how can monitor with check_by_ssh
Code: Select all
/usr/local/nagios/libexec/check_by_ssh -H 10.10.10.10 -C '/usr/local/nagios/libexec/check_uptime'
Remote command execution failed: Unauthorized access is prohibited.
run command with nagios user on nagios serverdwhitfield wrote:Are you running the command as root or as the nagios user?
Did you use the relevant parts of https://assets.nagios.com/downloads/nag ... ng_SSH.pdf to set this up?
Code: Select all
/usr/local/nagios/libexec/check_by_ssh -H 10.4.1.97 -C '/usr/local/nagios/libexec/check_uptime'
Remote command execution failed: Unauthorized access is prohibited.
dwhitfield wrote:On the remote server, what's the output of ls -la /usr/local/nagios/libexec/?
Code: Select all
total 6448
drwxrwxr-x. 2 nagios nagios 4096 Nov 29 18:45 .
drwxr-xr-x. 8 nagios nagios 4096 Nov 18 01:27 ..
-rwxr-xr-x. 1 nagios nagios 109380 Nov 21 19:23 check_apt
-rwxr-xr-x. 1 nagios nagios 2309 Nov 21 19:23 check_breeze
-rwxr-xr-x. 1 nagios nagios 112798 Nov 21 19:23 check_by_ssh
-rwxr-xr-x. 1 nagios nagios 14514 Nov 21 19:23 check_cciss-1.12
-rwxr-xr-x. 1 nagios nagios 150011 Nov 21 19:23 check_clamd
-rwxr-xr-x. 1 nagios nagios 89647 Nov 21 19:23 check_cluster
-rwxr-xr-x. 1 nagios nagios 349 Nov 21 19:23 check_cpu
-rwxr-xr-x. 1 nagios nagios 9450 Nov 21 19:23 check_daytime.pl
-rwxr-xr-x. 1 nagios nagios 114794 Nov 21 19:23 check_dhcp
-rwxr-xr-x. 1 nagios nagios 109660 Nov 21 19:23 check_dig
-rwxr-xr-x. 1 nagios nagios 132189 Nov 21 19:23 check_disk
-rwxr-xr-x. 1 nagios nagios 12981 Nov 21 19:23 check_disk.pl
-rwxr-xr-x. 1 nagios nagios 9348 Nov 21 19:23 check_disk_smb
-rwxr-xr-x. 1 nagios nagios 120155 Nov 21 19:23 check_dns
-rwxr-xr-x. 1 nagios nagios 58744 Nov 21 19:23 check_dummy
-rwxr-xr-x. 1 nagios nagios 3542 Nov 21 19:23 check_file_age
-rwxr-xr-x. 1 nagios nagios 6375 Nov 21 19:23 check_flexlm
-rwxr-xr-x. 1 nagios nagios 150011 Nov 21 19:23 check_ftp
-rwxr-xr-x. 1 nagios nagios 231033 Nov 21 19:23 check_http
-rwxr-xr-x. 1 nagios nagios 118453 Nov 21 19:23 check_icmp
-rwxr-xr-x. 1 nagios nagios 94055 Nov 21 19:23 check_ide_smart
-rwxr-xr-x. 1 nagios nagios 15238 Nov 21 19:23 check_ifoperstatus
-rwxr-xr-x. 1 nagios nagios 13386 Nov 21 19:23 check_ifstatus
-rwxr-xr-x. 1 nagios nagios 150011 Nov 21 19:23 check_imap
-rwxr-xr-x. 1 nagios nagios 6947 Nov 21 19:23 check_ircd
-rwxr-xr-x. 1 nagios nagios 150011 Nov 21 19:23 check_jabber
-rwxr-xr-x. 1 nagios nagios 103711 Nov 21 19:23 check_ldap
-rwxr-xr-x. 1 nagios nagios 103711 Nov 21 19:23 check_ldaps
-rwxr-xr-x. 1 nagios nagios 5064 Nov 21 19:23 check_listen_tcp_udp.sh
-rwxr-xr-x. 1 nagios nagios 98727 Nov 21 19:23 check_load
-rwxr-xr-x. 1 nagios nagios 6595 Nov 21 19:23 check_log
-rwxr-xr-x. 1 nagios nagios 22730 Nov 21 19:23 check_mailq
-rwxr-xr-x. 1 nagios nagios 12103 Nov 21 19:23 check_mem.pl
-rwxr-xr-x. 1 nagios nagios 93767 Nov 21 19:23 check_mrtg
-rwxr-xr-x. 1 nagios nagios 93748 Nov 21 19:23 check_mrtgtraf
-rwxr-xr-x. 1 nagios nagios 945 Nov 21 19:23 check_my_hplog
-rwxr-xr-x. 1 nagios nagios 486 Nov 21 19:23 check_my_hwclock
-rwxr-xr-x. 1 nagios nagios 1130 Nov 21 19:23 check_my_ntp
-rwxr-xr-x. 1 nagios nagios 1266 Nov 21 19:23 check_my_perm
-rwxr-xr-x. 1 nagios nagios 986 Nov 21 19:23 check_my_raid
-rwxr-xr-x. 1 nagios nagios 198 Nov 21 19:23 check_my_runlevel
-rwxr-xr-x. 1 nagios nagios 98713 Nov 21 19:23 check_nagios
-rwxr-xr-x. 1 nagios nagios 150011 Nov 21 19:23 check_nntp
-rwxr-xr-x. 1 nagios nagios 150011 Nov 21 19:23 check_nntps
-rwxrwxr-x. 1 nagios nagios 125293 Nov 29 18:45 check_nrpe
-rwxr-xr-x. 1 nagios nagios 114720 Nov 21 19:23 check_nt
-rwxr-xr-x. 1 nagios nagios 115676 Nov 21 19:23 check_ntp
-rwxr-xr-x. 1 nagios nagios 112146 Nov 21 19:23 check_ntp_peer
-rwxr-xr-x. 1 nagios nagios 109094 Nov 21 19:23 check_ntp_time
-rwxr-xr-x. 1 nagios nagios 129047 Nov 21 19:23 check_nwstat
-rwxr-xr-x. 1 nagios nagios 8926 Nov 21 19:23 check_oracle
-rwxr-xr-x. 1 nagios nagios 103949 Nov 21 19:23 check_overcr
-rwxr-xr-x. 1 nagios nagios 118149 Nov 21 19:23 check_ping
-rwxr-xr-x. 1 nagios nagios 150011 Nov 21 19:23 check_pop
-rwxr-xr-x. 1 nagios nagios 119469 Nov 21 19:23 check_procs
-rwxr-xr-x. 1 nagios nagios 102685 Nov 21 19:23 check_real
-rwxr-xr-x. 1 nagios nagios 9642 Nov 21 19:23 check_rpc
-rwxr-xr-x. 1 nagios nagios 1465 Nov 21 19:23 check_sensors
-rwxr-xr-x. 1 nagios nagios 150011 Nov 21 19:23 check_simap
-rwxr-xr-x. 1 nagios nagios 166365 Nov 21 19:23 check_smtp
-rwxr-xr-x. 1 nagios nagios 516378 Nov 21 19:23 check_snmp
-rwxr-xr-x. 1 nagios nagios 150011 Nov 21 19:23 check_spop
-rwxr-xr-x. 1 nagios nagios 99275 Nov 21 19:23 check_ssh
-rwxr-xr-x. 1 nagios nagios 150011 Nov 21 19:23 check_ssmtp
-rwxr-xr-x. 1 nagios nagios 93399 Nov 21 19:23 check_swap
-rwxr-xr-x. 1 nagios nagios 150011 Nov 21 19:23 check_tcp
-rwxr-xr-x. 1 nagios nagios 100933 Nov 21 19:23 check_time
-rwxr-xr-x. 1 nagios nagios 150011 Nov 21 19:23 check_udp
-rwxr-xr-x. 1 nagios nagios 109713 Nov 21 19:23 check_ups
-rwxr-xr-x. 1 nagios nagios 89243 Nov 21 19:23 check_uptime
-rwxr-xr-x. 1 nagios nagios 87997 Nov 21 19:23 check_users
-rwxr-xr-x. 1 nagios nagios 2995 Nov 21 19:23 check_wave
-rwxr-xr-x. 1 nagios nagios 83511 Nov 21 19:23 negate
-rwxr-xr-x. 1 nagios nagios 81229 Nov 21 19:23 urlize
-rwxr-xr-x. 1 nagios nagios 1949 Nov 21 19:23 utils.pm
-rwxr-xr-x. 1 nagios nagios 2791 Nov 21 19:23 utils.sh
Code: Select all
ll -a /home/nagios
total 40
drwx------. 5 nagios nagios 4096 Dec 1 18:28 .
drwxr-xr-x. 5 root root 4096 Dec 1 18:25 ..
-rw-rw-r--. 1 nagios nagios 1981 Dec 1 21:06 .bash_history
-rw-r--r--. 1 nagios nagios 18 Dec 22 2015 .bash_logout
-rw-r--r--. 1 nagios nagios 176 Dec 22 2015 .bash_profile
-rw-r--r--. 1 nagios nagios 124 Dec 22 2015 .bashrc
drwxr-xr-x. 2 nagios nagios 4096 Jul 14 2010 .gnome2
drwxr-xr-x. 4 nagios nagios 4096 Nov 1 11:40 .mozilla
drwxr-xr-x. 2 nagios nagios 4096 Dec 1 21:05 .ssh
-rw-------. 1 nagios nagios 669 Dec 1 18:28 .viminfo
Code: Select all
ll -a /home/nagios/.ssh/
total 16
drwxr-xr-x. 2 nagios nagios 4096 Dec 1 21:05 .
drwx------. 5 nagios nagios 4096 Dec 1 18:28 ..
-rw-------. 1 nagios nagios 396 Dec 1 21:05 authorized_keys
-rw-r--r--. 1 nagios nagios 391 Dec 1 20:26 known_hosts
Code: Select all
define command{
command_name check_slash_free
command_line $USER1$/check_by_ssh -i /var/ssh/nagios-key -l nagios
-H $HOSTADDRESS$ -C '$USER1$/check_disk -w $\ARG1$ -c $ARG2$ -p
/'
}
dwhitfield wrote:Please post the complete command definition.
Something that looks like, but for your setup
Code: Select all
define command{ command_name check_slash_free command_line $USER1$/check_by_ssh -i /var/ssh/nagios-key -l nagios -H $HOSTADDRESS$ -C '$USER1$/check_disk -w $\ARG1$ -c $ARG2$ -p /' }
Code: Select all
define command{
command_name check_ssh_disk
command_line $USER1$/check_by_ssh -H $HOSTADDRESS$ -C '/usr/local/nagios/libexec/check_disk -w 20% -c 10%' -t 30
}
Code: Select all
[nagios@Nagios ~]$ /usr/local/nagios/libexec/check_by_ssh -H 10.10.10.10 -C '/usr/local/nagios/libexec/check_uptime'
Remote command execution failed: Unauthorized access is prohibited.
Code: Select all
[nagios@Nagios libexec]$ ssh nagios@10.10.10.10
Unauthorized access is prohibited.
Last login: Thu Dec 1 21:06:05 2016 from 10.0.4.73
Authorized uses only. All activity may be monitored and reported.
That doesn't look like an error to me, just a notice. Just to be sure nothing weird is going on though, can you post the contents of /etc/ssh/sshd_config? You can scrub as needed or PM me the file if you are concerned.baber wrote:even when i just ssh to remote server with nagios user this appear
i have sent httpd.conf filedwhitfield wrote:That doesn't look like an error to me, just a notice. Just to be sure nothing weird is going on though, can you post the contents of /etc/ssh/sshd_config? You can scrub as needed or PM me the file if you are concerned.baber wrote:even when i just ssh to remote server with nagios user this appear
If you choose to PM the file, please make sure you update this forum thread that you have done so, so that the thread pops back up on our dashboard.
Code: Select all
PermitRootLogin no
Code: Select all
# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.
# This sshd was compiled with PATH=/usr/local/bin:/bin:/usr/bin
# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options change a
# default value.
#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::
# Disable legacy (protocol version 1) support in the server for new
# installations. In future the default will change to require explicit
# activation of protocol 1
Protocol 2
# HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key
# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 1h
#ServerKeyBits 1024
# Logging
# obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH
SyslogFacility AUTHPRIV
#LogLevel INFO
# Authentication:
#LoginGraceTime 2m
PermitRootLogin no
#StrictModes yes
MaxAuthTries 4
#MaxSessions 10
#RSAAuthentication yes
#PubkeyAuthentication yes
#AuthorizedKeysFile .ssh/authorized_keys
#AuthorizedKeysCommand none
#AuthorizedKeysCommandRunAs nobody
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no
# similar for protocol version 2
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes
# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no
PasswordAuthentication yes
# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes
ChallengeResponseAuthentication no
# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no
#KerberosUseKuserok yes
# GSSAPI options
#GSSAPIAuthentication no
GSSAPIAuthentication yes
#GSSAPICleanupCredentials yes
GSSAPICleanupCredentials yes
#GSSAPIStrictAcceptorCheck yes
#GSSAPIKeyExchange no
# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication. Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
#UsePAM no
UsePAM yes
# Accept locale-related environment variables
AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
AcceptEnv XMODIFIERS
#AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
X11Forwarding no
#X11DisplayOffset 10
#X11UseLocalhost yes
#PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
#UsePrivilegeSeparation yes
#PermitUserEnvironment no
#Compression delayed
ClientAliveInterval 3000
ClientAliveCountMax 0
#ShowPatchLevel no
#UseDNS yes
#PidFile /var/run/sshd.pid
#MaxStartups 10:30:100
#PermitTunnel no
#ChrootDirectory none
# no default banner path
#Banner none
# override default of no subsystems
Subsystem sftp /usr/libexec/openssh/sftp-server
# Example of overriding settings on a per-user basis
#Match User anoncvs
# X11Forwarding no
# AllowTcpForwarding no
# ForceCommand cvs server
# CIS Benchmarks
# CIS 6.2.12
Ciphers aes128-ctr,aes192-ctr,aes256-ctr
# CIS 6.2.14
Banner /etc/ssh/sshd_banner