Hi Team,
While validating communication between Nagios & VMA host from VMWare VMA setting manager GUI, we are able to ping the VMA host but ssh configuration test fails.
Also, We are able to establish passwordless ssh from NagiosXI (Nagios user) to VMA host (vi-admin).
Please find below for your reference,
• nagios@nagiosxi:[/var/www]: ls -la
total 24
drwxr-xr-x 6 root root 4096 Mar 15 07:19 .
drwxr-xr-x. 26 root root 4096 Aug 19 2018 ..
drwxr-xr-x 2 root root 4096 Mar 15 07:19 cgi-bin
drwxr-xr-x 3 root root 4096 Mar 15 07:19 html
drwxr-xr-x 2 root root 4096 Sep 27 2016 mrtg
drwxr-xr-x+ 2 root root 4096 Sep 4 12:35 .ssh
• nagios@nagiosxi:[/var/www]: ls -la .ssh/
total 20
drwxr-xr-x+ 2 root root 4096 Sep 4 12:35 .
drwxr-xr-x 6 root root 4096 Mar 15 07:19 ..
-rw-r-x---+ 1 root root 672 Sep 4 12:30 id_dsa
-rw-r--r-- 1 root root 620 Sep 4 12:35 id_dsa.pub
-rw-r-xr--+ 1 root root 2317 Sep 4 12:25 known_hosts
• Test Result for SSH Configuration
Test Results
There was an issue establishing an SSH session with the vMA host 101.120.124.127!
The output is as follows:
Host key verification failed.
Please refer to the box293_check_vmware manual on how to configure this Nagios host to communicate with the vMA host.
NOTE - Setup is done as per box293 manual and contents copied from /home/Nagios.ssh/ to /var/www/.ssh.
Best Regards,
BSanjay
Failing SSH Configuration Test from Nagios XI to VMA host
Re: Failing SSH Configuration Test from Nagios XI to VMA hos
Did you try ssh'ing to the VMWare host as the nagios user? It looks like you just need to confirm the host key fingerprint, or maybe you had confirmed it, and it has changed. Or maybe it wasn't able to save the finger print to the known_hosts file.
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
Be sure to check out our Knowledgebase for helpful articles and solutions!
Be sure to check out our Knowledgebase for helpful articles and solutions!
Re: Failing SSH Configuration Test from Nagios XI to VMA hos
Hi mbellerue,
Yes, we are able to do passwordless ssh from Nagios user to VMA. I just tried it again. Please find the screenshot below for your reference,
Best regards,
BSanjay
Yes, we are able to do passwordless ssh from Nagios user to VMA. I just tried it again. Please find the screenshot below for your reference,
Best regards,
BSanjay
You do not have the required permissions to view the files attached to this post.
Re: Failing SSH Configuration Test from Nagios XI to VMA hos
Thank you for double checking the ssh configuration.
Can you post the test that you're executing that is giving you the host key verification failed message?
Can you post the test that you're executing that is giving you the host key verification failed message?
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
Be sure to check out our Knowledgebase for helpful articles and solutions!
Be sure to check out our Knowledgebase for helpful articles and solutions!
Re: Failing SSH Configuration Test from Nagios XI to VMA hos
Hi Mbellereu,
We are checking it from Nagios XI -> Admin -> Manage Components -> VMWare VMA Settings Manager. We are setting up VCenter Monitoring and using VMA for checks to VCenter to reduce load on Nagios.
Also, please go through my first post and you will get all this details mentioned there. I am attaching few screenshots for your reference. Please let me know if any info required from my end.
Best Regards,
BSanjay
We are checking it from Nagios XI -> Admin -> Manage Components -> VMWare VMA Settings Manager. We are setting up VCenter Monitoring and using VMA for checks to VCenter to reduce load on Nagios.
Also, please go through my first post and you will get all this details mentioned there. I am attaching few screenshots for your reference. Please let me know if any info required from my end.
Best Regards,
BSanjay
You do not have the required permissions to view the files attached to this post.
Re: Failing SSH Configuration Test from Nagios XI to VMA hos
Alright, I'm looking at the code for the plugin, and I think I may know what's going on. Can you copy the known_hosts from nagios' home directory to /var/www one more time?
My suspicion is that the known_hosts file got copied before the vMA's host key was added. So the nagios user already knows the vMA host key when you try to ssh from the command line, but when you try the test button, it's pointed at the known_hosts file that doesn't have the key.
Code: Select all
cp /home/nagios/.ssh/known_hosts /var/www/.ssh/known_hostsAs of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
Be sure to check out our Knowledgebase for helpful articles and solutions!
Be sure to check out our Knowledgebase for helpful articles and solutions!
Re: Failing SSH Configuration Test from Nagios XI to VMA hos
Hi Mbellerue,
We tried copying known_hosts and id_dsa to /var/ww/.ssh from /home/Nagios/.ssh but still same error message is coming.
Actually, we followed the below instruction,
Type mkdir /var/www/.ssh and press Enter
Type cp /home/nagios/.ssh/known_hosts /var/www/.ssh/ and press Enter
Type cp /home/nagios/.ssh/id_dsa /var/www/.ssh/ and press Enter
Type setfacl -R -m u:apache:r-x /var/www/.ssh/ and press Enter
Type exit and press Enter
Below attachment shows the content and permission on /var/www/.ssh,
Please have a look and let us know if you find anything missing here.
Best Regards,
BSanjay
We tried copying known_hosts and id_dsa to /var/ww/.ssh from /home/Nagios/.ssh but still same error message is coming.
Actually, we followed the below instruction,
Type mkdir /var/www/.ssh and press Enter
Type cp /home/nagios/.ssh/known_hosts /var/www/.ssh/ and press Enter
Type cp /home/nagios/.ssh/id_dsa /var/www/.ssh/ and press Enter
Type setfacl -R -m u:apache:r-x /var/www/.ssh/ and press Enter
Type exit and press Enter
Below attachment shows the content and permission on /var/www/.ssh,
Please have a look and let us know if you find anything missing here.
Best Regards,
BSanjay
You do not have the required permissions to view the files attached to this post.
Re: Failing SSH Configuration Test from Nagios XI to VMA hos
We need to verify that the host is in the /var/www/.ssh/known_hosts file. Let's try it like this.
Where <hostname-or-IP> is the exact hostname or IP for the vMA server as it appears in the Defined vMA Hosts page. Then run that same command against /home/nagios/.ssh/known_hosts, and see if you get the same result.
Code: Select all
ssh-keygen -H -f /var/www/.ssh/known_hosts -F <hostname-or-IP>As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
Be sure to check out our Knowledgebase for helpful articles and solutions!
Be sure to check out our Knowledgebase for helpful articles and solutions!
Re: Failing SSH Configuration Test from Nagios XI to VMA hos
Hi mbellerue,
We checked with command you shared and output is different for both cases. But when we check this both known_hosts files manually then content looks same. Please check PM for the screenshot.
We checked with command you shared and output is different for both cases. But when we check this both known_hosts files manually then content looks same. Please check PM for the screenshot.
Re: Failing SSH Configuration Test from Nagios XI to VMA hos
That is peculiar. If you copy the file from the nagios user's .ssh directory, and run the commands again, does it still give a different output? Something is definitely different here.
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
Be sure to check out our Knowledgebase for helpful articles and solutions!
Be sure to check out our Knowledgebase for helpful articles and solutions!