Re: [Nagios-users] Monitoring solaris server without installing any plugin

Thu, 23 Feb 2006 08:41:25 -0800 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

James E. Pratt wrote:
> Hi i have a similar problem where no matter how i try and compile on
> either sol8 or sol9 (sparc) using the software from sunfreeware (gcc,
> openssl etc etc), i just cannot get NRPE ssl handshakes to work via
> inetd... I've tried everything, and triple-checked everything countless
> times, but always get the "Failed to complete ssl handshake" message..
> 
> Can anyone give me any insight, or has seen this issue before?


I've seen this in a couple of different cases:

        1)  trust relationship between the nagios user on the monitoring
        host and the monitored host is not set up.

To do this you need to generate a pair of ssh keys.  I always (and I
forget why) generate both a dsa key and an rsa key.  To do this is
pretty simple:
a) log in as the user nagios on your monitoring host.
b) run ssh-keygen -t rsa  ;  and answer the questions/prompts accordingly.
c) run ssh-keygen -t dsa ;   and do the same as (b)
d) cd ~/.ssh
e) cat *.pub > exported-keys.txt
f) scp exported-keys.txt [EMAIL PROTECTED]:
  (note the trailing colon (:) above)
g) log on as nagios on the monitored host.
f) cat exported-keys.txt >> .ssh/authorized_keys
g) cat exported-keys.txt >> .ssh/authorized_keys2


Now, having said all that one of the shortcuts I have on some of my
systems is authorized_keys and authorized_keys2 are the same file with
one of them being a sym-link to the other.

        2) no SSH on the monitored host at all

Well.. put it there and and then follow the steps above.

        3) nrpe is not being started from inetd (xinetd) AND is not
        running as a daemon.

Then you need to either configure inetd (xinted) accordingly or enable
nrpe to be started up from init during system reboot. (or start it
manually... whatever floats your boat.)

Clear as mud?



- --
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Peter L. Berghold                                     [EMAIL PROTECTED]
"Those who fail to learn from history are condemned to repeat it."
AIM: redcowdawg        Yahoo IM: blue_cowdawg              ICQ: 11455958
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)
Comment: Using GnuPG with Red Hat - http://enigmail.mozdev.org

iD8DBQFD/eWPUM9/01RIhaARAvMzAJ9m01XznSLrU8ZLoEXsZxcKGrAm0gCfch6J
hlNIo7ZI9dw6usurIkonkJA=
=dEf8
-----END PGP SIGNATURE-----

begin:vcard
fn:Peter  L. Berghold
n:Berghold;Peter 
org:IBM;GSD
email;internet:[EMAIL PROTECTED]
title:Unix Specialist
x-mozilla-html:FALSE
url:http://www.berghold.net
version:2.1
end:vcard

Reply via email to