check_by_ssh question

[Arnold Cano]

> It has its problems.  It is not uniform because the configuration of
> the NRPE daemon is very different from that of NCSA itself.  It has
> the advantage that you can run NRPE on a firewall (more secure, on
> a machine protected by a firewall, with port forwarding from the
> firewall to the NRPE box), whereas check_by_ssh seems to be unable
> to be chained (or I couldn't figure out the correct syntax to do it).
> The major disadvantage is it's not really secure at all, even with
> tcpwappers.  Somebody who can eavesdrop your network traffic can send
> spoofed requests and get the answers. 

I was able to chain check_by_ssh in the following way... let me know if you see
a problem with this approach or see a better way.

checkcommands.cfg:

define command {
  command_name  indirect_check_tcp_by_ssh
  command_line  $USER1$/check_by_ssh -H $ARG1$ -C '$USER1$/check_tcp -H
$HOSTADDRESS$ -p $ARG2$'
}

service.cfg:

define service {
  ...
  check_command  indirect_check_tcp_by_ssh!xxx.xxx.xx.x!xxxx
}

> The mailing list has discussed this several times, so it is in the
> archives.  However, something in the documentation would be nice. 

Agreed. An "official" example of this would be nice in the manual to go along
with the diagrams.

Thanks,

Arnold




-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null