Setting up check_by_ssh


#1

I guess check_by_ssh does not support username password?

So how do I set it up using certificates ?

Would anyone be so kind to explain how to create certificates and use them with the plug-in … in layman


#2

It does need a username, but the password is bypassed by using a key.
This plugin uses SSH to execute commands on a remote host
Usage: check_by_ssh -f46] -t timeout] -i identity] -l user] -H -C
-n name] -s servicelist] -O outputfile] -p port]

The example given is this:
././check_by_ssh -H localhost -n lh -s c1:c2:c3 -C uptime -C uptime -C uptime -O /tmp/foo
you are then prompted, if this is the first time, for a yes/no to accept. Also, if you have not setup “authorized_hosts” then you are prompted for a password.

So that we don’t get a password prompt, we must run:
ssh-keygen on the nagios central server machine.
This will generate a ~/.ssh/id_dsa file and a ~/.ssh/id_dsa.pub file.
Also remember, that we are going to be using some username such as nagios to do this, so of course, su to nagios first( su - nagios).
su - nagios
ssh-keygen -t dsa
Now that the 2 files are created, you will now copy/paste the contents of the file ~/.ssh/id_dsa.pub (~ means users home directory, in this case /home/nagios). Give this .pub file to any machine that you would like be able to ssh connect to without using a password (but they will need to have username nagios) Keep the id_dsa ultra secret, since that is the file you don’t want people to have. See the man pages for ssh-keygen for more info on this.

Now, take the contents of id_dsa.pub from nagios server and paste the contents in a file /home/nagios/.ssh/authorized_keys on the remote machine. So think of it this way. You run ssh-keygen on your home pc and give the id_dsa.pub file to everyone on the internet that you know. It’s up to me, as a user to decide if I want you to connect to my pc with ssh or not, without using a password (only your key). I might or might not do it.
In this case, your remote machine will of course want this, so go ahead and paste the contects in /home/nagios/.ssh/authorized_keys on that remote machine.

Now, a user from the nagios server can ssh to that remote host, by
su - nagios
and then
ssh remotemachine
No password, no prompt, nuttin.

Now run your check_command again like this.
./check_by_ssh -H remotemachine -l nagios -n lh -s c1:c2:c3 -C uptime -C uptime -C uptime -O /tmp/foo