check_by_ssh: permission denied


#1

hello everybody,
i want to use check_by_ssh to monitor some services in a unix machine.
i have as an error message : permission denied.
this is due certainely to the fact that i don’t have permission to log to the remote server as a passwd is needed.
but the problem is that even if i have generated the key by ssh-keygen it does not work.
i did exactly what it should be done to generate that key both in the nagios machine and in the remote host where it is placed in /home/nagios/.ssh/authorized_keys2. And i gave an empty passphrase.
but each time that i want to log with : ssh 144.145.0.219 -i /home/nagios/.ssh/id_dsa.pub, i’m asked to enter the password!!

i had also change the following options in /etc/ssh/sshd_config:
TCPKeepAlive yes
ClientAliveInterval 30
ClientAliveCountMax 3
PermitRootLogin yes
AuthorizedKeysFile .ssh/authorized_keys2
RSAAuthentication no
PubkeyAuthentication yes

are there some more options to change in that file?

thanks a lot!


#2

did you create the keys for the authentication as the nagios user?

try as a user different than root.
and in some cases i had to find some workarounds as i could not in any way make two servers use ssh authentication (scripts using scp)

Luca
Edited Tue Aug 09 2005, 07:05AM ]


#3

[quote=“asmaeber”]…
i did exactly what it should be done to generate that key both in the nagios machine and in the remote host where it is placed in /home/nagios/.ssh/authorized_keys2. And i gave an empty passphrase.
but each time that i want to log with : ssh 144.145.0.219 -i /home/nagios/.ssh/id_dsa.pub, i’m asked to enter the password!!

[/quote]

First off, you don’t generate a key on both machines. So that tells me you are unclear on how to do it correctly.

If you want to connect to some remote host, from your local nagios server using ssh, with no password then:

  1. On the local nagios host, create a user nagios.
  2. login as that user on the local host.
  3. run ssh-keygen as that user
  4. in the ~/.ssh/ folder give the file id_dsa.pub to any host that you want to be able to connect to without using a password. In other words, you could give this file to everyone on the internet, and it’s up to them to either allow you to connect as a certain user with no password or not.
  5. On the remote nagios box, login as user nagios.
  6. create a file ~/.ssh/authorized_keys and paste the info from the .pub file into it.
  7. On the local nagios box, ssh -l nagios remoteip and it should let you in with no password.

#4

thanks a lot for the input…
i’ve done exactly what u said, but it’s still not work.

should i change something in /etc/ssh/sshd_config?
many many thanks!


#5

It may be authorized_keys2, put the id_dsa.pub in there also, it won’t hurt.
Well my sshd_config does look a bit different.
Try this:
RhostsAuthentication no
RSAAuthentication yes Yours says no, which I think is wrong.
ChallengeResponseAuthentication no
IgnoreRhosts yes

Dont forget to restart sshd