BOX293 Plugin ssh error

[sannatar]

Hi,
I am trying to use the Box293 plugin for vcenter Monitoring.
When I add VMA server in portal, during the Perform VMA Host Test--->
Getting the test results as "The vMA host xxxxx is NOT in the known_hosts file.

Please refer to the box293_check_vmware manual on how to configure this Nagios host to communicate with the vMA host. "

I am also posting some of the commands executed easy for troubleshooting. I followed the instruction as per the manual. Please let me know is there anything missing.

--------------------As a root user,
[root@xxxxx var]# ssh vi-admin@xxxxx
Welcome to vSphere Management Assistant
vi-admin@xxxxx's password:

You have new mail in /var/spool/mail/root
-----------------------As a nagios user,
[root@xxxxx var]# su nagios
[nagios@xxxxx var]$ /usr/local/nagios/libexec/check_by_ssh -E 1 -l vi-admin -H xxxxx -C '~/box293_check_vmware.pl --server xxxxx --check vCenter_Name_Version'
CRITICAL - Plugin timed out after 10 seconds
--------------------Entering vma server
[nagios@xxxxx var]$ ssh [email protected]
Welcome to vSphere Management Assistant
Last login: Wed Mar 16 15:20:56 CET 2016 from xxxxx.com on ssh
Last failed login: Wed Mar 16 15:27:11 CET 2016 from xxxxx.com on ssh:notty
There were 2 failed login attempts since the last successful login.
Last login: Wed Mar 16 15:28:17 2016 from xxxxx.rwe.com
vi-admin@xxxxx:~> ./box293_check_vmware.pl --server xxxxx --check vCenter_Name_Version
Enter username: readonly
OK: VMware vCenter Server 5.5.0 build-2001466

[nagios@xxxxx .ssh]$ ls -ltr
total 8
-rw-r-xr--+ 1 root root 442 Mar 16 11:59 known_hosts
-rw-r-x---+ 1 root root 668 Mar 16 11:59 id_dsa

Thanks

[rkennedy]

[nagios@hostname]$ ls -ltr
total 8
-rw-r-xr--+ 1 root root 442 Mar 16 11:59 known_hosts
-rw-r-x---+ 1 root root 668 Mar 16 11:59 id_dsa

Which .ssh folder were you in at this time? pwd

I believe the permissions are off on this folder (depending where it is), see this post - https://support.nagios.com/forum/viewto ... 14#p123270

[bsivavani]

.ssh is under directory /var/www/. We have followed the same topic "https://support.nagios.com/forum/viewto ... 14#p123270", but still it is throwing SSH connection not established.

[rkennedy]

Did you adjust the permissions of your .ssh folder? Can you post a result of what the permissions are now?

[sannatar]

No. I haven't adjusted any permission.

[nagios@xxxxx libexec]$ cd /var/www/.ssh/
[nagios@xxxxx .ssh]$ ls -ltr
total 8
-rw-r-xr--+ 1 root root 442 Mar 16 14:19 known_hosts
-rw-r-x---+ 1 root root 668 Mar 16 14:19 id_dsa

[rkennedy]

Please update the permissions on the .ssh folder as directed by @Box293 -

Code: Select all

setfacl -R -m u:apache:r-x /var/www/.ssh/

[sannatar]

I have done this already. Again I ran the same command.

[root@xxxxx var]# setfacl -R -m u:apache:r-x /var/www/.ssh/
[root@xxxxx var]# cd /var/www/.ssh/
[root@xxxxx .ssh]# ls -ltr
total 8
-rw-r-xr--+ 1 root root 442 Mar 16 14:19 known_hosts
-rw-r-x---+ 1 root root 668 Mar 16 14:19 id_dsa

the same error: [root@xxxxx .ssh]# /usr/local/nagios/libexec/check_by_ssh -E 1 -l vi-admin -H xxxxx -C '~/box293_check_vmware.pl --server xxxxx --check vCenter_Name_Version'
vi-admin@xxxxx's password:

[rkennedy]

What is the result from the Nagios interface? Is the check working as expected?

[Box293]

--------------------Entering vma server
[nagios@hostname var]$ ssh [email protected]
Welcome to vSphere Management Assistant
Last login: Wed Mar 16 15:20:56 CET 2016 from s930l3092.rwe.com on ssh
Last failed login: Wed Mar 16 15:27:11 CET 2016 from s930l3092.rwe.com on ssh:notty
There were 2 failed login attempts since the last successful login.
Last login: Wed Mar 16 15:28:17 2016 from s930l3092.rwe.com
vi-admin@hostname :~> ./box293_check_vmware.pl --server xxxxx --check vCenter_Name_Version
Enter username: readonly
OK: VMware vCenter Server 5.5.0 build-2001466

See here how it is prompting you for as username, this is the cause of the issue.

Page 27 of the manual explains what is going on and how to fix it.

[sannatar]

I have added the vcenter cred in crdstore.

vi-admin@s93tv5022:~> /usr/lib/vmware-vcli/apps/general/credstore_admin.pl add --server 10.87.178.100 --username "GROUP\ui577720" --password "test"
Existing entry modified successfully.
vi-admin@s93tv5022:~> /usr/lib/vmware-vcli/apps/general/credstore_admin.pl list
Server User Name
10.87.178.100 GROUP\ui577720

vi-admin@s93tv5022:~> ./box293_check_vmware.pl --server 10.87.178.100 --check vCenter_Name_Version
OK: VMware vCenter Server 5.5.0 build-2001466

Now it doesn't ask for username, I have only one entry in the credstore. But still I get the error in the portal when testing the ssh configuration for vMA server. Could you please help to resolve this error.

THANKS.