Page 1 of 1
check_by_ssh with RSA and Centrify Express
Posted: Tue Dec 15, 2015 12:28 pm
by gregg_hughes_ISC
Good afternoon, all!
I've been wrestling with check_by_ssh for a couple of days now. The problem is that I can make a successful SSH connection to the target server as the target user (targetuser@remoteserver), but if I use the -l option on check_by_ssl, I still trigger the PAM module that requires an RSA passcode.
It would seem that the check_by_ssh would call SSH the same way that a command line would, but it seems that's not the case. NRPE is not a candidate for installation on the remote hosts.
Can anyone enlighten me on how check_by_ssh calls the ssh client and makes a connection to the remote server?
Thanks to any and all for looking!
Gregg
Re: check_by_ssh with RSA and Centrify Express
Posted: Tue Dec 15, 2015 2:34 pm
by rkennedy
but if I use the -l option on check_by_ssl
Do you mean the -l flag on the check_by_ssh command?
When I run the check_by_ssh command with -l, it's using the username specified. Once I installed the SSH key, it stopped asking for the password. Did you setup a SSH key for access rather than password authentication?
Can you provide a screenshot to show an example of what you're seeing?
Re: check_by_ssh with RSA and Centrify Express
Posted: Tue Dec 15, 2015 5:19 pm
by gregg_hughes_ISC
Code: Select all
nagios@nagios-server:~$ /usr/lib/nagios/plugins/check_by_ssh -H 192.168.XXX.YYY -l remoteuser -C /home/remoteuser/bin/check_uptime
Remote command execution failed: ====================WARNING!===WARNING!====================
nagios@nagios-server:~$
Is the command I'm running to test the check_by_ssh plugin. Now, when I SSH as the user I get in fine and can run the command from the remote command line:
Code: Select all
nagios@nagios-server:~$ ssh [email protected]
====================WARNING!===WARNING!====================
This system is the property of MyCompany.
Only authorized users and administrators may access this
system. Any access and/or activity on this system may be
monitored, recorded and is subject to audit. Unauthorized
use of the system is prohibited and subject to criminal and
civil penalties. Use of the system indicates consent to
monitoring and recording.
Please contact support@XXXX (dot) com with any
questions about this system.
===========================================================
Last login: Tue Dec 15 11:19:10 2015 from 192.168.XXX.YYY
[remoteuser@remote-server ~]$ cd /home/remoteuser/bin/check_uptime
-bash: cd: /home/remoteuser/bin/check_uptime: Not a directory
[remoteuser@remote-server ~]$ cd /home/remoteuser/bin/
[remoteuser@remote-server bin]$ ./check_uptime
OK - uptime is 139 Days, 6 Hours, 04 Minutes
And that works. AFAICS, this means that the check_by_ssh should work precisely the same as the straight SSH session. But that fails.
Let me know what you think about this.
Thanks!
Gregg
Re: check_by_ssh with RSA and Centrify Express
Posted: Tue Dec 15, 2015 5:20 pm
by gregg_hughes_ISC
Since the SSH works directly without a password, the key is correctly situated and rights are good.
Re: check_by_ssh with RSA and Centrify Express
Posted: Tue Dec 15, 2015 5:30 pm
by rkennedy
Uptime is easy enough, as it can be executed without a script. I think the issue might be without the quotes though. Can you try running the following commands and post the result?
Code: Select all
/usr/lib/nagios/plugins/check_by_ssh -H 192.168.XXX.YYY -l remoteuser -C '/home/remoteuser/bin/check_uptime'
/usr/lib/nagios/plugins/check_by_ssh -H 192.168.XXX.YYY -l remoteuser -C 'uptime'
Re: check_by_ssh with RSA and Centrify Express
Posted: Wed Dec 23, 2015 1:04 pm
by gregg_hughes_ISC
Good morning!
Apologies for not getting back to you; another project (basket of rattlesnakes) got put on my plate.
Here is the response from the test:
Code: Select all
nagios@nagios-server:~$ /usr/lib/nagios/plugins/check_by_ssh -H 192.168.999.85 -l remoteuser -C '/home/nagiosremote/bin/check_uptime'
Remote command execution failed: ====================WARNING!===WARNING!====================
nagios@nagios-server:~$ /usr/lib/nagios/plugins/check_by_ssh -H 192.168.999.85 -l remoteuser -C uptime
Remote command execution failed: ====================WARNING!===WARNING!====================
nagios@nagios-server:~$ /usr/lib/nagios/plugins/check_by_ssh -H 192.168.999.85 -l remoteuser -C 'uptime'
Remote command execution failed: ====================WARNING!===WARNING!====================
I suspect an authentication issue on the remote server is at the root of this. I'm going to do some more SSH testing this afternoon to see if I can trace where the process is failing.
Thanks!
Re: check_by_ssh with RSA and Centrify Express
Posted: Wed Dec 23, 2015 3:25 pm
by rkennedy
Can you check the auth.log to see if the login is working properly?
Let us know what you find.
Re: check_by_ssh with RSA and Centrify Express
Posted: Wed Dec 23, 2015 3:40 pm
by Box293
Also try -v for verbosity
Code: Select all
/usr/lib/nagios/plugins/check_by_ssh -v -H 192.168.999.85 -l remoteuser -C '/home/nagiosremote/bin/check_uptime'