[smokeping-users] Slave-Master security

Gregory Sloop gregs at sloop.net
Wed Mar 20 05:24:11 CET 2013

Ok, so I've setup a test master-slave config, and the basic config
looks good.

So, I suppose this is essentially off-topic, but I'm wondering about
hardening the communications between a master and a slave.

In my case, I'm thinking of having slaves that communicate over an
un-secure net [say the internet] back to the master.

I know the shared secret [PSK] for the slave-master protect [kinda] so
that an attacker can't stuff data into the SP master - but that
doesnt' address someone finding a hole in the CGI etc.

Essentially, if I let the world hit the smokeping.cgi, but only
prevent writes, that does noting to prevent others from looking at my
smokeping data [which I may not want to allow] or worse, attacking the
smokeping.cgi in an attempt to crack the master machine. [And from
what I can see, I can't easily use .htaccess files  over https to
limit access, because the slaves don't grok that.]

This is obviously bad.

I've considered building VPN's or SSH tunnels between the slave(s) and
masters - but does anyone have any tried-and-true methods that are
perhaps less cumbersome - that I haven't considered?


More information about the smokeping-users mailing list