check_by_ssh

[Robert Cole]

Well as you might notice from my message the keybased authentication is 
working well, no problem but I wasn't using sudo so I tried adding that 
line to my sudo config with no success. It still asks for a passphrase 
or password when I use check_by_ssh but if I "ssh remotecomputer" I go 
right in or if I scp so that seems to be working well but something 
about check_by_ssh isn't seeing the key exchange or something. I went 
ahead and generated an rsa key and tried that as well and still I can 
ssh or scp into the boxes passwordless but not with check_by_ssh

Any ideas?

James wrote:
> Robert Cole wrote:
>> I tried the multiple v's:
>>
>> nagios at ms1 ~ $ /usr/nagios/libexec/check_by_ssh -H remotecomputer -i 
>> -vvvv ~/.ssh/id_dsa -C "/usr/nagios/plugins/check_swap -w 50% -c 10%"
>> Enter passphrase for key '/home/nagios/.ssh/id_dsa':
>> nagios at ocmp0's password:
>>
>> Didn't give me anymore output but as I mentioned doing it via just 
>> ssh works:
>>
>> nagios at ms1 ~ $ ssh -i .ssh/id_dsa remotecomputer 
>> "/usr/nagios/plugins/check_swap -w 50% -c 10%"
>> SWAP OK - 100% free (1996 MB out of 1996 MB) |swap=1996MB;998;199;0;1996
>> nagios at ms1 ~ $
>>
>> -rw-r--r-- 1 nagios nagios  615 Jun  8 07:03 authorized_keys
>> -rw------- 1 nagios nagios  736 Jun  8 05:12 id_dsa
>> -rw-r--r-- 1 nagios nagios  614 Jun  8 05:12 id_dsa.pub
>> -rw-r--r-- 1 nagios nagios 1270 Jun 15 10:21 known_hosts
>>
>> and I did try doing /home/nagios/.ssh/id_dsa and it didn't make a 
>> difference. It looks like a problem with check_by_ssh itself doesn't it?
>>
> here's the exact procedure i use for check_by_ssh
>
> 1.  As root user on nagios server:
>     shell> sudo -u nagios ssh-keygen
>     create the rsa keys in /home/nagios/.ssh/id_rsa
>     make sure when prompted to put a password to user you leave it blank
>
> 2.  As root user on nagios server:
>     shell> sudo -u nagios ssh user at remotehost
>     This will give the remotehost the signature of the local nagios 
> user in the machine.
>
> 3.  As user on remote host:
>     shell> ssh-keygen
>     create the ssh keys in /home/user/.ssh/id_rsa
>     shell> touch /home/user/.ssh/authorized_keys2
>
> 4.  Copy identity key from nagios server to remote host:
>     From nagios server:
>     shell> scp /home/nagios/id_rsa.pub user at remotehost:/home/user/ 
> <mailto:remotecmd at remotehost:/home/remotecmd/>
>     From remote server:
>     shell> cat /home/user/id_rsa.pub >> /home/user/.ssh/authorized_keys2
>
> As root on remote server:
>     shell> visudo
>     Now enter the sudo line for user to the command you wish nagios to 
> run:
>     Example:
>     user       ALL = NOPASSWD: /usr/local/nagios/libexec/check_ping
>
> 5.  Make a new Nagios command:
>     /usr/local/nagios/libexec/check_by_ssh -H $HOSTADDRESS$ -l user -i 
> '/home/nagios/.ssh/id_rsa' -C 'path of nagios plugin on remote host'
>     Example:
>     /usr/local/nagios/libexec/check_by_ssh -H $HOSTADDRESS$ -l user -i 
> '/home/nagios/.ssh/id_rsa' -C \
>    '/usr/local/nagios/libexec/check_graph_uptime.pl -H $HOSTADDRESS$ 
> -C $ARG1$ -g -f -w -S $ARG2$ -c $ARG3$'
>
>

-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null