[Nagiosplug-devel] [ nagiosplug-Patches-1472491 ] extra options for check_by_ssh

SourceForge.net noreply at sourceforge.net
Tue Apr 18 10:34:01 CEST 2006


Patches item #1472491, was opened at 2006-04-18 19:33
Message generated for change (Tracker Item Submitted) made by Item Submitter
You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=397599&aid=1472491&group_id=29880

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: Enhancement
Group: None
Status: Open
Resolution: None
Priority: 5
Submitted By: gerhard lausser (lausser)
Assigned to: Nobody/Anonymous (nobody)
Summary: extra options for check_by_ssh

Initial Comment:
Hi,

if you use check_by_ssh and the hostkey of the server 
has changed, your /etc/ssh/ssh_known_hosts is poorly 
maintained or if you never made a successful 
connection to tihs server, then you will get the 
following:

qqnagio at lt0073:~> check_by_ssh -H siapp11 -
C 'nrpe/libexec/check_dummy 0'
The authenticity of host 'siapp11 (160.50.85.56)' 
can't be established.
RSA key fingerprint is 
de:84:1b:35:81:a7:11:5b:f7:45:d9:eb:62:e0:b1:dc.
Are you sure you want to continue connecting 
(yes/no)? 

The service will time out and a warning will be 
issued. If you generate your configuration 
automatically, so at any time new hosts can appear, 
you would have to execute ssh manually and answer 
with yes.
Now it will work until the host is reinstalled or its 
hostkey changes otherwise.

You can suppress this question if you set the 
StrictHostKeyChecking to no either in 
your /etc/ssh/ssh_config or if you give this option 
to ssh. I made a patch fot check_by_ssh.c which adds 
the possibility to call ssh with such an option. 

qqnagio at lt0073:~> check_by_ssh -H siapp11 -
o 'StrictHostKeyChecking =no' -
C 'nrpe/libexec/check_dummy 0' 
Warning: Permanently added 'siapp11' (RSA) to the 
list of known hosts.

Unfortunately you get this warning if you call the 
patches check_by_ssh for the first time. To prevent 
this i also added a '-q' option, which tells ssh to 
suppress warning and diagnostic messages.

qqnagio at lt0073:~> check_by_ssh -H siapp11 -
o 'StrictHostKeyChecking =no' -q -
C 'nrpe/libexec/check_dummy 0' 
OK

Now check_by_ssh no longer cares for inconsistencies 
in your known_hosts files. Keep in mind, that this 
makes you vulnerable to trojan horse attacks.
Do not give secret information to the -a parameter.

You can download the patch from 
http://people.consol.de/~lausser/nagios/patches.html

Greetings from Munich,
Gerhard


----------------------------------------------------------------------

You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=397599&aid=1472491&group_id=29880




More information about the Devel mailing list