[Nagiosplug-devel] [ nagiosplug-Patches-1472491 ] extra options for check_by_ssh
SourceForge.net
noreply at sourceforge.net
Mon Jan 22 05:11:10 CET 2007
Patches item #1472491, was opened at 2006-04-18 19:33
Message generated for change (Comment added) made by hweiss
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=397599&aid=1472491&group_id=29880
Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: Enhancement
Group: None
>Status: Closed
Resolution: None
Priority: 5
Private: No
Submitted By: gerhard lausser (lausser)
Assigned to: Nobody/Anonymous (nobody)
Summary: extra options for check_by_ssh
Initial Comment:
Hi,
if you use check_by_ssh and the hostkey of the server
has changed, your /etc/ssh/ssh_known_hosts is poorly
maintained or if you never made a successful
connection to tihs server, then you will get the
following:
qqnagio at lt0073:~> check_by_ssh -H siapp11 -
C 'nrpe/libexec/check_dummy 0'
The authenticity of host 'siapp11 (160.50.85.56)'
can't be established.
RSA key fingerprint is
de:84:1b:35:81:a7:11:5b:f7:45:d9:eb:62:e0:b1:dc.
Are you sure you want to continue connecting
(yes/no)?
The service will time out and a warning will be
issued. If you generate your configuration
automatically, so at any time new hosts can appear,
you would have to execute ssh manually and answer
with yes.
Now it will work until the host is reinstalled or its
hostkey changes otherwise.
You can suppress this question if you set the
StrictHostKeyChecking to no either in
your /etc/ssh/ssh_config or if you give this option
to ssh. I made a patch fot check_by_ssh.c which adds
the possibility to call ssh with such an option.
qqnagio at lt0073:~> check_by_ssh -H siapp11 -
o 'StrictHostKeyChecking =no' -
C 'nrpe/libexec/check_dummy 0'
Warning: Permanently added 'siapp11' (RSA) to the
list of known hosts.
Unfortunately you get this warning if you call the
patches check_by_ssh for the first time. To prevent
this i also added a '-q' option, which tells ssh to
suppress warning and diagnostic messages.
qqnagio at lt0073:~> check_by_ssh -H siapp11 -
o 'StrictHostKeyChecking =no' -q -
C 'nrpe/libexec/check_dummy 0'
OK
Now check_by_ssh no longer cares for inconsistencies
in your known_hosts files. Keep in mind, that this
makes you vulnerable to trojan horse attacks.
Do not give secret information to the -a parameter.
You can download the patch from
http://people.consol.de/~lausser/nagios/patches.html
Greetings from Munich,
Gerhard
----------------------------------------------------------------------
>Comment By: Holger Weiß (hweiss)
Date: 2007-01-22 05:11
Message:
Logged In: YES
user_id=759506
Originator: NO
I've updated your patch for the current CVS code, added the options to the
help/usage output and committed it to CVS. Thanks!
----------------------------------------------------------------------
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=397599&aid=1472491&group_id=29880
More information about the Devel
mailing list