nrpe questions

Karl DeBisschop karl at debisschop.net
Tue Apr 1 04:45:09 CEST 2003

Previous message: APAN problems
Next message: nrpe questions
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, 2003-03-31 at 12:48, Carroll, Jim P [Contractor] wrote:
> If it's an option, why not set up a null passphrase for ssh for nagios
> itself?  That way, you don't need to pass the passphrase to
> check_by_ssh.
>  
> jc
>  
>         -----Original Message-----
>         From: Matthew.Quinney at hollandandholland.com
>         [mailto:Matthew.Quinney at hollandandholland.com]
>         Sent: Monday, March 31, 2003 4:35 AM
>         To: Nagios-Users
>         Subject: Re: [Nagios-users] nrpe questions
>         
>         
>         Dear All,
>         
>         Does anybody know if the check_by_ssh command can be
>         configured to use a passphrase ? I have found some old links
>         on the web but unfortunately they do not work.

FWIW, when I wrote it I made no provision to pass any such thing on the
command line. You cannot depend on any such construct being secure from
an ordinary user.

You can, however, ensure that your filesystem permissions do keep an
ordinary user fron viewing the private key owned by the nagios user.
Thus, the intended mode of operation is to use secured, passpharseless
keys.

Short of using 'expect' or a similar mechanism, I do not know of a way
to securely provide a passphrase to check_by_ssh. I consider expect in
this case to provide a minimal increment of security (in that it still
all comes down to how well you protect your files from intruders) but a
major increase in administrative work. Thus I have not made any
provisions to support it.

If you do know of portable and secure way to pass in a pasphrase, I
would be willing to consider it. But failing that, the answer is no,
there are no provisions for providing a passphrase, and any way that you
find to do so would be accidental.

--
Karl

-------------------------------------------------------
This SF.net email is sponsored by: ValueWeb: 
Dedicated Hosting for just $79/mo with 500 GB of bandwidth! 
No other company gives more support or power for your dedicated server
http://click.atdmt.com/AFF/go/sdnxxaff00300020aff/direct/01/
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null

Previous message: APAN problems
Next message: nrpe questions
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Users mailing list