[rancid] Re: unencrypted passwords in .cloginrc ...
Austin Schutz
tex at off.org
Thu Oct 26 22:09:02 UTC 2006
On Thu, Oct 26, 2006 at 02:28:54PM -0700, John Dworske wrote:
>
>
> Rancid Folks,
>
> Is there any way getting around using unencrypted passwords in the
> .cloginrc file ? My co-workers will not let me use rancid unless we can
> come up with something more secure ?
>
If your poller is not secure it doesn't matter what authentication
method you use. So while you could for some platforms set up .shosts or RSA
authorized keys, it doesn't really accomplish anything.
How is it you do your snmp polling without the snmp poller having
the unencrypted community string? Answer: you don't. This really isn't any
different. Use strict ACLs to make sure the number of hosts allowed access
it small. Use ssh and not telnet for polling. Be very strict about poller
security.
Austin
More information about the Rancid-discuss
mailing list