Page 3 of 4
Re: Web interface Error:Could not read object configuration
Posted: Wed Aug 14, 2013 3:33 pm
by zander_2
sreinhardt wrote:When you are doing this via cli, are you running as root or the nagios user? You very possibly need to do this as the nagios user, or accept the ssh key as the nagios user via a manual ssh over first. Otherwise the plugin will just fail. However the 255 out of bounds is still a bit strange.
Hm, well this is interesting. Yes, I was running it on root, and this is probably
a problem, if not
the problem. The weird thing is that when I do su - nagios on my nagios server and try to ssh to an account (I called it nagios, too) on the other machine, it prompts me for a password even though I don't have the account password protected. This would definitely be a block to Nagios when it tried to do it automatically. Now, the question is, why is it asking my for a password? I set up an RSA key and copied it to the authorized_keys file on the second machine and I'm pretty sure I did that properly.
Re: Web interface Error:Could not read object configuration
Posted: Wed Aug 14, 2013 3:40 pm
by abrist
Try logging in as root, and then su'ing over to the user nagios. root should be able to su to any user . . .
Re: Web interface Error:Could not read object configuration
Posted: Wed Aug 14, 2013 4:06 pm
by zander_2
abrist wrote:Try logging in as root, and then su'ing over to the user nagios. root should be able to su to any user . . .
I can su to nagios, but after that when I'm trying to ssh an un-passworded account on another machine, it asks me for a password anyway. That's what I don't get; I can access the nagios account on the server just fine.
Re: Web interface Error:Could not read object configuration
Posted: Thu Aug 15, 2013 9:47 am
by lmiltchev
I am now sure what is causing that, but I would recommend re-generating the keys:
On the nagios server, run:
Press "Enter" and accept defaults (don't enter a password). Public and private SSH keys will be generated and saved in: "/home/nagios/.ssh".
On the remote box, run:
Press "Enter" and accept defaults (don't enter a password).
Go back to the nagios server, and copy the
public key of the nagios user on the nagios server to the
authorized_keys for the nagios user on the remote box.
Make sure, the permissions are correct - you should have something like this:
Code: Select all
[nagios@localhost .ssh]$ ls -al
total 24
drwx------ 2 nagios users 4096 Jul 16 09:44 .
drwx------ 3 nagios users 4096 Jul 16 09:43 ..
-rw------- 1 nagios users 410 Jul 16 09:44 authorized_keys
-rw------- 1 nagios users 1675 Jul 16 09:43 id_rsa
-rw-r--r-- 1 nagios users 410 Jul 16 09:43 id_rsa.pub
Verify that you can login to the remote server without supplying a password by suing the following commands on the nagios server:
where you replace <remote_IP> with the IP addres of the remote linux server.
After you verified you could log in without password, try running your check again.
Re: Web interface Error:Could not read object configuration
Posted: Mon Aug 19, 2013 1:17 pm
by zander_2
Nope, will not connect. It just keeps asking for a password, even though the nagios account doesn't even have a password. I set up a working SSH between two other VMs just the other day, so I don't know why it's acting any differently here. That's definitely the problem.
Re: Web interface Error:Could not read object configuration
Posted: Mon Aug 19, 2013 2:06 pm
by abrist
If it is asking for your password, the keys are probably not in the right place.
What is the output of:
Run this on both the nagios server and remote host.
Re: Web interface Error:Could not read object configuration
Posted: Mon Aug 19, 2013 2:11 pm
by zander_2
abrist wrote:If it is asking for your password, the keys are probably not in the right place.
What is the output of:
Run this on both the nagios server and remote host.
On the server, it's:
Code: Select all
drwx------ 2 nagios nagios 4096 Aug 19 14:13 .
drwx------ 3 nagios nagios 4096 Aug 19 14:04 ..
-rw------- 1 nagios nagios 1675 Aug 19 14:11 id_rsa
-rw-r--r-- 1 nagios nagios 414 Aug 19 14:11 id_rsa.pub
-rw-r--r-- 1 nagios nagios 409 Aug 19 14:08 known_hosts
And on the remote host, it's:
Code: Select all
drwxrwxr-x 2 nagios nagios 4096 Aug 19 10:12 .
drwx------ 3 nagios nagios 4096 Aug 19 10:09 ..
-rw-rw-r-- 1 nagios nagios 415 Aug 19 10:12 authorized_keys
-rw------- 1 nagios nagios 1675 Aug 19 10:11 id_rsa
-rw-r--r-- 1 nagios nagios 415 Aug 19 10:11 id_rsa.pub
I noticed in your last post you had an authorized_keys file in the .ssh folder of the server, which I don't think is necessary. However, I'm not so sure about the lack of a known_hosts file on the remote host. Not sure what's up with the really lax permissions on .ssh folder on the remote host, but again, I don't think that matters. I can remove the excess if you like.
Re: Web interface Error:Could not read object configuration
Posted: Mon Aug 19, 2013 3:10 pm
by abrist
What is in the "authorized_keys" directory on the remote host?
Code: Select all
ls -la /home/nagios/.ssh/authorized_keys
Do you have any restrictions setup on the "nagios" account on the remote system?
Re: Web interface Error:Could not read object configuration
Posted: Mon Aug 19, 2013 3:11 pm
by lmiltchev
Are you sure that you copied the public key of the nagios user on the nagios server to the authorized_keys for the nagios user on the remote box?
Open both files in a text editor:
on the nagios server: /home/nagios/.ssh/id_rsa.pub
on the remote box: /home/nagios/.ssh/authorized_keys
and compare them. They should be identical.
Re: Web interface Error:Could not read object configuration
Posted: Mon Aug 19, 2013 3:23 pm
by zander_2
abrist wrote:What is in the "authorized_keys" directory on the remote host?
Code: Select all
ls -la /home/nagios/.ssh/authorized_keys
It's not a directory, it's a file containing the server's public key. It reads:
Code: Select all
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA8PkNpfoe+QXEuD4MEt/pS7Jri4e5sYjwUDmCAIIioaPj7mACS/MhD3EAQ3l01qOaBjvE1cubZOzDDmYnvlAGmeqtPynZSCITUykQcaT9xPXTei3Lk9QOnW5On+v5/UhoMjGiV+q65sPVOLCpT/Rj/RkL+cau+tAnRE1MMWpyME/0EZM3w0+MCV7zB5lOiRdb5VLKcCHlzUZ5mU+aXH4nyeM3tOgvWvz+dZmGo3ki7SAMf599Ypmea6lWLPl3XKvSZGLAowzmDhXrRtpf2u9SC3hpRbbujTzSjLORj3Rr4mGnAvuyUQK81/iI20HqH/RMTKuiK0O2168yOHuyJ05hTQ== nagios@nagiostest03.*censoreddomainname*.com
(censored the end of the domain because I'd rather not have people knowing where I work...)
It's the same text as the id_rsa.pub file on the server, which also answers lmiltchev's question. Yes, they are indeed identical.