nrpe questions
Matthew.Quinney at hollandandholland.com
Matthew.Quinney at hollandandholland.com
Tue Apr 1 14:31:48 CEST 2003
Karl et al,
Thanks for your mails. In the end like you suggested I have implemented
checks_by_ssh using null passphrases and all is working well.
Many thanks
Matthew
____________________________________________
Karl DeBisschop <karl at debisschop.net>
Sent by: nagios-users-admin at lists.sourceforge.net
01/04/2003 03:45
To
"Carroll, Jim P ""[Contractor]" <jcarro10 at sprintspectrum.com>
cc
Nagios Users <nagios-users at lists.sourceforge.net>
Subject
RE: [Nagios-users] nrpe questions
On Mon, 2003-03-31 at 12:48, Carroll, Jim P [Contractor] wrote:
> If it's an option, why not set up a null passphrase for ssh for nagios
> itself? That way, you don't need to pass the passphrase to
> check_by_ssh.
>
> jc
>
> -----Original Message-----
> From: Matthew.Quinney at hollandandholland.com
> [mailto:Matthew.Quinney at hollandandholland.com]
> Sent: Monday, March 31, 2003 4:35 AM
> To: Nagios-Users
> Subject: Re: [Nagios-users] nrpe questions
>
>
> Dear All,
>
> Does anybody know if the check_by_ssh command can be
> configured to use a passphrase ? I have found some old links
> on the web but unfortunately they do not work.
FWIW, when I wrote it I made no provision to pass any such thing on the
command line. You cannot depend on any such construct being secure from
an ordinary user.
You can, however, ensure that your filesystem permissions do keep an
ordinary user fron viewing the private key owned by the nagios user.
Thus, the intended mode of operation is to use secured, passpharseless
keys.
Short of using 'expect' or a similar mechanism, I do not know of a way
to securely provide a passphrase to check_by_ssh. I consider expect in
this case to provide a minimal increment of security (in that it still
all comes down to how well you protect your files from intruders) but a
major increase in administrative work. Thus I have not made any
provisions to support it.
If you do know of portable and secure way to pass in a pasphrase, I
would be willing to consider it. But failing that, the answer is no,
there are no provisions for providing a passphrase, and any way that you
find to do so would be accidental.
--
Karl
-------------------------------------------------------
This SF.net email is sponsored by: ValueWeb:
Dedicated Hosting for just $79/mo with 500 GB of bandwidth!
No other company gives more support or power for your dedicated server
http://click.atdmt.com/AFF/go/sdnxxaff00300020aff/direct/01/
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when
reporting any issue.
::: Messages without supporting info will risk being sent to /dev/null
_____________________________________________________________________
This e-mail has been scanned for viruses by the uuNet Internet Managed
Scanning Service - powered by MessageLabs.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.monitoring-lists.org/archive/users/attachments/20030401/950b05d1/attachment.html>
More information about the Users
mailing list