You're not comfortable with running remote Nagios sessions over HTTP because all transmissions are sent in the clear. You could set up SSL, but that seems like a big hassle because you'll have to create a certificate and configure Apache to use SSL. So, why not just set up a nice, easy, secure OpenSSH tunnel?
No reason why not. OpenSSH is an amazingly flexible, useful program. Setting a tunnel on your LAN is easy. Our two example hosts are nagiospc and neighborpc. You need system accounts on both hosts. Run a command like this from neighborpc to set up a tunnel to your Nagios server:
user@neighborpc:~$ ssh user@nagiospc -L 8080:nagiospc:80Now, fire up a Web browser on neighborpc, and go to http://localhost:8080/nagios. The entire session will be safely tucked inside an SSH tunnel, and safe from snoopers.
To run a Nagios session over the Internet, see Chapter 7 to learn how to get SSH tunnels past your NAT firewall.
When logging in over SSH, don't use the nagios user, because by default it has no password and cannot log in. Instead, log in as some other unprivileged user, then authenticate in the usual manner on the Nagios web interface.
The command syntax can be a little confusing, so let's break it into bite-sized chunks. The first part is the same as any remote SSH login: user@remote_host.
The -L flag means "create a
tunnel."
8080, or whatever port you
select, is the outgoing port on your local PC. Be sure to choose an
unused, high-numbered (higher than 1024) port.
nagiospc:80 is the remote
server and port. So, you'll always need to know which port the service
you want to tunnel is using.
Chapter 17, "Remote Access," in Linux Cookbook, by Carla Schroder (O'Reilly)