Just for the records, we (Adiscon - WinSyslog, MonitorWare, rsyslog) do
not plan to support SSH either. We plan native TLS first in rsyslog and
later in the Windows product. I guess we'll try to make it compatible to
syslog-ng no matter if this will be an IETF or industry standard. I
expect this to be fairly easy (AFIK our products interoperate via the
stunnel hack over SSL).
Rainer
-Original Message-
From: Balazs Scheidler [mailto:[EMAIL PROTECTED]
Sent: Wednesday, January 11, 2006 3:40 PM
To: Chris Lonvick
Cc: Rainer Gerhards; [EMAIL PROTECTED]
Subject: Re: SSH - RE: [Syslog] Re: Threat model and charter
On Wed, 2006-01-11 at 06:29 -0800, Chris Lonvick wrote:
Hi,
I forgot to address the use of SSH for authentication. The
isms WG is
trying to use SSH to provide security for SNMPv3. This can
be done by
having the devices authenticate by having a username and credential
(password, public key, etc.). Again, this sounds to me
like it's getting
further away from the ease of deployment for syslog than we'd like.
However, Rainer mentioned that he thought some people were
already using
SSH to transport syslog. I need to ask: How many people have
implementations that use SSH, and how many are planning this?
I for one (syslog-ng) don't plan to add native support to
SSH, although
SSH can be integrated into syslog-ng by using the program destination,
something like this:
program(ssh -i /etc/syslog-ng/ssh.key [EMAIL PROTECTED]
/usr/bin/logger -f);
However I don't see this as a very good solution. On the
other hand I'm
planning on adding TLS natively (instead of using stunnel
style hacks).
--
Bazsi
___
Syslog mailing list
Syslog@lists.ietf.org
https://www1.ietf.org/mailman/listinfo/syslog
