check_by_ssh

David Olbersen DOlbersen at stbernard.com
Tue Jan 20 19:57:52 CET 2004


Paul L. Allen wrote:

> Brian Hendrix writes:
> 
> > I've been testing by "su - nagios" and not logging in directly.
> 
> When you finally get around to using the -i option with check_by_ssh
> (which is needed) you'll find it still won't work unless you were smart
> enough to tell ssh to stick the remote host key into nagios's list of
> known hosts instead of the real user prior to su.  If you don't know how,
> login as nagios and ssh to the remote box.

-i is not required if you stick to standard key file names. I swear. I have it working right now, sans -i :)

You only need -i if you're going to have one key file per check. I considered that but decided it was too much work. It's mildly more secure -- the nagios user is already unprivileged and nagios' SSH key is restricted by source IP.

Note: You should probably SSH to the machine by IP when trying to add the host key to the list of known hosts -- that's how Nagios does it by default. At least, that's how my installation does it.

-- 
David Olbersen
iGuard Engineer
St. Bernard Software
15015 Avenue of Sciences
San Diego, CA 92127
x2152


-------------------------------------------------------
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null





More information about the Users mailing list