Aaron wrote: > I joined the list recently and while doing some searching for answers > came across a "best practices" thread. One of the things listed in the > thread was using snmp whenever possible with the statement that it > should only be used on the local networks. > > I'm wondering if this is also the popular belief "best practice" even if > you're using snmp v3 and if so why. I was about to deploy snmp v3 > active checks to check things like cpu and disk loads and then i saw > this post. I thought that was the whole point of v3 with SHA and AES > encryptions and authentication so that we could use it over the net. >
If security is your primary concern, you should use ssh with shared key authentication as much as you possibly can, and make sure to use one key per command you want to execute (read the SSH manpage carefully on how to set this up). This can quickly become troublesome though, as the keys and commands mount up (maintenance nightmare, but very secure). For routers and switches, SNMPv3 is almost always the best way to go. Personally, I prefer NRPE since it also allows event-handlers to be added without having to install additional software. The code is also small, and I've audited it myself so I know it's sound, provided it's configured properly. -- Andreas Ericsson [EMAIL PROTECTED] OP5 AB www.op5.se Tel: +46 8-230225 Fax: +46 8-230231 ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null
