executing plugins remotely via SSH

[Tomasz Chmielewski]

Tedman Eng wrote:
> Nice script, but one disadvantage is that it's terribly insecure.

Yep, that's why I wrote - "use it on trusted machines" :)


> All our remote hosts' ssh keys are locked down to allow execution of
> restricted commands only.  That way, if our Nagios server is somehow
> compromised, we don't need to worry about every remote host being at risk as
> well.  The worst thing an attacker could do is DOS the remote machines with
> a flood of monitoring queries.

Well, for me it's more likely that remote hosts are compromised 
(although not very probable, as nagios server nor remote hosts don't 
even have public IPs).


> That said, you could also just pipe the script contents directly over the
> ssh connection into bash and skip creation of the temp script altogether.

You can pipe the script, but for binaries (most nagios plugins), you 
can't do it.


-- 
Tomasz Chmielewski
http://wpkg.org

-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null