Can check_by_ssh work under ssh-agent?

Piotr Poznanski Piotr.Poznanski at nid.pl
Tue May 6 13:23:41 CEST 2003

Previous message: dependent services
Next message: Rép. : [Nagios-users] dependent services
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> On Tue, 2003-05-06 at 04:03, Piotr Poznanski wrote:
> > [...]
> > Does plugin lack support for such functionality or is it only some error
in
> > my thinking?
>
> You will need to make sure that Nagios can access the running agent
> (thus the environment) after you've added the key.

For testing I didn't even run nagios daemon but only the plugin. So it was
simple, foreground proces mannualy run under the shell.

Inspirded by Your comment I've tried one more aproach in my testing
methodology. Previously I run ssh-agent manualy, and than I've exported
apropriate environment variables as for SSH client. For SSH client it
worked, but not for ~nagios/libexec/check_by_ssh.

Now I tried with slighlty different aproach. I run shell as a subproces of
ssh-agent, the in that shell I've added the key. Unfortunately, check_by_ssh
plugin still keeps asking for passphrase.

I think that the only resonable solution for now is to configure
authorized_keys entry on remote machine for running particular command only.
Or write different plugin :)

> However, even if it does work, you will need to use expect to start the
> daemon on reboot of the server. Which means your security is only as
> good as your protections of the expect script. Which is essentailly what
> you have with no passphrase - your security is only as good as your
> protection of the private key (hence the name).

You are sertainly right, unles I intend to start ssh-add manualy, 'storing'
passphrase in my head. And to still it from here would be quite different
task than hack Linux station :)

> So IMHO, you are looking for extra work with no substantial gain in
> security.

Anyway, I give up on idea of using non empty passphrases for now :)

> Karl

Regards,
Piotr

--

-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null

Previous message: dependent services
Next message: Rép. : [Nagios-users] dependent services
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Users mailing list