check_by_ssh vs check_snmp: security considerations?

[Dan Stromberg]

check_by_ssh of course, isn't vulnerable to replay attacks.  But if we
set up passwordless, passphraseless accounts on all of our systems for
check_by_ssh, that's a sort of problem in itself, since that account
could (normally) run any command it wanted to.

check_snmp is subject to replay attacks, but it's relatively limited in
what it can do.

So I guess my question is: Is there a form of restricted shell that
would work conveniently with check_by_ssh, that would allow only a short
list of sanitized plugins to run?

Thanks!

-- 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <https://www.monitoring-lists.org/archive/users/attachments/20041029/73ce4372/attachment.sig>