check_by_ssh returning UNKNOWN
Don Badrak
dbadrak at tco.census.gov
Fri Jan 9 16:19:26 CET 2004
All,
I just wrestled with this yesterday. As it turned out, the check worked
just fine from the command line (even as the nagios user). But, I had
missed a $ in my line ($USER1/check_by_ssh instead of
$USER1$/check_by_ssh). Dang.
I even tried making a check_by_ssh.sh, writing all the output to a log
file, to see what was going on. That may help you figure out why it's
getting "UNKNOWN".
On Fri, 9 Jan 2004, Paul L. Allen wrote:
> Rasmus Plewe writes:
>
> > Has anyone seen something like this before and can give me a clue?
>
> If the problematic host is multi-homed and you're referring to it by
> name rather than one of the IPs, this could happen if your ssh has
> strict host key checking set to ask (it is by default) and for certain
> other reasons. You can test that by:
>
> 1) Login to your monitoring host as user nagios (or whatever your
> nagios system is running as). Do not su to nagios from some other
> user account.
>
> 2) SSH onto each IP address of the box being monitored using the same
> -l and -i options as in your check command.
>
> 3) Fix whatever SSH complains about (usually the first manual login
> gets rid of the xauthority message that trips up check_by_ssh).
>
> If the box being monitory has only one IP address then the above tests
> might still shed some light on what may be going wrong.
I've done the following to get it working.
1. Install nagios plugins on remote system (I put them in /usr/local/nagios/libexec)
2. Add nagios user and group on remote system (substitute NNN for your values).
This is for a RedHat Linux system, so put in the proper stuff for your own OS.
/usr/sbin/groupadd -g NNN nagios
/usr/sbin/useradd -u NNN -g nagios -c "Nagios" -d /home/nagios -s /bin/bash nagios
3. Set up the .ssh directory and key on remote system
(on remote host)
mkdir /home/nagios/.ssh
chown nagios.nagios /home/nagios/.ssh
(copy key into /home/nagios/.ssh/authorized_keys)
The key has these options (put in your own monitorhost name(s) and IP(s)), followed
by your own key.
from="monitorhost.domain,192.168.0.1",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ...
4. Create the file for the nagios user in $HOME/.ssh/config on the local system
Host *
ForwardX11 no
This stops the generation of the xauthority Paul talks about in his step #3.
5. Establish the known_hosts entry on the local system from the nagios user. I
do this with sudo. I didn't have any troubles with this, as the -H says to use the
home directory of the user (so it picks up the right place to write the known_hosts file).
sudo -u nagios -H ssh nagios@(remotesystem) 'uname -a'
You should do this for (remotesystem) by DNS name and by all IP addresses by which
it is known in the Nagios configuration (as Paul says in his step #2).
I'd recommend trying the same line you'll use from your command.cfg
file under the same nagios user. That might shed some light on the
problem. Or just confuse you more.
Don
--
Don Badrak <dbadrak at census.gov> 301.763.5534 work
Telecommunications Office 301.457.4438 fax
U.S. Bureau of the Census
Suitland MD, USA
-------------------------------------------------------
This SF.net email is sponsored by: Perforce Software.
Perforce is the Fast Software Configuration Management System offering
advanced branching capabilities and atomic changes on 50+ platforms.
Free Eval! http://www.perforce.com/perforce/loadprog.html
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue.
::: Messages without supporting info will risk being sent to /dev/null
More information about the Users
mailing list