This article is a follow-up from the Crowdsec multi-server setup. It applies to a configuration with at least two servers referred to as server-1 and one of server-2 or server-3.
To address security issues posed by clear http communication in our previous crowdsec multi-server installation we propose solutions to achieve communication between Crowdsec agents over encrypted channels. On top of that the third solution allows server-2 or server-3 to trust server-1 identity and avoid man-in -the -middle attacks.
First we have to create a certificate. This can be achieved with the following one-liner.
For now crowdsec is not able to ask for the passphrase of the private key when starting. Thus we have the choice to decipher by hand the private key each time we start or reload crowdsec or store the key unencrypted. In any way to strip the passphrase one can do.
Linux Chatter is a news aggregator service that curates some of the best Linux, Cloud, Technical Guides, Hardware and Security news. We display just enough content from the original post to spark your interest. If you like the topic, then click on the 'read full post' button to visit the author's website. Use Linux Chatter to find content from amazing authors!
Note: The content provided has been modified and is not displayed as intended by the author. Any trademarks, copyrights and rights remain with the source.
Disclaimer: Linux Chatter sources content from RSS feeds and personal content submissions. The views and opinions expressed in these articles are those of the authors and do not necessarily reflect those of Linux Chatter.