There is a reason most NMS systems used SNMP in the past and REST apis past 7+ years. They don't use CLIs except toy Expect type scripts.. Not just security but better error handling and more.
Good luck learning! On Thu, Mar 29, 2018 at 9:03 AM, Tomasz Chmielewski <[email protected]> wrote: > SNMP is mainly used for monitoring, not _server_ automation. > > Also, it's inherently insecure for anything else - only SNMPv3 offers any > kind of encryption, and it's DES - 56 bit only, and you can easily > brute-force it on an average computer. > > > If you could provide some serious articles about why is CLI insecure, I'd > be interested to read. > > > Tomasz Chmielewski > https://lxadm.com > > > > On 2018-03-30 00:48, al so wrote: > >> Just search online why in general that is insecure via CLI vs >> programmatic for first class automation.. there is a reason why snmp, >> rest, ... exist. >> >> On Thu, Mar 29, 2018 at 3:50 AM, Tomasz Chmielewski <[email protected]> >> wrote: >> >> You've mentioned security issues in your previous email, but now >>> you're hopping to management issues. >>> >>> Have you tried Ansible, Chef or Puppet for automation? It works well >>> for hundreds of servers, different services and not just one kind of >>> VPN. >>> >>> Tomasz Chmielewski >>> https://lxadm.com >>> >>> On 2018-03-29 16:10, al so wrote: >>> Programmatic management with first class APIs is preferred for >>> larger >>> deployments.. >>> >>> On Mon, Mar 26, 2018 at 12:28 PM, Tomasz Chmielewski >>> <[email protected]> >>> wrote: >>> >>> Could you elaborate on why CLI (SSH) managing is insecure? >>> >>> Tomasz Chmielewski >>> https://lxadm.com >>> >>> On 2018-03-27 04:23, al so wrote: >>> So, for remote manageability of Tinc, we don't have any SNMP or >>> REST >>> like programmatic ways? >>> >>> If it is going to be CLI only, it is definitely not secure to manage >>> and also not very convenient to manage programmatically. >>> >>> On Sun, Mar 25, 2018 at 1:44 AM, Guus Sliepen <[email protected]> >>> wrote: >>> >>> On Sat, Mar 24, 2018 at 02:16:20PM -0700, al so wrote: >>> >>> Is there any quickstart guide to setup site-to-site VPN using >>> Tinc 1.1 >>> >>> pre-rel? >>> >> >> You can find an example of a site-to-site VPN with four sites here: >> >> http://tinc-vpn.org/documentation/Example-configuration.html [1] [1] >> [1] >> >> Assuming I have two routers at two sites running tinc vpn along >>>> >>> with >> >> routing feature. >>>> >>> >> If you only have two sites, then just look at the example >> configuration >> for "Branch A" and "Branch B" in the page I linked, and ignore the >> other >> two sites. >> >> Once I setup manually and validate the connection, I want to >>>> >>> automate >> >> using REST APIs. >>>> >>> >> Tinc does not expose any REST APIs. With tinc 1.1, you can use the >> command line tool to automate things though, see: >> >> http://tinc-vpn.org/documentation-1.1/Controlling-tinc.html [2] [2] >> [2] >> >> >> >> Links: >> ------ >> [1] http://tinc-vpn.org/documentation/Example-configuration.html >> [2] http://tinc-vpn.org/documentation-1.1/Controlling-tinc.html >> >
_______________________________________________ tinc mailing list [email protected] https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
