compiling nsca-2.1 under Solaris8

Fred Im fim32 at yahoo.com
Fri Aug 16 21:51:28 CEST 2002

Previous message: compiling nsca-2.1 under Solaris8
Next message: compiling nsca-2.1 under Solaris8
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

yeah, ssh can eat quite a bit of cpu...

fred
--- "Jolet, John" <John.Jolet at misyshealthcare.com> wrote:
> true, i usually go with the no passphrase, but as an untrusted user.  I find
> the overhead of ssh prohibitive, and go with npre, myself.
> 
> -----Original Message-----
> From: Fred Im [mailto:fim32 at yahoo.com]
> Sent: Friday, August 16, 2002 2:46 PM
> To: Jolet, John
> Cc: nagios-users-request at lists.sourceforge.net
> Subject: RE: RE: [Nagios-users] compiling nsca-2.1 under Solaris8
> 
> 
> while technically this is true, there needs to be some kind of
> authentication
> that takes place.
> 
> your choices, with ssh are:
>   1) by password, 
>   2) public-key (with passphrase), 
>   3) public-key (no passphrase).
> 
> which means:
>   1) your password needs to be stored on the server
>   2) your passphrase needs to be stored on the server
>   3) logging into your server potentially means that they can then proceed
> to
> log in to any of your monitored hosts.
> 
> so, yes you COULD not require a password/passphrase for ssh, but it is
> pretty
> dependent on your comfort level with your system and it's users.  everyone
> likes to use public-keys with no passphrases (i admit, there are places
> where
> i'm guilty of that as well), but i still try to tell people... if your
> private
> key is on a shared system, you really should set a passphrase...
> 
> fred
> --- "Jolet, John" <John.Jolet at misyshealthcare.com> wrote:
> > no, ssh does NOT require the password....public/private key logins.
> > 
> > -----Original Message-----
> > From: Fred Im [mailto:fim32 at yahoo.com]
> > Sent: Friday, August 16, 2002 2:35 PM
> > To: nagios-users at lists.sourceforge.net
> > Subject: RE: RE: [Nagios-users] compiling nsca-2.1 under Solaris8
> > 
> > 
> > certainly that is an option.  and it actually works out pretty well (the
> > previous monitoring system we were using did a similar kind of thing using
> > ssh.
> > 
> > cons:
> > 1) scalability, when nagios (or any other monitoring server) has to open
> an
> > ssh
> > session any time it wants to get data, it uses a pretty good amount of cpu
> > time...
> > 
> > 2) security, seems funny, i know.  to use any scripted ssh daemon, you
> > either
> > have to put the passphrase somewhere or the password.  neither is a
> > favorable
> > way to go.  and the user you're logging in as on the remote host has to
> have
> > login access, something you don't need for the nrpe daemon.  
> > 
> > simply put, using ssh, you have encrypted the traffic, but the user can
> run
> > anything.  with nrpe, someone may see some odd traffic to the effect of
> > "Test
> > OK [5% of 6MB]", but they can only run what you've let them run in the
> > nrpe.cfg
> > file.
> > 
> > fred
> > 
> > >Fred Im wrote:
> > >> ok... i'll describe how i set up each of the pieces here 
> > >> (yes, i use both) to
> > >> give some basis to how it looks to me...
> > >
> > >[snip]
> > >
> > >Alright, I can see that.
> > >
> > >Now here's a curve ball:  Why not just use check_by_ssh instead of NRPE?
> > 
> > 
> > __________________________________________________
> > Do You Yahoo!?
> > HotJobs - Search Thousands of New Jobs
> > http://www.hotjobs.com
> > 
> > 
> > -------------------------------------------------------
> > This sf.net email is sponsored by: OSDN - Tired of that same old
> > cell phone?  Get a new here for FREE!
> > https://www.inphonic.com/r.asp?r=sourceforge1&refcode1=vs3390
> > _______________________________________________
> > Nagios-users mailing list
> > Nagios-users at lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/nagios-users
> 
> 
> __________________________________________________
> Do You Yahoo!?
> HotJobs - Search Thousands of New Jobs
> http://www.hotjobs.com


__________________________________________________
Do You Yahoo!?
HotJobs - Search Thousands of New Jobs
http://www.hotjobs.com


-------------------------------------------------------
This sf.net email is sponsored by: OSDN - Tired of that same old
cell phone?  Get a new here for FREE!
https://www.inphonic.com/r.asp?r=sourceforge1&refcode1=vs3390

Previous message: compiling nsca-2.1 under Solaris8
Next message: compiling nsca-2.1 under Solaris8
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Users mailing list