check_by_ssh vs. ssh (when executed, have different environments)

John P. Rouillard rouilj at cs.umb.edu
Thu Oct 12 00:43:34 CEST 2006

Previous message: check_by_ssh vs. ssh (when executed, have different environments)
Next message: check_by_ssh vs. ssh (when executed, have different environments)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

In message <A7B0A9F02975A74A845FE85D0B95B8FA05371A07 at misex01.ena.com>,
"Marc Powell" writes:
>> On Behalf Of Bret Goodfellow
>> The user (nagios) is the id that is executing both ssh and check_by_ssh.
>> When these commands are run, the "environments" established for ssh and
>> check_by_ssh are different (why)?
>> 
>check_by_ssh does not initiate a full login shell when executing
>commands. In fact, it is a simple but intelligent wrapper for 'ssh
>user at host somecommand' so as such, the ssh command on the remote host is
>going to see only the environment variables available for a non-login
>process and those that ssh specifically sets. 'man ssh' and search for
>'ENVIRONMENT'. That section of the man page will detail the limited
>number of environment variables that ssh will set on it's own and how to
>add others via $HOME/.ssh/environment. check_by_ssh doesn't modify or
>limit the remote environment in any way. 

Also the envirnment passed to ssh when run under check_by_ssh is
sanitized as well to limited set of variables. You need to look at the
code to see how it sanitizes the environment to prevent security
issues. One of the things that this prevents is use of the ssh agent
to authenticate for check_by_ssh.

So what you need to do is write a shell wrapper that sets the varibles
you need for check_oracle and invoke the wrapper instead of
check_oracle directly.

				-- rouilj
John Rouillard
===========================================================================
My employers don't acknowledge my existence much less my opinions.

-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null

Previous message: check_by_ssh vs. ssh (when executed, have different environments)
Next message: check_by_ssh vs. ssh (when executed, have different environments)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Users mailing list