I think you'll likely need to start over and follow the documentation.
The command to switch to the nagios user is "su nagios"
If this doesn't allow you to log in, please post the error message you are receiving.
Check by SSH - Host Key Verification Failed.
Re: Check by SSH - Host Key Verification Failed.
Hi Brian,
Okay, I've managed to make the Key pair work on my Server2 server by changing the permissions on the nag_id_rsa file to nagios, restarted the nagios service then waited for a new minutes.. Then I wanted to redo my configuration but this time I wanted a new server, so I provisioned another server named "Server3" installed "nagios-plugins" package.
Then I exported the same public key I exported to Server2 (192.168.114.148) to Server3(192.168.114.149).
I can even see the /home/sheenlim08/.ssh/authorized_keys on Server3 contained a key similar to that from Server2
Public Key imported on Server2 (/home/sheenlim08/.ssh/authorized_keys)
NOTE: The first entry is from my ssh connection a Ubuntu Workstation.
Public Key imported on Server3(/home/sheenlim08/.ssh/authorized_keys)
Original Public Key from Server1 (/etc/nagios3/nag_id_rsa.pub)
But alas, I getting that UNKNOWN error message again for the new server.
Server2 Monitoring Configuration File (/etc/nagios3/conf.d/itfellas-ph-cdo-server2.cfg)
Server3 Monitoring Configuration File (/etc/nagios3/conf.d/itfellas-ph-cdo-server3.cfg)
Below is the Custom SSH Commands I created (/etc/nagios-plugins/config/ssh_custom_check.cfg)
NOTE: You might want to open the image above on a diffent tab, image width here in the post is not showing the entire width.
As you can see both servers refers to the same custom command, and both servers have the same public key imported from Server1 (Nagios), all 3 servers have sheenlim08 account. But only checks to Server2 is showing good result, Why is this happening? I already restarted the SSH and Nagios Service on Server1.
Heres the kicker, I can do manual checks to both servers.
Okay, I've managed to make the Key pair work on my Server2 server by changing the permissions on the nag_id_rsa file to nagios, restarted the nagios service then waited for a new minutes.. Then I wanted to redo my configuration but this time I wanted a new server, so I provisioned another server named "Server3" installed "nagios-plugins" package.
Then I exported the same public key I exported to Server2 (192.168.114.148) to Server3(192.168.114.149).
I can even see the /home/sheenlim08/.ssh/authorized_keys on Server3 contained a key similar to that from Server2
Public Key imported on Server2 (/home/sheenlim08/.ssh/authorized_keys)
NOTE: The first entry is from my ssh connection a Ubuntu Workstation.
Public Key imported on Server3(/home/sheenlim08/.ssh/authorized_keys)
Original Public Key from Server1 (/etc/nagios3/nag_id_rsa.pub)
But alas, I getting that UNKNOWN error message again for the new server.
Server2 Monitoring Configuration File (/etc/nagios3/conf.d/itfellas-ph-cdo-server2.cfg)
Server3 Monitoring Configuration File (/etc/nagios3/conf.d/itfellas-ph-cdo-server3.cfg)
Below is the Custom SSH Commands I created (/etc/nagios-plugins/config/ssh_custom_check.cfg)
NOTE: You might want to open the image above on a diffent tab, image width here in the post is not showing the entire width.
As you can see both servers refers to the same custom command, and both servers have the same public key imported from Server1 (Nagios), all 3 servers have sheenlim08 account. But only checks to Server2 is showing good result, Why is this happening? I already restarted the SSH and Nagios Service on Server1.
Heres the kicker, I can do manual checks to both servers.
Re: Check by SSH - Host Key Verification Failed.
@Everyone,
I finally figured out whats going on. I needed to ssh to the Target Server (Server to be monitored) from the nagios server using the nagios account.
I didn't realize that it was part of the solution when I was doing my troubleshooting on the first Server (Server2). SSHing to the Server using the nagios account will update the known_hosts file nagios account, now I don't know where this file is on the nagios account on Server1 (Nagios Server) because nagios account do not have a home directory. But you can clearly see the line in the image above saying "Warning: Permanently added '192.168.114.148' (ECDSA) to the list of known hosts".
So in summary, We need to SSH to the Target Server from the Monitoring Server in addition to Exporting the public key to the Target Server using the nagios account. This make sense because the nagios's account on Server has its own known_host file (Now, again I don't know where this file is on Server1) and it has to know what servers it connected to via SSH.
The only reason why I think the Test's are working with the before the command "sudo -u nagios ssh [email protected]" was issued was because, we exported the public key using the sheenlim08 account and that required a ssh connection first. so the sheenlim08 account's /home/sheenlim08/.ssh/known_hosts on Server1 already knows about the Server2. By the time we did our manual check, sheenlim08 on Server1 already has the appropriate information to execute the command remotely.
To prove my point I re-imaged all my 3 servers, installed nagios on Server1, Exported the keys, sshing to it using the nagios account (see screenshot above), then updating the nag_id_rsa file permission to nagios. Now I have a consistent experience when setting up check_by_ssh using nagios.
The document refered by Brian about switching user "su nagios" or "su - nagios" is not working, the system itself won't let me switch to that user, maybe in the older versions of Ubuntu maybe, but the one I'm using doesn't allow me to use to. I'm using Ubuntu 16. When i switch to nagios account, after providing the password it just return me back to the current user. I even tried switching to root first, then switching to nagios, still it does not allow me and return me to the root user.
So I hope everyone that is having this issue or someone that is beginning learn nagios will find this post helpful.
I finally figured out whats going on. I needed to ssh to the Target Server (Server to be monitored) from the nagios server using the nagios account.
I didn't realize that it was part of the solution when I was doing my troubleshooting on the first Server (Server2). SSHing to the Server using the nagios account will update the known_hosts file nagios account, now I don't know where this file is on the nagios account on Server1 (Nagios Server) because nagios account do not have a home directory. But you can clearly see the line in the image above saying "Warning: Permanently added '192.168.114.148' (ECDSA) to the list of known hosts".
So in summary, We need to SSH to the Target Server from the Monitoring Server in addition to Exporting the public key to the Target Server using the nagios account. This make sense because the nagios's account on Server has its own known_host file (Now, again I don't know where this file is on Server1) and it has to know what servers it connected to via SSH.
The only reason why I think the Test's are working with the before the command "sudo -u nagios ssh [email protected]" was issued was because, we exported the public key using the sheenlim08 account and that required a ssh connection first. so the sheenlim08 account's /home/sheenlim08/.ssh/known_hosts on Server1 already knows about the Server2. By the time we did our manual check, sheenlim08 on Server1 already has the appropriate information to execute the command remotely.
To prove my point I re-imaged all my 3 servers, installed nagios on Server1, Exported the keys, sshing to it using the nagios account (see screenshot above), then updating the nag_id_rsa file permission to nagios. Now I have a consistent experience when setting up check_by_ssh using nagios.
The document refered by Brian about switching user "su nagios" or "su - nagios" is not working, the system itself won't let me switch to that user, maybe in the older versions of Ubuntu maybe, but the one I'm using doesn't allow me to use to. I'm using Ubuntu 16. When i switch to nagios account, after providing the password it just return me back to the current user. I even tried switching to root first, then switching to nagios, still it does not allow me and return me to the root user.
So I hope everyone that is having this issue or someone that is beginning learn nagios will find this post helpful.
Re: Check by SSH - Host Key Verification Failed.
I have the same issue that current permissions don't allow nagios and nagiosadmin to sudo or have enough privledges to do what you need to do, that would be a linux thing and not Nagios, if you want to go down that path to work out how to fix (or ask your system admin).
Alternatively, I have root access so I simply login and elevate to root (su root) this gives me access to system files that I need to modify from time to time as well, then simply exit back to your normal user when done to continue working with Nagios.
If you don't have admin privledges (root or otherwise I suggest you discuss your issue with your sys admins that do have it...
- John
Alternatively, I have root access so I simply login and elevate to root (su root) this gives me access to system files that I need to modify from time to time as well, then simply exit back to your normal user when done to continue working with Nagios.
If you don't have admin privledges (root or otherwise I suggest you discuss your issue with your sys admins that do have it...
- John
-
bolson
Re: Check by SSH - Host Key Verification Failed.
I'm glad that it sounds like this has been resolved. May we close this topic?
Re: Check by SSH - Host Key Verification Failed.
You are absolutely correct, it is a OS level issue.johnnyh wrote:I have the same issue that current permissions don't allow nagios and nagiosadmin to sudo or have enough privledges to do what you need to do, that would be a linux thing and not Nagios, if you want to go down that path to work out how to fix (or ask your system admin).
Alternatively, I have root access so I simply login and elevate to root (su root) this gives me access to system files that I need to modify from time to time as well, then simply exit back to your normal user when done to continue working with Nagios.
If you don't have admin privledges (root or otherwise I suggest you discuss your issue with your sys admins that do have it...
- John
Re: Check by SSH - Host Key Verification Failed.
Sure thing...Thanks for all your help. You guys are amazing.bolson wrote:I'm glad that it sounds like this has been resolved. May we close this topic?
-
bolson
Re: Check by SSH - Host Key Verification Failed.
Closing topic as resolved.
Thank you for using the Nagios Support Forum.
And thanks sheen.lim for the kind words!
Thank you for using the Nagios Support Forum.
And thanks sheen.lim for the kind words!