Re: [Nut-upsuser] why upsc need no authentication?
2015-09-11 10:11 GMT+08:00 Charles Lepple : > > There is also an option to compile NUT to verify client SSL certificates: > http://www.networkupstools.org/docs/user-manual.chunked/ar01s09.html#_upsd_optional_client_authentication > after reading the nut document about ssl, I am really confused. I only see ssl configuration about "upsd" and "upsmon". how about "upscmd", "upsrw" and "upsc" ? I didn't see configuration for them to use specific ssl certificate. am I miss something? Regards, tbskyd ___ Nut-upsuser mailing list Nut-upsuser@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/nut-upsuser
Re: [Nut-upsuser] why upsc need no authentication?
2015-09-11 10:11 GMT+08:00 Charles Lepple : > On Sep 10, 2015, at 10:23 AM, d tbsky wrote: >> >> Hi: >> I found I can setup password for uspmon. but upsc can connect to >> any upsd without authentication. although the ups data is not very >> confidential, but I would like not to expose it to anyone who can >> connect to server. >> >>is there any method to harden upsd? thanks for hint. > > There are a few different approaches. If your version of NUT was build with > TCP-wrappers, you can configure NUT to only allow certain clients to connect. > > However, in most cases where you would consider TCP-wrappers, you would > probably be better served with a kernel-level firewall. > > There is also an option to compile NUT to verify client SSL certificates: > http://www.networkupstools.org/docs/user-manual.chunked/ar01s09.html#_upsd_optional_client_authentication > > -- > Charles Lepple > clepple@gmail thanks for the hint. I guest ssl certificates is the way to go. although it is over skill for my need (just a password to protect it is enough for me). ___ Nut-upsuser mailing list Nut-upsuser@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/nut-upsuser
Re: [Nut-upsuser] why upsc need no authentication?
On Sep 10, 2015, at 10:23 AM, d tbsky wrote: > > Hi: > I found I can setup password for uspmon. but upsc can connect to > any upsd without authentication. although the ups data is not very > confidential, but I would like not to expose it to anyone who can > connect to server. > >is there any method to harden upsd? thanks for hint. There are a few different approaches. If your version of NUT was build with TCP-wrappers, you can configure NUT to only allow certain clients to connect. However, in most cases where you would consider TCP-wrappers, you would probably be better served with a kernel-level firewall. There is also an option to compile NUT to verify client SSL certificates: http://www.networkupstools.org/docs/user-manual.chunked/ar01s09.html#_upsd_optional_client_authentication -- Charles Lepple clepple@gmail ___ Nut-upsuser mailing list Nut-upsuser@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/nut-upsuser
[Nut-upsuser] why upsc need no authentication?
Hi: I found I can setup password for uspmon. but upsc can connect to any upsd without authentication. although the ups data is not very confidential, but I would like not to expose it to anyone who can connect to server. is there any method to harden upsd? thanks for hint. Regards, tbskyd ___ Nut-upsuser mailing list Nut-upsuser@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/nut-upsuser