On Tue, Jan 6, 2009 at 7:36 AM, Mirza Dedic <mi...@oppy.com> wrote: > Hello, > > I have a Nagios system running (3.0.X) along with Nagios Plug-ins; while I > am able to get Nagios to monitor all the things I need on a Win32 box (using > NSClient++ & Check_NT); I am having difficulty getting check_by_ssh to work > for me. I have previously never used check_by_ssh; I am also fairly new to > the linux > OS. My OS is Ubuntu and many of the servers I want to monitor are RHEL4 or > Fedora. I know that to get check_by_ssh to work, I need to create a > private/public > certificate on the client/server; anyone shed some light on how to create > this? > > Do I create the key on my Nagios box? Under the same user that was used when > compiling Nagios? For the remote host (monitored linux server); what do I > need to do? Create > the same user-id? How do I apply the certificate from my Nagios Host to the > monitored Host so that my shell scripts can connect to the Host B without a > password prompt? Please if you could, shed some light for a beginner. > > Also, our environment is using Kerberos, all the servers use SSH/Kerberos, > this way when users are created in Active Directory they are replicated > across the linux servers (is this why I can't find authorized_keys file?)
The key based authentication works if you enable RSAAuthentication (or equivalent) in your SSH server's configuration on Linux servers. I am not really sure how things work out if you enable both Kerberos and Key based authentication. But you could give it a try with one server. You could create the private and public key pair using a command, ssh-keygen (from a Linux machine) or puttygen (on windows). Next the user account that runs Nagios should use the private and public key pairs generated. You can create a new user account on the target Linux server or use existing account also. Place the newly generated public key in the ~<useraccount>/.ssh/authorized_keys file on the target Linux server, Then you could verify the setup by trying a SSH session from the Nagios server to the target Linux server. If you are not being asked for a password etc. and if you get the remote shell immediately, the setup should be proper. Then you can configure a new command definition by specifying the login identity etc. for check_by_ssh command. If you do not to get into the hassles of these things, I would suggest to try out check_ssh plugin to check the sanity of SSH daemons running on Linux servers. HTH. ------------------------------------------------------------------------------ _______________________________________________ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null