Hi Joe, I've tunneled a lot of stuff over SSH, and it's a great band-aid, but always feels heavy-handed. My initial thought is that you're going to deal with maintaining/distributing asymmetric crypto one way or the other. Which is to say: You'd probably want your SSH tunnels to re-establish themselves w/o user intervention...which likely means key-based auth (unless you've got a Kerberos card you haven't played yet)...which isn't that much more easily-managed than X.509 certs for TLS. Additionally, since SSH tunnels are bad at bringing themselves back to life after link failure without additional glue, and rsyslog probably has built-in support for addressing that problem, rsyslog's own TLS implementation is probably a win.
$0.02, -sth sam hooker|[email protected]|http://www.noiseplant.com "To invent, you need a good imagination and a pile of junk." Thomas Edison ----- Original Message ----- > From: "joe golden" <[email protected]> > To: [email protected] > Sent: Thursday, December 13, 2012 10:45:00 AM > Subject: secure remote rsyslog > > Anyone have any links or advice for rsyslogd over ssh? Good idea? Bad > idea? > > I'm trying to set up centralized logging and might as well do it in a > secure fashion. Rather not go through the hassle of ssl certs if not > necessary. That said, it looks like rsyslogd with TLS > (http://www.rsyslog.com/doc/rsyslog_tls.html) may be the way to go. > > I live in the Debian flavored world. > > Cheers with beers. > > -- > Joe Golden /_\ www.Triangul.us /_\ websites with class >
