check_by_ssh from a different username

[Morris, Patrick]

David Mitchell wrote:
> Hello list,
>
> I've got a situation where I can't create 'nagios' users on the 
> systems I need to monitor; I'm stuck with using a set of different 
> user names to monitor a range of systems.
>
> For the sake of the discussion, assume the account on the Nagios 
> server is 'nagios' and the account I've been given on the remote 
> server I need to monitor is 'monitoruser'.
>
> In trying to setup a check_by_ssh script, I'm at the point where I can 
> do either of these successfully
> - from the 'nagios' user on the Nagios server, I can run 
> /usr/lib/nagios/plugins/check_by_ssh -H REMOTEHOST -l monitoruser -C 
> "nagios-test-script'.  This runs fine, but I get prompted for 
> monitoruser's password on the remote system.  Obviously I can't enter 
> the password when this command is running from within Nagios
> - from a shell logged in as 'monitoruser' on the Nagios server, I can 
> run the identical command and I don't get prompted for the password; 
> everything works as I'd like, except that I need to be running the 
> command from the 'monitoruser' account on the Nagios server (and I 
> want to run the command from the 'nagios' user instead).  The fact 
> that this works without a password prompt tells me that I've got 
> monitoruser's ssh public key set up on REMOTEHOST
>
> If I'm logged in as 'nagios' and try to run 
> /usr/lib/nagios/plugins/check_by_ssh -H REMOTEHOST -i 
> /home/monitoruser/.ssh/id_dsa -C "nagios-test-script" -vvvv, I get 
> "warning: Identity file /home/monitoruser/.ssh/id_dsa not accessible: 
> Permission denied.", which is what I'd expect.  This fails because the 
> user 'nagios' can't access the ~/.ssh/id_dsa file of monitoruser; this 
> is correct behaviour from a security perspective.
>
> How can I use check_by_ssh to monitor remote servers, when the 
> username on the remote box is different from the Nagios user name?

Install the private keys of the remote users on the Nagios machine under 
the nagios user.  You've already determined they work, so now copy them 
over.

------------------------------------------------------------------------------
Download Intel® Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null