3
NRPE now has the option for Encrypting Network traffic using
6
The Encryption is done using a set encryption routine of
7
AES-256 Bit Encryption using SHA and Anon-DH. This encrypts
8
all traffic using the NRPE sockets from the client to the server.
10
Since we are using Anon-DH this allows for an encrypted
11
SSL/TLS Connection without using pre-generated keys or
12
certificates. The key generation information used by the
13
program to dynaically create keys on daemon startup can be found
14
in the dh.h file in the nrpe src directory. This file was created
17
openssl dhparam -C 512
19
which outputs the C code in dh.h. For your own security you can replace
20
that file with your own dhparam generated code.
22
As of this time you will need to have the latest greatest version of
23
OpenSSL (tested against version 0.9.7a) since not all versions have
24
the AES algorythm in them.
26
I am not aware that at this time this code is restricted under export
27
restrictions but I leave that verification process up to you.
29
Thoughts and suggestions are welcome and I can be reached on the
30
Nagios and NagiosPlug Mailing Lists.