[Nagios-users] check_ssh_login ?
I would use the existing remote plugin execution facilities of NRPE with a custom plugin to verify the id. Pseudo code for a "check_valid_uid" would be: valid_id=1 UID=$ARG1 grep $UID /etc/passwd if return_code=0 then valid_id=0 print "User $UID is valid" else print "User $UID is not valid" fi return valid_id There are probably more thorough ways of validing that the id will work than just verifying existence in the /etc/passwd file, but you get the idea. Regards, Greg >Message: 6 >From: jeff vier <[EMAIL PROTECTED]> >To: nagios-users >Date: Wed, 15 Mar 2006 08:56:46 -0600 >Subject: [Nagios-users] check_ssh_login ? >--=-V2oL6qqSss3ngPlX8Yvy >Content-Type: text/plain >Content-Transfer-Encoding: quoted-printable > >I need to check if I can log into a specific account on a system via SSH, but >due to >the nature of the system (tunneled to a serial console), I am unable >to set up a key >pair. > >check_ssh only verifies that the system is answering to SSH requests (which >doesn't >help me, the serial console host almost certainly responds). > >check_by_ssh is *close*, but provides no method of passing a password via the >command >line (which, yes, is a ghetto method of doing things, but you would >still have to >know the login to the system, and it *is different*), and it >requires a remote >command to execute. >So, before I delve into hacking this functionality into check_by_ssh, does >anyone >have a solution with existing tools? --- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642 ___ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null
Re: [Nagios-users] check_ssh_login ?
On Wed, 2006-03-15 at 15:44 -0500, John P. Rouillard wrote: > In message <[EMAIL PROTECTED]>, > jeff vier writes: > >I need to check if I can log into a specific account on a system via > >SSH, but due to the nature of the system (tunneled to a serial console), > >I am unable to set up a key pair. > > Replace your serial consoles with something like a Cyclades that > allows use of public keys. it's an off-site hosted box for a side-project of mine. This isn't enterprise-level stuff (and I can't influence changes directly). > I don't think check_by_ssh is going to work since the ssh->serial > connection will probably not permit execution of a script and the > return of the exit code without a lot of work. Also it has no real > interactive support and it should like you need that. that's a good point. I was envisioning it functioning like, as you said below, an expect wrapper or something similar. In the mean time, I'm forcing myself to be satisfied with just checking that I can connect to the SSH server at all. > >does anyone have a solution with existing tools? > An expect wrapper around ssh should do the trick and it can negotiate > the login prompt on the serial port as well. I don't want to actually log in, I just want to see that I'm prompted for the username with the correct hostname. So, yeah, I think we're on the same page. signature.asc Description: This is a digitally signed message part
Re: [Nagios-users] check_ssh_login ?
In message <[EMAIL PROTECTED]>, jeff vier writes: >I need to check if I can log into a specific account on a system via >SSH, but due to the nature of the system (tunneled to a serial console), >I am unable to set up a key pair. Replace your serial consoles with something like a Cyclades that allows use of public keys. >check_by_ssh is *close*, but provides no method of passing a password >via the command line (which, yes, is a ghetto method of doing things, >but you would still have to know the login to the system, and it *is >different*), and it requires a remote command to execute. > >So, before I delve into hacking this functionality into check_by_ssh, I don't think check_by_ssh is going to work since the ssh->serial connection will probably not permit execution of a script and the return of the exit code without a lot of work. Also it has no real interactive support and it should like you need that. >does anyone have a solution with existing tools? An expect wrapper around ssh should do the trick and it can negotiate the login prompt on the serial port as well. -- rouilj John Rouillard === My employers don't acknowledge my existence much less my opinions. --- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642 ___ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null
[Nagios-users] check_ssh_login ?
I need to check if I can log into a specific account on a system via SSH, but due to the nature of the system (tunneled to a serial console), I am unable to set up a key pair. check_ssh only verifies that the system is answering to SSH requests (which doesn't help me, the serial console host almost certainly responds). check_by_ssh is *close*, but provides no method of passing a password via the command line (which, yes, is a ghetto method of doing things, but you would still have to know the login to the system, and it *is different*), and it requires a remote command to execute. So, before I delve into hacking this functionality into check_by_ssh, does anyone have a solution with existing tools? signature.asc Description: This is a digitally signed message part