Monitoring throught ssh tunnel

[gwyng]

Hi,
I need to monitor some of the servers via ssh so I used check_by_ssh plugin, however this plugin creates new ssh connection everytime, which creates decent amount of logs. I would like to create a tunnel so i could execute commands without creating new connection every time. Is there such possibility?
Thank you.

[dwasswa]

Hi @gwyng,

The reason why its creating a new ssh session every time is because you need to copy you ssh key on the remote host.

You'll need to configure SSH keys for the nagios user on your Nagios server before you can continue.
To do this, establish a terminal session to your Nagios server as root and issue the following commands:

Code: Select all

su nagios
ssh-keygen

Press ENTER (accepting defaults) when prompted for a filename and passphrase. Public and private SSH keys will be generated and saved in the following directory:

Code: Select all

/home/nagios/.ssh

Here is the example output from those commands:

You will need the contents of the public key file (which has a .pub extension) later. In the screenshot above it is the id_rsa.pub file. You will continue with the terminal session in the next step.

Before you can use the check_by_ssh plugin, you must install/configure the following on the remote Linux/Unix server you want to monitor:
•Create a nagios user
•Install Nagios plugins and/or monitoring scripts
•Install and configure the SSH daemon
It is assumed you have already completed those steps before proceeding.
For check_by_ssh to work you must now copy the public key file of the nagios user on the Nagios server to the authorized_keys file for the nagios user on the remote Linux/Unix server. Continuing with the terminal session from the previous step execute the following command:

Code: Select all

ssh-copy-id -i ~/.ssh/id_rsa.pub nagios@remoteip

You will be prompted to add the host to the list of new hosts, you need to type yes to proceed and then you will need to type the password for the nagios user.

The permissions on the authorized_keys files on the Linux/Unix server must be such that the file cannot be read or written to by anyone other than the nagios user, as shown below.

Code: Select all

[nagios@localhost .ssh]$ ls -al
total 24
drwx------ 2 nagios users 4096 Jul 16 09:44 .
drwx------ 3 nagios users 4096 Jul 16 09:43 ..
-rw------- 1 nagios users  410 Jul 16 09:44 authorized_keys
-rw------- 1 nagios users 1675 Jul 16 09:43 id_rsa
-rw-r--r-- 1 nagios users  410 Jul 16 09:43 id_rsa.pub

The ssh-copy-id command would have correctly set these permissions. If you copied the id_rsa.pub into the authorized_keys file using another method then you need to make sure the file permissions are correct.

Now to verify that you can login to the remote server without supplying a password. Continuing with the terminal session on the Nagios server execute the following command:

Code: Select all

ssh nagios@remoteip

If the SSH keys are configured properly you should be able to login to the remote machine without supplying credentials. Simply type exit to close the ssh session.

Also test the check_by_ssh plugin, run the following command:

Code: Select all

/usr/local/nagios/libexec/check_by_ssh -H remoteip -C uptime

If things are setup properly, you should get output from the "uptime" command on the remote server that looks
similar to the following:

Code: Select all

12:01:42 up 35 min, 1 user, load average: 0.00, 0.01, 0.05

The screenshot above shows both examples which demonstrates that passwordless authentication is
working.