check by ssh

Paul L. Allen pla at softflare.com
Mon Mar 22 00:34:45 CET 2004


Neil writes: 

> Is there a way for us to use check_by_ssh plugin where in we can supply 
> the username and password on the command line? 

Yes.  First you hack the open_ssh source to accept a password passed
as a parameter.  Open_ssh as it stands neither accepts a password as
a parameter nor permits the sort of trickery that you can do with
echo <password> | passwd -stdin.  In fact, open_ssh goes to some pain to
make sure there is no way of handing it the password from a shell script
short of hacking the open_ssh source. 

Once you've hacked the open_ssh source, you then hack the check_by_ssh
plugin to match.  Then you can pass the password to your hacked
check_by_ssh and any unprivileged user on your machine can see the
password by using ps axfwwwwwww (or moral equivalent on different flavours
of *nix). 

And then, each time open_ssh or check_by_ssh are upgraded, you have to
re-apply your patches because there's no way they'll ever be integrated
into the mainstream sources because what you want to do is a major
security hole. 

All of which seems a lot harder to me than just copying the public key
over and setting ownerships and permissions.  After all, you have to
get the plugins onto the target machine and build them, you have to
create a nagios user on the target machine and you have to create a
.ssh directory under ~nagios.  The amount of time you'd save by not having
to copy the public key over is trivial. 

Hint: you might want to think about building your own little tarball
that contains the plugin sources and the public key and creating a
little shell script that build the plugins, creates the nagios user,
moves the public key to the right place, sets ownerships and permissions,
etc.  If you want a clever shell script that can pick up correctly from
an aborted run then it gets rather complicated.  If you want a simple
shell script that will do the install on a clean machine and works 99%
of the time (if it goes wrong you have to tidy up after it) then it's
simple.  A lot simpler than hacking open_ssh and check_by_ssh.  A lot
more secure, too. 

-- 
Paul Allen
Softflare Support 



-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null





More information about the Users mailing list