a must, ofcourse, as the packets wi=
ll have to contain
passwords some of the time. There's a libssh2 ava=
ilable which we should
be able to use to set up preshared key authentica=
tion with security
that even NSA will approve of.
I like the idea of libssh2. SSH is simpler both i=
n concept and
implementation than a PKI.
We could also go with unencrypted at first and just make sure it works
with stunnel or some such. It doesn't really matter, as organizations
large enough to require large-scale distributed setups will have
people who can handle encryption just fine.
In either case, we should definitely have a cleartext option too, for
debugging if nothing else.
I'd agree encryption is a must, well, for me anyway But it's =
always handy to have a cleartext option available when things just aren't w=
orking right and you need to trace and find out why.
So it almost seems like you could have a remote worker installed on ea=
ch host, and just have it check that one host=85other than you'd have a ton=
of remote workers, what would be the downside of doing that? Removes=
the need for nrpe or other options for
remote checking=85
Dan
--_000_4288A518A157EC4C8873FEE74F778BF011315A26WPSDGQFTOPRSTAT_--
This post was automatically imported from historical nagios-devel mailing list archives
Original poster: daniel.wittenberg.r0ko@statefarm.com