[collectd] [Networking]: Encryption available (SSL/TLS)?
octo at verplant.org
Thu Feb 19 09:38:30 CET 2009
On Wed, Feb 18, 2009 at 12:14:34PM +0100, 238749328749 at gmx.de wrote:
> I've already read the FAQ and quickly scanend through the archive but
> haven't found anything about that:
you're right, this has been asked a few times, but it was still missing
in the FAQs.. I've updated them:
-- >8 -- <http://collectd.org/faq.shtml#faq:network_encryption> --
Is network traffic encrypted or signed?
Unfortunately, no. Since the network plugin uses UDP, TLS cannot be
used. We'd have to use DTLS instead, but this is only implemented in
OpenSSL but not GNU TLS. Since the license used by OpenSSL we cannot
use that, so we're bound to wait for GNU TLS to implement it. There
have been various posts on their mailing list about DTLS, but so far
no real progress has been made (February 2009).
Implementing signing, especially with PSK, is probably a lot easier.
So far, nobody has stepped up to implement it, though. If you're
willing to give it a try, please contact us first before putting a lot
of work into that.
-- 8< --
> Alternatively, is it possible to make collectd use of a networking
> "subsystem", e.g. ssh for communicating with the server?
You can of course configure collectd to send its data so it goes over a
VPN, but I guess that's not what you meant..? If you meant anything like
rsync(1)'s `-e ssh' option, then no, that's not supported by collectd
itself, you may still be able to set something up with appropriate
command in startup scripts or something.
If you have a suggestion how collectd could support you in setting up an
encrypted connection, e. g. using SSH, please let us know!
Florian octo Forster
Hacker in training
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: Digital signature
Url : http://mailman.verplant.org/pipermail/collectd/attachments/20090219/e42052e4/attachment.pgp
More information about the collectd