[Nagiosplug-devel] [ nagiosplug-Bugs-1252285 ] check_ssh reports critical for some SSH servers

[SourceForge.net]

Bugs item #1252285, was opened at 2005-08-04 16:59
Message generated for change (Comment added) made by sf-robot
You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=397597&aid=1252285&group_id=29880

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: Interface (example)
Group: Release (specify)
>Status: Closed
Resolution: None
Priority: 5
Private: No
Submitted By: TexasDavid (daupperle)
Assigned to: Matthias Eble (psychotrahe)
Summary: check_ssh reports critical for some SSH servers

Initial Comment:
The check_ssh plugin reports STATE_CRITICAL for 
certain SSH servers.  As a result some valid SSH 
servers are reported down.  For example, the following 
is a valid response for a working SSH server:

sshd2: SSH Secure Shell 2.4.0 (non-commercial 
version) on hppa2.0n-hp-hpux11.00 

The problem lies on line 216 of check_ssh.c (Version 
1.27).  THe function strncmp should be replaced with 
strncasecmp.  Note: this change will not return the 
version properly, but it will return the state information.

The following changes will properly evaluate the above 
SSH server in more detail and probably should be 
applied to the patch.

216c216
<       if (strncmp (output, "SSH", 3)) {
---
>       if (strncasecmp (output, "SSH", 3)) {
224,227c224,237
<               ssh_proto = output + 4;
<               ssh_server = ssh_proto + strspn 
(ssh_proto, "-0123456789. ");
<               ssh_proto[strspn 
(ssh_proto, "0123456789. ")] = 0;
<
---
>                 if (strncmp(output,"sshd2",5)==0) {
>                    // Output(one line): sshd2: SSH Secure
>                    //    Shell 2.4.0 (non-commercial version)
>                    //    on hppa2.0n-hp-hpux11.00
>                    ssh_server = output + 7;
>                  ssh_server[strcspn 
(ssh_server, "0123456789")-1] = 0;
>                    ssh_proto = ssh_server + strlen
(ssh_server)+1;
>                  ssh_proto[strspn 
(ssh_proto, "0123456789. ")] = 0;
>                 }
>                 else { // Standard servers
>                 ssh_proto = output + 4;
>                 ssh_server = ssh_proto + strspn 
(ssh_proto, "-0123456789. ");
>                 ssh_proto[strspn 
(ssh_proto, "0123456789. ")] = 0;
>                 }


----------------------------------------------------------------------

>Comment By: SourceForge Robot (sf-robot)
Date: 2007-06-25 19:20

Message:
Logged In: YES 
user_id=1312539
Originator: NO

This Tracker item was closed automatically by the system. It was
previously set to a Pending status, and the original submitter
did not respond within 14 days (the time period specified by
the administrator of this Tracker).

----------------------------------------------------------------------

Comment By: Matthias Eble (psychotrahe)
Date: 2007-06-11 01:15

Message:
Logged In: YES 
user_id=1694341
Originator: NO

Announced pending state by sending emails to the participants.

----------------------------------------------------------------------

Comment By: Matthias Eble (psychotrahe)
Date: 2007-06-03 10:49

Message:
Logged In: YES 
user_id=1694341
Originator: NO

Hi David,

I looked at the rfc (http://tools.ietf.org/html/rfc4253#section-4.2) and
this claims that 
there must be a line like SSH-... but there MAY be other lines before that
one that specifies the version.

could you send the whole text the server offers (eg using netcat 127.0.0.1
22)?

The patch you specified is a bit too specific to me.

Matthias

----------------------------------------------------------------------

You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=397597&aid=1252285&group_id=29880