check_by_ssh

[Scott Moynes]

* Paul L. Allen (pla at softflare.com) wrote:
> My PBH wanted the monitoring software on a machine at his
> home/office.  Which is on the end of a cable modem.  Which means the
> IP can and does change.  One of the reasons I switched from nrpe to
> check_by_ssh was that the only security on nrpe comes from
> tcpwrappers, and that's not feasible when the monitoring host's IP
> can change.

While it may not be useful for you, Paul, I thought my solution to a similarly
silly requirement from The Powers That Be might be helpful to other
list readers.

I used nrpe through stunnel's inetd mode SSL certificates to provide
strong authentication. A similar solution to check_by_ssh and ssh
keypairs but with the niceties of not having a user account on the
monitored host and integrating with our certificate authority. For
some reason, which is now lost to me, I couldn't use certificates with
nrpe's SSL support.

Hope that is helpful,
-- 
Scott Moynes
"Computer science is as much about computers
as astronomy is about telescopes." -- Dijkstra


-------------------------------------------------------
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null