Giving check_by_ssh a password

Andy Harrison aharrison at gmail.com
Fri Jun 18 17:11:04 CEST 2004


On Thu, 17 Jun 2004 14:20:47 -0500, Misao <misaochankun at speakeasy.net> wrote:
> 
> The default behavior of check_by_ssh is to use host keys to log in to an
> account and run the command you ask it to.
> This has worked fine except for one unix box. It refuses to accept the key
> in any way that we have tried, so I want to know if I can just tell
> check_by_ssh to use a password when it asks for it, or do I have to resort
> to some other method of checking this box?
> 

See if you can ascertain the reason for it not working.  

Examine the sshd_config on the host that won't allow it.

Plus, from your nagios server, in a shell logged in as the nagios
user, use ssh -v to try to see if you get any obvious errors.

(nagios.host) # ssh -v remotehostname

you should see something like this.... (allowing for the falsified info...):

[nagios] (server1) > ssh -v  server1
OpenSSH_3.xpx FreeBSD-xxxxxxxxx, SSH protocols 1.5/2.0, OpenSSL 0x0fffffff
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Rhosts Authentication disabled, originating port will not be trusted.
debug1: ssh_connect: needpriv 0
debug1: Connecting to server1 [xxx.xxx.xxx.xxx] port 22.
debug1: Connection established.
debug1: identity file /usr/local/var/nagios/.ssh/identity type -1
debug1: identity file /usr/local/var/nagios/.ssh/id_rsa type 1
debug1: identity file /usr/local/var/nagios/.ssh/id_dsa type -1
debug1: Remote protocol version x.xx, remote software version
OpenSSH_3.xpx FreeBSD-xxxxxxxxx
debug1: match: OpenSSH_3.xpx FreeBSD-xxxxxxxx pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.xpx FreeBSD-xxxxxxxx
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: dh_gen_key: priv key bits set: 135/256
debug1: bits set: 1623/3191
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'server1' is known and matches the DSA host key.
debug1: Found key in /usr/local/var/nagios/.ssh/known_hosts:7
debug1: bits set: 1599/3191
debug1: ssh_dss_verify: signature correct
debug1: kex_derive_keys
debug1: newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: waiting for SSH2_MSG_NEWKEYS
debug1: newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: done: ssh_kex2.
debug1: send SSH2_MSG_SERVICE_REQUEST
debug1: service_accept: ssh-userauth
debug1: got SSH2_MSG_SERVICE_ACCEPT
debug1: authentications that can continue: publickey,keyboard-interactive
debug1: next auth method to try is publickey
debug1: try privkey: /usr/local/var/nagios/.ssh/identity
debug1: try pubkey: /usr/local/var/nagios/.ssh/id_rsa
debug1: input_userauth_pk_ok: pkalg ssh-rsa blen 149 lastkey 0xxxxxxxxx hint 1
debug1: read PEM private key done: type RSA
debug1: ssh-userauth2 successful: method publickey
debug1: channel 0: new [client-session]
debug1: send channel open 0
debug1: Entering interactive session.
debug1: ssh_session2_setup: id 0
debug1: channel request 0: pty-req
debug1: channel request 0: shell
debug1: fd 3 setting TCP_NODELAY
debug1: channel 0: open confirm rwindow 0 rmax 32768

And on the remote host I have:
> grep '^[^#]' /etc/ssh/sshd_config
Port 22
HostKey /etc/ssh/ssh_host_key
HostKey /etc/ssh/ssh_host_dsa_key
HostKey /etc/ssh/ssh_host_rsa_key
KeyRegenerationInterval 3600
ServerKeyBits 768
SyslogFacility AUTH
LogLevel INFO
LoginGraceTime 120
PermitRootLogin no
StrictModes yes
RSAAuthentication yes
RhostsAuthentication no
IgnoreRhosts yes
RhostsRSAAuthentication no
HostbasedAuthentication no
PasswordAuthentication no
PermitEmptyPasswords no
PrintMotd yes
KeepAlive yes
UsePrivilegeSeparation yes
MaxStartups 10:30:60
VerifyReverseMapping yes
Subsystem       sftp    /usr/libexec/sftp-server

> cat .ssh/authorized_keys2 
ssh-rsa #########long key string######### nagios at server1

-- 
Andy Harrison


-------------------------------------------------------
This SF.Net email is sponsored by The 2004 JavaOne(SM) Conference
Learn from the experts at JavaOne(SM), Sun's Worldwide Java Developer
Conference, June 28 - July 1 at the Moscone Center in San Francisco, CA
REGISTER AND SAVE! http://java.sun.com/javaone/sf Priority Code NWMGYKND
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null





More information about the Users mailing list