check_by_ssh vs. ssh (when executed, have different environments)

[Craig Worthington]

On the same sort of ssh track...

Is it possible to configure ssh or check_by_ssh to use a ssh tunnel ?
I have a number of heavy loaded computers (executing climate models)
where re-establishing ssh connections every 30 seconds is causing a load
problem. 

I guess the goal would be to have a check-plugin were it looks for a
tunnel and then leaves the tunnel open after the check has finished. Is
there a existing check which does something like this ??

Craig Worthington
Dept. of Natural Resource
Queensland Australia

On Thu, 2006-10-12 at 08:43, John P. Rouillard wrote:
> In message <A7B0A9F02975A74A845FE85D0B95B8FA05371A07 at misex01.ena.com>,
> "Marc Powell" writes:
> >> On Behalf Of Bret Goodfellow
> >> The user (nagios) is the id that is executing both ssh and check_by_ssh.
> >> When these commands are run, the "environments" established for ssh and
> >> check_by_ssh are different (why)?
> >> 
> >check_by_ssh does not initiate a full login shell when executing
> >commands. In fact, it is a simple but intelligent wrapper for 'ssh
> >user at host somecommand' so as such, the ssh command on the remote host is
> >going to see only the environment variables available for a non-login
> >process and those that ssh specifically sets. 'man ssh' and search for
> >'ENVIRONMENT'. That section of the man page will detail the limited
> >number of environment variables that ssh will set on it's own and how to
> >add others via $HOME/.ssh/environment. check_by_ssh doesn't modify or
> >limit the remote environment in any way. 
> 
> Also the envirnment passed to ssh when run under check_by_ssh is
> sanitized as well to limited set of variables. You need to look at the
> code to see how it sanitizes the environment to prevent security
> issues. One of the things that this prevents is use of the ssh agent
> to authenticate for check_by_ssh.
> 
> So what you need to do is write a shell wrapper that sets the varibles
> you need for check_oracle and invoke the wrapper instead of
> check_oracle directly.
> 
> 				-- rouilj
> John Rouillard
> ===========================================================================
> My employers don't acknowledge my existence much less my opinions.
> 
> -------------------------------------------------------------------------
> Using Tomcat but need to do more? Need to support web services, security?
> Get stuff done quickly with pre-integrated technology to make your job easier
> Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
> _______________________________________________
> Nagios-users mailing list
> Nagios-users at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/nagios-users
> ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
> ::: Messages without supporting info will risk being sent to /dev/null


-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null