Page 1 of 1
check_by_ssh with alternate username ?
Posted: Tue Mar 11, 2014 6:45 am
by stn021
Hi,
this is about checking a QNAP TS-669 pro, a NAS system with linux-OS with Nagios XI.
It would be best IMHO to use ssh to check the NAS.
Nagios XI has a config-wizard for this.
Unfortunately the NAS will not allow any user other than 'admin' to log in by ssh.
And nagios seems to insist on using 'nagios' as a login.
So, ist there any way to change the login used by nagios ?
Or some other solution to check the NAS from nagios XI?
THX
stn
Re: check_by_ssh with alternate username ?
Posted: Tue Mar 11, 2014 11:04 am
by sreinhardt
The -l flag should do what you are looking for. Note that you will need to enable password-less login with ssh keys and ssh in at least once to accept the remote ssh key as the nagios user on the nagios system.
Re: check_by_ssh with alternate username ?
Posted: Tue Mar 11, 2014 12:27 pm
by stn021
[/list]
sreinhardt wrote:The -l flag should do what you are looking for. Note that you will need to enable password-less login with ssh keys and ssh in at least once to accept the remote ssh key as the nagios user on the nagios system.
Hi,
thank you for the info.
I did keep my initial question kind of short
So here some more details:
- I use nagios XI with its webinterface. The NAS is already configured as host and service with the web-if and the error-message is that the login via key did not work.
- password-less ssh-login on the NAS works fine with the username 'admin' but not with the username 'nagios". Meaning: I have created the appropriate keys and entered these into ..../.ssh/authorized_keys on the NAS. But I cannot get the NAS to accept logins from any other user than 'admin'. This is intended by the manufacturer.
- I am aware of the "-l" option for check_by_ssh (identical to that of ssh). On the commandline I can easily run this and it works as expected. and returns the appropriate answer (for example: free diskspace) from the NAS.
My Problem is that I do not know how to modify nagios XI to show the result of the check in the web-interface.
I assume that somewhere in /var/share/nagios* there is a script that does the job and calls check_by_ssh . I also assume that I can simply change that script, (if it exists) and change the username behind the '-l'-option from 'nagios' to 'admin'.
Am I assuming correctly and if so: which script is it?
THX
stn
Re: check_by_ssh with alternate username ?
Posted: Tue Mar 11, 2014 4:24 pm
by abrist
What you need to edit are the nagios config files. You should probably do a bit of reading before diving deeper. You will be better off:
http://www.nagios.org/documentation
Re: check_by_ssh with alternate username ?
Posted: Wed Mar 12, 2014 5:57 am
by stn021
abrist wrote:What you need to edit are the nagios config files. ..
Thank you for the info.
No, the configfiles are not 'it' .
The existing configurationfiles for the NAS are in //usr/local/nagios/etc/services and /usr/local/nagios/etc/hosts
There is the reference to the command that is executed on the NAS
Code: Select all
check_command check_xi_by_ssh!-C "/usr/local/nagios/libexec/check_disk /dev/md9"
There is
no reference to the command that is executed by the nagios-host, nor any credentials. And a command "check_xi_by_ssh" does AFAICT not exist.
I assume that there is a script somewhere that calls 'check_by_ssh' and adds the credentials, hostname etc.
That (if it exists) would have to be changed. Or maybe the default login 'nagios' can be changed for the ssh-check only, not for any other checks? The configfiles could then reference the changed script with the appropriate credentials.
THX, stn
Re: check_by_ssh with alternate username ?
Posted: Wed Mar 12, 2014 12:50 pm
by technick
check_by_ssh will be located in /usr/local/nagios/libexec
As a rule of troubleshooting, its always best to check something via the command line than worrying with configs.
Does this work?
Code: Select all
/usr/local/nagios/libexec/check_by_ssh -H yournasbox -l admin -s disk -C "/usr/local/nagios/libexec/check_disk /dev/md9"
This is assuming you have a /usr/local/nagios/libexec on your NAS with all the plugins & binaries
AND you can run them manually on the NAS.
I just tested this syntax out in my nagios environment against another server and it worked.
If this works for you, then the next steps would be to create a custom command in your commands.cfg. We'll burn that bridge once we get there though.
-Nick
Re: check_by_ssh with alternate username ?
Posted: Wed Mar 12, 2014 2:33 pm
by abrist
In nagios xi, you probably just need to edit the the ARGs for the check to include the necessary switch.
Code: Select all
check_command check_xi_by_ssh!-C "/usr/local/nagios/libexec/check_disk /dev/md9"
Add:
-l <username> to the ARG2 in the CCM so that the resulting config resembles:
Code: Select all
check_command check_xi_by_ssh!-C "/usr/local/nagios/libexec/check_disk /dev/md9"!-l <username>
Re: check_by_ssh with alternate username ?
Posted: Wed Mar 12, 2014 2:49 pm
by sreinhardt
password-less ssh-login on the NAS works fine with the username 'admin' but not with the username 'nagios". Meaning: I have created the appropriate keys and entered these into ..../.ssh/authorized_keys on the NAS. But I cannot get the NAS to accept logins from any other user than 'admin'. This is intended by the manufacturer.
I should have clarified, on the local system(nagios) you need to be running as the nagios user, but still ssh into the remote system as admin. This is just to accept the rsa key so that check_by_ssh is happy. I did not intend for you to log into the nas as nagios, I fully understand you need to use the admin user.
Actually the command check_xi_by_ssh should exist on a standard XI system and be configured to use the check_by_ssh plugin like so:
Code: Select all
$USER1$/check_by_ssh -H $HOSTADDRESS$ $ARG1$ $ARG2$
So considering that you are not presently using $ARG2$ in the service definition, you could put "-l admin" and have it passed to the plugin as it should, to login remotely as the admin user. ( this is exactly what abrist is saying with the second command he posted)
Re: check_by_ssh with alternate username ?
Posted: Thu Mar 13, 2014 7:30 am
by stn021
Hi,
thanks for all the replies.
Got is working:
SSH-login and remote command-execution work
On the nagios-host:
Code: Select all
[root@localhost libexec]# su nagios
# run ssh-keygen , to the default file /home/nagios/.ssh/id_rsa
# on the NAS: insert contents ot /home/nagios/.ssh/id_rsa into into /root/.ssh/authorized_keys
# then once: ssh <myNAS> and accept key
# then test:
[nagios@localhost libexec]$ /usr/local/nagios/libexec/check_by_ssh -C "/usr/local/nagios/libexec/check_disk /dev/md9" -l admin -H <myNAS>
DISK OK - free space: / 392 MB (77% inode=00%);| /=118MB;;;0;509
- Necessary: 'su nagios'
- This tests that the agent on the NAS is installed and working
- This tests that the ssh-keys have been generated and configured on the NAS
Then I changed /usr/local/nagios/services/<myNAS>.cfg
Code: Select all
check_command check_xi_by_ssh!-C "/usr/local/nagios/libexec/check_disk /dev/md0"!-l admin
This part was a bit annoying because at first I misplaced the second '"', at the end of the line instead of after md0
Now the diskspace on the NAS is displayed in the web-if of nagios XI.
This post is meant as a summary, so I hope I did not forget any important details. Great, thanks again to all
stn
Re: check_by_ssh with alternate username ?
Posted: Thu Mar 13, 2014 9:25 am
by sreinhardt
Thanks for the followup, glad its working!