check_by_ssh for new linxux users.. shed some light...

[Satish Kumar P]

On Tue, Jan 6, 2009 at 7:36 AM, Mirza Dedic <mirde at oppy.com> wrote:
> Hello,
>
> I have a Nagios system running (3.0.X) along with Nagios Plug-ins; while I
> am able to get Nagios to monitor all the things I need on a Win32 box (using
> NSClient++ & Check_NT); I am having difficulty getting check_by_ssh to work
> for me. I have previously never used check_by_ssh; I am also fairly new to the linux
> OS. My OS is Ubuntu and many of the servers I want to monitor are RHEL4 or
> Fedora.  I know that to get check_by_ssh to work, I need to create a private/public
> certificate on the client/server; anyone shed some light on how to create
> this?
>
>  Do I create the key on my Nagios box? Under the same user that was used when
> compiling Nagios? For the remote host (monitored linux server); what do I need to do? Create
> the same user-id? How do I apply the certificate from my Nagios Host to the
> monitored Host so that my shell scripts can connect to the Host B without a
> password prompt? Please if you could, shed some light for a beginner.
>
> Also, our environment is using Kerberos, all the servers use SSH/Kerberos,
> this way when users are created in Active Directory they are replicated
> across the linux servers (is this why I can't find authorized_keys file?)

The key based authentication works if you enable RSAAuthentication (or
equivalent) in your SSH server's configuration on Linux servers. I am
not really sure how things work out if you enable both Kerberos and
Key based authentication. But you could give it a try with one server.

You could create the private and public key pair using a command,
ssh-keygen (from a Linux machine) or puttygen (on windows). Next the
user account that runs Nagios should use the private and public key
pairs generated. You can create a new user account on the target Linux
server or use existing account also. Place the newly generated public
key in the ~<useraccount>/.ssh/authorized_keys file on the target
Linux server,

Then you could verify the setup by trying a SSH session from the
Nagios server to the target Linux server. If you are not being asked
for a password etc. and if you get the remote shell immediately, the
setup should be proper. Then you can configure a new command
definition by specifying the login identity etc. for check_by_ssh
command.

If you do not to get into the hassles of these things, I would suggest
to try out check_ssh plugin to check the sanity of SSH daemons running
on Linux servers. HTH.

------------------------------------------------------------------------------
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null