Yesterday Gregory Sloop wrote: > Ok, so I've setup a test master-slave config, and the basic config > looks good. > > So, I suppose this is essentially off-topic, but I'm wondering about > hardening the communications between a master and a slave. > > In my case, I'm thinking of having slaves that communicate over an > un-secure net [say the internet] back to the master. > > I know the shared secret [PSK] for the slave-master protect [kinda] so > that an attacker can't stuff data into the SP master - but that > doesnt' address someone finding a hole in the CGI etc. > > Essentially, if I let the world hit the smokeping.cgi, but only > prevent writes, that does noting to prevent others from looking at my > smokeping data [which I may not want to allow] or worse, attacking the > smokeping.cgi in an attempt to crack the master machine. [And from > what I can see, I can't easily use .htaccess files over https to > limit access, because the slaves don't grok that.] >
basic auth would be quite simple to add to slaves I guess ... otoh, you could also teach the slaves to use client certificates http://stackoverflow.com/questions/12697450/using-lwp-with-ssl-and-client-certificates you could further limit access by IP address on the server cheers tobi > This is obviously bad. > > I've considered building VPN's or SSH tunnels between the slave(s) and > masters - but does anyone have any tried-and-true methods that are > perhaps less cumbersome - that I haven't considered? > > -Greg > > _______________________________________________ > smokeping-users mailing list > smokeping-users@lists.oetiker.ch > https://lists.oetiker.ch/cgi-bin/listinfo/smokeping-users > > -- Tobi Oetiker, OETIKER+PARTNER AG, Aarweg 15 CH-4600 Olten, Switzerland http://it.oetiker.ch t...@oetiker.ch ++41 62 775 9902 / sb: -9900 _______________________________________________ smokeping-users mailing list smokeping-users@lists.oetiker.ch https://lists.oetiker.ch/cgi-bin/listinfo/smokeping-users