Thanx Sam. Suspected as much. Cheers. -- Joe Golden /_\ www.Triangul.us /_\ websites with class
On 12/13/2012 11:01 AM, Sam Hooker wrote: > Hi Joe, > > I've tunneled a lot of stuff over SSH, and it's a great band-aid, but > always feels heavy-handed. My initial thought is that you're going to > deal with maintaining/distributing asymmetric crypto one way or the > other. Which is to say: You'd probably want your SSH tunnels to > re-establish themselves w/o user intervention...which likely means > key-based auth (unless you've got a Kerberos card you haven't played > yet)...which isn't that much more easily-managed than X.509 certs for > TLS. Additionally, since SSH tunnels are bad at bringing themselves > back to life after link failure without additional glue, and rsyslog > probably has built-in support for addressing that problem, rsyslog's > own TLS implementation is probably a win. > > > $0.02, > > -sth > > sam hooker|[email protected]|http://www.noiseplant.com > > "To invent, you need a good imagination and a pile of junk." Thomas > Edison > > ----- Original Message ----- >> From: "joe golden" <[email protected]> To: [email protected] Sent: >> Thursday, December 13, 2012 10:45:00 AM Subject: secure remote >> rsyslog >> >> Anyone have any links or advice for rsyslogd over ssh? Good idea? >> Bad idea? >> >> I'm trying to set up centralized logging and might as well do it in >> a secure fashion. Rather not go through the hassle of ssl certs if >> not necessary. That said, it looks like rsyslogd with TLS >> (http://www.rsyslog.com/doc/rsyslog_tls.html) may be the way to >> go. >> >> I live in the Debian flavored world. >> >> Cheers with beers. >> >> -- Joe Golden /_\ www.Triangul.us /_\ websites with class >> >
