[Nut-upsuser] why upsc need no authentication?
d tbsky
tbskyd at gmail.com
Fri Sep 11 02:23:41 UTC 2015
2015-09-11 10:11 GMT+08:00 Charles Lepple <clepple at gmail.com>:
> On Sep 10, 2015, at 10:23 AM, d tbsky <tbskyd at gmail.com> wrote:
>>
>> Hi:
>> I found I can setup password for uspmon. but upsc can connect to
>> any upsd without authentication. although the ups data is not very
>> confidential, but I would like not to expose it to anyone who can
>> connect to server.
>>
>> is there any method to harden upsd? thanks for hint.
>
> There are a few different approaches. If your version of NUT was build with TCP-wrappers, you can configure NUT to only allow certain clients to connect.
>
> However, in most cases where you would consider TCP-wrappers, you would probably be better served with a kernel-level firewall.
>
> There is also an option to compile NUT to verify client SSL certificates: http://www.networkupstools.org/docs/user-manual.chunked/ar01s09.html#_upsd_optional_client_authentication
>
> --
> Charles Lepple
> clepple at gmail
thanks for the hint. I guest ssl certificates is the way to go.
although it is over skill for my need (just a password to protect it
is enough for me).
More information about the Nut-upsuser
mailing list