NRPE Client worthwhile?

Scott Zawalski scott.zawalski at web.de
Fri Aug 22 08:41:13 CEST 2003


I have been playing with the question of if the NRPE is worth while. I 
still cannot make a case against it, but i'm leaning towards the answer 
of no and any imput would be appreciated.

NRPE not only opens another port on your systems, but also requires you 
to install a daemon that has to be configured on every host you install it.

SSH on the other hand only requires that you have the requested plugins 
on that machine and a passphraseless key. This does however grant people 
access to every machine if your "nagios.key" is compromised, but in many 
enviroments every system's credentials is run with nis or ldap so if you 
crack someone's password the same applies.

SSH is encrypted natively and NRPE can be compiled with SSL so they are 
the same from that point of view. The fact that you do not have to 
configure a seperate config file for ssh like you do for nrpe is a big 
plus IMHO. I know you can make a standard nrpe.cfg and put args in it, 
but something just doesn't make me to happy when the config says HUGE 
SECURITY RISK if I enable the option.


It is kind of back and forth any suggestions as to why NRPE could be 
superior in remote checking please let me know if I am missing out on a 
cool feature when nrpe is deployed!


Thank you,
Scott



-------------------------------------------------------
This SF.net email is sponsored by: VM Ware
With VMware you can run multiple operating systems on a single machine.
WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines
at the same time. Free trial click here:http://www.vmware.com/wl/offer/358/0
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null





More information about the Users mailing list