check_by_ssh question

Andreas Ericsson ae at op5.se
Wed Mar 24 00:06:47 CET 2004


check_ssh user at ssh-proxy-host -C "ssh user at ssh-target-host -C \"real 
command goes here\""
(yes, there's supposed to be two "'s at the end there).

Using this technique has the advantage of being simple and pretty 
straightforward, but the obvious disadvantage of need for public, 
passphraseless keys to exist just about everywhere (unless you manually 
want to run around and run ssh-agent on all machines).

If you get hacked someplace, you're network is dead and there's nothing 
you can do about it.

Arnold Cano wrote:
> Thanks for the response. Are you using check_by_ssh for indirect checks?
> I'm curious about the issues with remote networks and firewalls. For
> example, I'd like to setup check_by_ssh to tunnel into a machine that
> can in turn check_by_ssh the other machines in the network.
> 
> Can someone explain the following to me? It's a stub from the output of
> 'check_by_ssh -h'. Perhaps an example would help?
> 
> "If the remote SSH server tracks invocation agruments, the one remote
> program may be an agent that can execute additional commands as proxy
> 
> To use passive mode, provide multiple '-C' options, and provide
> all of -O, -s, and -n options (servicelist order must match '-C'
> options)"
> 
> Thanks,
> 
> Arnold
> 
> On Tue, 2004-03-23 at 15:52, Matt Pounsett wrote:
> 
>>On Tue, 23 Mar 2004, Arnold Cano wrote:
>>
>>
>>>allowing shell access? Cygwin perhaps? I realize the initial setup will
>>>require the public keys and null passphrase to be setup but that seems
>>>worth it for the security and ongoing maintenance. Am I missing
>>>anything? Is there a better way?
>>
>>I'm not using check_by_ssh for any windows servers, since the only things I
>>need to directly check on them are remotely-accessible services (smb and so
>>forth).. however, I am using check_by_ssh extensively with all of our unix
>>servers.  It seemed to me to be the best way to do things, since all methods
>>require *some* work on the client machines (installing check scripts, at a
>>minimum), and other methods (such as NRPE) don't provide the same level of
>>security.
> 
> 
> 
> 
> -------------------------------------------------------
> This SF.Net email is sponsored by: IBM Linux Tutorials
> Free Linux tutorial presented by Daniel Robbins, President and CEO of
> GenToo technologies. Learn everything from fundamentals to system
> administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
> _______________________________________________
> Nagios-users mailing list
> Nagios-users at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/nagios-users
> ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
> ::: Messages without supporting info will risk being sent to /dev/null
> 

-- 
Sourcerer / Andreas Ericsson
OP5 AB
+46 (0)733 709032
andreas.ericsson at op5.se


-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null





More information about the Users mailing list