check_by_ssh
Robert Cole
robert.cole at support4linux.com
Fri Jun 15 23:39:58 CEST 2007
Well as you might notice from my message the keybased authentication is
working well, no problem but I wasn't using sudo so I tried adding that
line to my sudo config with no success. It still asks for a passphrase
or password when I use check_by_ssh but if I "ssh remotecomputer" I go
right in or if I scp so that seems to be working well but something
about check_by_ssh isn't seeing the key exchange or something. I went
ahead and generated an rsa key and tried that as well and still I can
ssh or scp into the boxes passwordless but not with check_by_ssh
Any ideas?
James wrote:
> Robert Cole wrote:
>> I tried the multiple v's:
>>
>> nagios at ms1 ~ $ /usr/nagios/libexec/check_by_ssh -H remotecomputer -i
>> -vvvv ~/.ssh/id_dsa -C "/usr/nagios/plugins/check_swap -w 50% -c 10%"
>> Enter passphrase for key '/home/nagios/.ssh/id_dsa':
>> nagios at ocmp0's password:
>>
>> Didn't give me anymore output but as I mentioned doing it via just
>> ssh works:
>>
>> nagios at ms1 ~ $ ssh -i .ssh/id_dsa remotecomputer
>> "/usr/nagios/plugins/check_swap -w 50% -c 10%"
>> SWAP OK - 100% free (1996 MB out of 1996 MB) |swap=1996MB;998;199;0;1996
>> nagios at ms1 ~ $
>>
>> -rw-r--r-- 1 nagios nagios 615 Jun 8 07:03 authorized_keys
>> -rw------- 1 nagios nagios 736 Jun 8 05:12 id_dsa
>> -rw-r--r-- 1 nagios nagios 614 Jun 8 05:12 id_dsa.pub
>> -rw-r--r-- 1 nagios nagios 1270 Jun 15 10:21 known_hosts
>>
>> and I did try doing /home/nagios/.ssh/id_dsa and it didn't make a
>> difference. It looks like a problem with check_by_ssh itself doesn't it?
>>
> here's the exact procedure i use for check_by_ssh
>
> 1. As root user on nagios server:
> shell> sudo -u nagios ssh-keygen
> create the rsa keys in /home/nagios/.ssh/id_rsa
> make sure when prompted to put a password to user you leave it blank
>
> 2. As root user on nagios server:
> shell> sudo -u nagios ssh user at remotehost
> This will give the remotehost the signature of the local nagios
> user in the machine.
>
> 3. As user on remote host:
> shell> ssh-keygen
> create the ssh keys in /home/user/.ssh/id_rsa
> shell> touch /home/user/.ssh/authorized_keys2
>
> 4. Copy identity key from nagios server to remote host:
> From nagios server:
> shell> scp /home/nagios/id_rsa.pub user at remotehost:/home/user/
> <mailto:remotecmd at remotehost:/home/remotecmd/>
> From remote server:
> shell> cat /home/user/id_rsa.pub >> /home/user/.ssh/authorized_keys2
>
> As root on remote server:
> shell> visudo
> Now enter the sudo line for user to the command you wish nagios to
> run:
> Example:
> user ALL = NOPASSWD: /usr/local/nagios/libexec/check_ping
>
> 5. Make a new Nagios command:
> /usr/local/nagios/libexec/check_by_ssh -H $HOSTADDRESS$ -l user -i
> '/home/nagios/.ssh/id_rsa' -C 'path of nagios plugin on remote host'
> Example:
> /usr/local/nagios/libexec/check_by_ssh -H $HOSTADDRESS$ -l user -i
> '/home/nagios/.ssh/id_rsa' -C \
> '/usr/local/nagios/libexec/check_graph_uptime.pl -H $HOSTADDRESS$
> -C $ARG1$ -g -f -w -S $ARG2$ -c $ARG3$'
>
>
-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue.
::: Messages without supporting info will risk being sent to /dev/null
More information about the Users
mailing list