check_by_ssh failing - host key verification failed

O'Donnell, Robert L robert.l.odonnell at intel.com
Thu Apr 22 21:10:26 CEST 2010
Previous message: check_by_ssh failing - host key verification failed
Next message: Nagios Availability Report Poor Performance
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Neither of Frank's suggestions solved it, but something strange did happen.  First there was no known_users folder under nagios, only under /root.  I copied this file and tried the check again.  Nothing.

I deleted the lines referring to the host both by name and by ip.  I logged in again, and I went directly to the command line without being asked for a host key.  I checked both known_user files again, and there were NO REFERENCES to the host machine, even though I was in the machine via ssh.  

Curiouser and curiouser.




In learning more about error logs, I found the following.

Nagios command line send looks good.  The only error it is getting is remote command execution failed.

I checked the logs on the target machine, and they said " Error:  PAM:  Authentication failure for nagios from (fully_qualified_machine_name)"



    Robert L. O'Donnell


-----Original Message-----

Add "-o StrictHostKeyChecking=no" to your check_by_ssh command line.

Or you can edit ~nagios/.ssh/known_hosts, remove the line for that host, 
then su to the nagios user and manually ssh to the host. Type "yes" when 
it asks you about the host key.

-f

On Tue, 20 Apr 2010, O'Donnell, Robert L wrote:

> Date: Tue, 20 Apr 2010 16:18:05 -0700
> From: "O'Donnell, Robert L" <robert.l.odonnell at intel.com>
> 
> No joy in Mudville.
>
> I can ssh interactive as user nagios with both the ip address and the name of the target machine.
>
> Also, my .cfg file does define the host name and address
>
> Define host{
> 	Use		linux-server
> 	Host_name	(machine_name)
> 	Alias		(machine_name)
> 	Address	(machine_ip)
> 	Notes		xxxxx
> 	Notes_url	(internal_wiki_web_link)
>
>
> I also tried to change the command.cfg command_line to check_by_ssh -H $HOSTADDRESS$ ... to $HOSTNAME$ with no impact.
>
> Any help would be GREATLY appreciated, as I have been banging my head on this for over a week.  That said, I know a LOT more about ssh and DSA security than I did last week.
>
>
> ================
>
> Hi O'Donnell,!
>
> On Wed, 14 Apr 2010, O'Donnell, Robert L wrote:
>
>> Giorgio,
>>
>> Yes.
>>
>> Ssh (remote_machine_ip) -l nagios ?I /etc/nagios/.ssh/id_dsa
>>
>> logs me in with prompt ?nagios@(remote_machine_name):~>? and
>> whoami returns nagios.
>
> I see that you're logging in by IP, but in the config snippet you
> included previously there was no IP defined in the host definition, so
> $HOSTADDRESS$ will expand to the same value as host_name.  You'll need
> to log in using the same exact address (in this case, name) Nagios will
> be using to create an entry in your known_hosts file that matches what
> Nagios will be using.
>
> ==================
>
> If u try an ssh login from Nagios box to the remote box, u can login without been asked for a password?
>
>
> Ciao,
>
> Giorgio
>
> Il giorno 14/apr/2010, alle ore 23.15, "O'Donnell, Robert L" <robert.l.odonnell at intel.com> ha scritto:
> Running nagios 3.0.6 on OpenSUSE and trying to get info from a SUSE enterprise machine.
>
> Chk_by_ssh returns UNKNOWN and "Remote command execution failed: Host key verification failed",  check_ping works.
>
> I have played with every combo of options I could think of, but same results.  This is my first setup with remote checks on a linux machine (windows machine checks working fine), so it could be a newb problem.
>
> (from commands.cfg)
> # check_ssh_dummy command definition
> define command{
>     command_name          check_ssh_dummy
>     command_line          $USER1$/check_by_ssh -H $HOSTADDRESS$ -l nagios -2  \
>         -I /etc/nagios/.ssh/id_dsa -C "/usr/lib/nagios/plugins/check_dummy 0"
>     }
>
> I took out the desired response text to eliminate possible double quote issues, but it made no difference
>
> ===================
>
> Running nagios 3.0.6 on OpenSUSE and trying to get info from a SUSE enterprise machine.
>
> Chk_by_ssh returns UNKNOWN and "Remote command execution failed: Host key verification failed",  check_ping works.
>
> I have played with every combo of options I could think of, but same results.  This is my first setup with remote checks on a linux machine (windows machine checks working fine), so it could be a newb problem.
>
> (from commands.cfg)
> # check_ssh_dummy command definition
> define command{
>     command_name          check_ssh_dummy
>     command_line          $USER1$/check_by_ssh -H $HOSTADDRESS$ -l nagios -2  \
>         -I /etc/nagios/.ssh/id_dsa -C "/usr/lib/nagios/plugins/check_dummy 0"
>     }
>
> I took out the desired response text to eliminate possible double quote issues, but it made no difference
>
>
> (from object config)
>
> define service{
>     use                    local-service
>     host_name              (machine_name)
>     service_description    PING
>     check_command          check_ping!100.0,20%!500.o,60%
>     }
>
> define_service{
>     use                     local-service
>     host_name               (machine_name)
>     service_description     check_ssh_dummy!
>     }
>
>
>> From the command line, I run:
>
> /usr/lib/nagios/plugins/check_by_ssh -H (machine_ip) -l nagios -i /etc/nagios.ssh/id_dsa -C "usr/lib/nagios/plugins/check_dummy 0"
>
> It returns OK
>
> I am having the same issue with check_ssh_disk.  I do not have a MOTD for the shell, I have tried putting explicit paths in place of USER1, putting in the actual address for HOSTADDRESS, and many options on the
>
>
>    Robert L. O'Donnell
>    Advanced Equipment Engineering, IMO
>
> ------------------------------------------------------------------------------
> _______________________________________________
> Nagios-users mailing list
> Nagios-users at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/nagios-users
> ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue.
> ::: Messages without supporting info will risk being sent to /dev/null
>



------------------------------------------------------------------------------
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null
Previous message: check_by_ssh failing - host key verification failed
Next message: Nagios Availability Report Poor Performance
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the Users mailing list