cancel
Showing results for 
Search instead for 
Did you mean: 
Create Post

SSH certificate support

Hi,

When executing unix scripts or nagios scripts, ssh is used to interact with the unix servers.  The only problem is that no SSH certificates are supported today.

When securing a unix server, it is common not to allow any password authentication for SSH.  The only way to get SSH access is through public/private key algorithms making it very hard for hackers to hack into.  Then once you have access with a secure certificate, you will need password authentication to become a root user.

Unfortunately, if you want to use APM, you have to open up your Unix server to password authentication.  This makes it much easier for bots to use brute-force attacks to gain access to your servers.

By supporting SSH certificates, I would be able to use APM and not compromise the security of our servers.

Thanks!
Frik

Comments

Thanks for the feedback gatherworks. I've heard this mentioned a few times before by other customers. We're currently tracking this feature request internally as FB87982. Other Thwackers are encouraged to chime in as well if you'd like to see similar functionality added to APM.


+1 on this. 

Here is an example of a recent exploit on Linux:
http://blog.zx2c4.com/749 -- contains link to http://www.youtube.com/watch?feature=player_embedded&v=yLu4q4gMCCA

If you watch the youtube video, you will see how a regular user is able to become root.  This is why you do not want to allow password authentication for SSH.

+1

+1

+1


+1

In the latest SAM 5.5 beta it is now possible to utilize SSH Private Key certificates for authentication with Linux/Unix and Nagios Script Monitors. If you'd like to participate in the latest SAM beta you can sign-up here to download to give it a try.


SAM Private Key Auth.png

Version history
Revision #:
1 of 1
Last update:
‎01-20-2012 06:38 AM
Updated by: