questions

[Paul L. Allen]

Marc Powell writes: 

> NRPE, which allows you to run plugins on remote machines can
> use encryption I believe.

With encryption but (as I understand it) without authentication.  The
results cannot be deciphered by eavesdroppers but it relies upon
tcpwrappers to limit who can connect to it.  This can be a problem if
your monitoring machine is on ADSL or cable modem and its IP address
can change (not a problem for most people but this one is a problem
for me because of a PHB who insists on running nagios on his home
computer to save on chargeable bandwidth).  Note that somebody in a
position to eavesdrop on traffic could probably use IP spoofing and pick
up a result that he or she could decipher. 

> Check_by_ssh is obviously encrypted.

And authenticated, which means that you don't have to use tcpwrappers
(although you can if you're really paranoid or worried about DoS
attacks) or sniffers who use IP spoofing. 

-- 
Paul Allen
Softflare Support 




-------------------------------------------------------
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null