Giving check_by_ssh a password

Andy Harrison aharrison at gmail.com
Sat Jun 19 03:14:51 CEST 2004


On Fri, 18 Jun 2004 13:15:06 -0500, Misao <misaochankun at speakeasy.net> wrote:
> 
> 
> /usr/local/nagios/.ssh > cat auth*
> ssh-rsa Stuffhere/MoreStuffhere/Littlemorehere= user at server

It the file definitely named authorized_keys2?


I notice some subtle differences in our debug output...

Part of mine says:  
debug1: got SSH2_MSG_SERVICE_ACCEPT
debug1: authentications that can continue: publickey,keyboard-interactive
debug1: next auth method to try is publickey
debug1: try privkey: /usr/local/var/nagios/.ssh/identity
debug1: try pubkey: /usr/local/var/nagios/.ssh/id_rsa
debug1: input_userauth_pk_ok: pkalg ssh-rsa blen 149 lastkey 0xxxxxxxxx hint 1
debug1: read PEM private key done: type RSA
debug1: ssh-userauth2 successful: method publickey

Notice it says successful for method publickey.  

Yours says:
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue:
publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Trying private key: /home/nagios/.ssh/identity
debug1: Offering public key: /home/nagios/.ssh/id_rsa
debug1: Authentications that can continue:
publickey,password,keyboard-interactive
debug1: Trying private key: /home/nagios/.ssh/id_dsa
debug1: Next authentication method: keyboard-interactive
debug1: Authentications that can continue:
publickey,password,keyboard-interactive
debug1: Next authentication method: password
nagios at targetserver's password:
debug1: Authentication succeeded (password).

So even though it is not throwing an error, your publickey doesn't
seem to be accepted.

I also notice differences a little further up. 

Mine says:

debug1: Host 'server1' is known and matches the DSA host key.
debug1: Found key in /usr/local/var/nagios/.ssh/known_hosts:7
debug1: bits set: 1599/3191
debug1: ssh_dss_verify: signature correct

While yours says:

debug1: Host 'targetserver' is known and matches the RSA host key.
debug1: Found key in /home/nagios/.ssh/known_hosts:31
debug1: ssh_rsa_verify: signature correct

I'm running off of FreeBSD defaults. so DSA wasn't something I chose
intentially.

I took a peek at my sshd_config and the HostKey directives are:

# HostKey for protocol version 1
HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
HostKey /etc/ssh/ssh_host_dsa_key
HostKey /etc/ssh/ssh_host_rsa_key

So maybe since dsa is listed first it tries that first.  Not sure...

Either way, it doesn't seem happy with your host key, so I'd start by
regenerating them.

And kill it out of your known_hosts file too.

-- 
Andy Harrison


-------------------------------------------------------
This SF.Net email is sponsored by The 2004 JavaOne(SM) Conference
Learn from the experts at JavaOne(SM), Sun's Worldwide Java Developer
Conference, June 28 - July 1 at the Moscone Center in San Francisco, CA
REGISTER AND SAVE! http://java.sun.com/javaone/sf Priority Code NWMGYKND
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null





More information about the Users mailing list