Nagios Support Forum

Support for Nagios products and services
https://support.nagios.com/forum/

Questions while configuring vMA (box293)

https://support.nagios.com/forum/viewtopic.php?t=36589

Page 1 of 1

Questions while configuring vMA (box293)

Posted: Fri Jan 15, 2016 9:08 am
by dlukinski
Page 8 "Directory for ssh certificates"
- create .ssh under root OR under /home/vi-admin? - unclear


Page 9 "Configure Nagios Server"
- speaking of XI 5.2.3 (VM appliance from Nagios), do we have to install openssh and plugins?

Page 10 "Transfer certificates to the vMA" - fails

[nagios@cakc-nagxitest01 ~]$ cat ~/.ssh/id_dsa.pub | ssh [email protected] 'umask 077; cat>>~/.ssh/authorised_keys'
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
96:d6:ca:c6:bb:c1:01:12:d1:6c:ec:81:49:ef:a8:f1.
Please contact your system administrator.
Add correct host key in /home/nagios/.ssh/known_hosts to get rid of this message.
Offending key in /home/nagios/.ssh/known_hosts:1
RSA host key for 10.67.0.97 has changed and you have requested strict checking.
Host key verification failed.

Re: Questions while configuring vMA (box293)

Posted: Fri Jan 15, 2016 11:57 am
by hsmith
dlukinski wrote:- create .ssh under root OR under /home/vi-admin?
What's unclear?
dlukinski wrote:- speaking of XI 5.2.3 (VM appliance from Nagios), do we have to install openssh and plugins?
OpenSSH should be installed by default - which plugins?
dlukinski wrote:[nagios@cakc-nagxitest01 ~]$ cat ~/.ssh/id_dsa.pub | ssh [email protected] 'umask 077; cat>>~/.ssh/authorised_keys'
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
96:d6:ca:c6:bb:c1:01:12:d1:6c:ec:81:49:ef:a8:f1.
Please contact your system administrator.
Add correct host key in /home/nagios/.ssh/known_hosts to get rid of this message.
Offending key in /home/nagios/.ssh/known_hosts:1
RSA host key for 10.67.0.97 has changed and you have requested strict checking.
Host key verification failed.
authorised should be spelled authorized.

Re: Questions while configuring vMA (box293)

Posted: Fri Jan 15, 2016 4:00 pm
by dlukinski
hsmith wrote:
dlukinski wrote:- create .ssh under root OR under /home/vi-admin?
What's unclear?
dlukinski wrote:- speaking of XI 5.2.3 (VM appliance from Nagios), do we have to install openssh and plugins?
OpenSSH should be installed by default - which plugins?
dlukinski wrote:[nagios@cakc-nagxitest01 ~]$ cat ~/.ssh/id_dsa.pub | ssh [email protected] 'umask 077; cat>>~/.ssh/authorised_keys'
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
96:d6:ca:c6:bb:c1:01:12:d1:6c:ec:81:49:ef:a8:f1.
Please contact your system administrator.
Add correct host key in /home/nagios/.ssh/known_hosts to get rid of this message.
Offending key in /home/nagios/.ssh/known_hosts:1
RSA host key for 10.67.0.97 has changed and you have requested strict checking.
Host key verification failed.
authorised should be spelled authorized.
.ssh (I assume it is created under /home/vi-admin) - right?

Nagios Plugins 1.5 or higher (as per "A Nagios Plugin To Monitor VMware Virtualization" document, page 9
- I cannot find check_by_ssh plugin manual is talking about in the system w/o installation, while it makes no sense for Nagios XI VMappliance not to have plugins?

Same error:
[nagios@cakc-nagxitest01 ~]$ cat ~/.ssh/id_dsa.pub | ssh [email protected] 'umask 077; cat >>~/.ssh/authorized_keys'
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
96:d6:ca:c6:bb:c1:01:12:d1:6c:ec:81:49:ef:a8:f1.
Please contact your system administrator.
Add correct host key in /home/nagios/.ssh/known_hosts to get rid of this message.
Offending key in /home/nagios/.ssh/known_hosts:1
RSA host key for 10.67.0.97 has changed and you have requested strict checking.
Host key verification failed.
[nagios@cakc-nagxitest01 ~]$

Re: Questions while configuring vMA (box293)

Posted: Sun Jan 17, 2016 11:14 pm
by Box293
dlukinski wrote:Page 8 "Directory for ssh certificates"
- create .ssh under root OR under /home/vi-admin? - unclear
dlukinski wrote:.ssh (I assume it is created under /home/vi-admin) - right?
Correct, the steps in the manual go through creating this and defining the relevant permissions on the vMA appliance. If you followed the steps, you login as the user vi-admin and then create the directory as that user from the home directory as this is where the login dumps you.
dlukinski wrote:Page 9 "Configure Nagios Server"
- speaking of XI 5.2.3 (VM appliance from Nagios), do we have to install openssh and plugins?
No plugins are required on the vMA and the vMA will accept SSH sessions.
check_by_ssh is already installed on Nagios XI by default.
dlukinski wrote:Same error:
[nagios@cakc-nagxitest01 ~]$ cat ~/.ssh/id_dsa.pub | ssh [email protected] 'umask 077; cat >>~/.ssh/authorized_keys'
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
96:d6:ca:c6:bb:c1:01:12:d1:6c:ec:81:49:ef:a8:f1.
Please contact your system administrator.
Add correct host key in /home/nagios/.ssh/known_hosts to get rid of this message.
Offending key in /home/nagios/.ssh/known_hosts:1
RSA host key for 10.67.0.97 has changed and you have requested strict checking.
Host key verification failed.
[nagios@cakc-nagxitest01 ~]$
This error is your nagios server saying "I have talked to server xxxx before and it had a key with X fingerprint but now it doesn't".
On your Nagios XI server, if you edit the file /home/nagios/.ssh/known_hosts and delete line 1 (thats why it's ending in :1) it should fix the error and you should be able to run the command again.

Re: Questions while configuring vMA (box293)

Posted: Mon Jan 18, 2016 3:52 pm
by dlukinski
This worked in two separate installs

Thank you Very Much!

We could now close this request.

Re: Questions while configuring vMA (box293)

Posted: Mon Jan 18, 2016 4:42 pm
by rkennedy
Glad to see this working! I'll go ahead and close this out now. If you ever need assistance in the future, feel free to open a new one.
All times are UTC-05:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited