Hi,
I have tried check_by_ssh to login Cisco ASA. To get an output for specific command output. But it gives me output saying “CRITICAL - Plug-in timed out after 10 seconds”. Have tried extending the timeout to 60 secs, but no luck.
From Ubuntu machine I can login to the device using SSH without password. Please can you let me know if this plugin works for ssh into the Cisco ASA. If yes, is there anything am missing.
root@Test:/usr/lib/nagios/plugins# ssh root@192.168.56.103
Type help or ‘?’ for a list of available commands.
TEST-ASA2> exit
Trying the plugin manually means executing as user root. Hence, the private key of user root is used for connecting via ssh. When icinga executes the plugin the user’s icinga or nagios (depending on your distribution) private key is used instead. Means you need to add icinga’s or nagios’ public key to your ASA.
Thanks for prompt response, I have added Nagios and Icinga public key to ASA, but still no luck running the plugin.
oot@paymentsense-VirtualBox:/usr/lib/nagios/plugins# ./check_by_ssh -H 192.168.56.103 -C show ver
CRITICAL - Plug-in timed out after 10 seconds
root@paymentsense-VirtualBox:/usr/lib/nagios/plugins# ./check_by_ssh -H 192.168.56.103 -C show ver
CRITICAL - Plug-in timed out after 10 seconds
root@paymentsense-VirtualBox:/usr/lib/nagios/plugins#
root@paymentsense-VirtualBox:/usr/lib/nagios/plugins# ssh icinga@192.168.56.103
Type help or ‘?’ for a list of available commands.
TEST-ASA2> exit
Logoff
Connection to 192.168.56.103 closed.
root@paymentsense-VirtualBox:/usr/lib/nagios/plugins# ssh nagios@192.168.56.103
Type help or ‘?’ for a list of available commands.
TEST-ASA2> exit
Logoff
Connection to 192.168.56.103 closed by remote host.
Connection to 192.168.56.103 closed.
root@paymentsense-VirtualBox:/usr/lib/nagios/plugins#
Am actually new to Linux and Icinga, not sure am posting correct output which you are referring, I have tried with both nagios and icinga, but still no luck.
icinga@paymentsense-VirtualBox:/usr/lib/nagios/plugins$ ./check_by_ssh -H 192.168.56.103 -C show icinga@192.168.56.103’s password:
CRITICAL - Plug-in timed out after 10 seconds
icinga@paymentsense-VirtualBox:/usr/lib/nagios/plugins$ ssh icinga@192.168.56.103 icinga@192.168.56.103’s password:
Type help or ‘?’ for a list of available commands.
TEST-ASA2> exit
Logoff
Connection to 192.168.56.103 closed by remote host.
Connection to 192.168.56.103 closed.
icinga@paymentsense-VirtualBox:/usr/lib/nagios/plugins$
#####################################################################
nagios@paymentsense-VirtualBox:/usr/lib/nagios/plugins$ ./check_by_ssh -H 192.168.56.103 -C show ver
Enter passphrase for key ‘/var/lib/nagios/.ssh/id_rsa’:
CRITICAL - Plug-in timed out after 10 seconds
nagios@paymentsense-VirtualBox:/usr/lib/nagios/plugins$ ssh 192.168.56.103
The authenticity of host ‘192.168.56.103 (192.168.56.103)’ can’t be established.
RSA key fingerprint is SHA256:7G9WRS6pyH7uq9iC/jTlbllm8CQXqp/NHv5pqeNq8gY.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added ‘192.168.56.103’ (RSA) to the list of known hosts. nagios@192.168.56.103’s password:
Type help or ‘?’ for a list of available commands.
TEST-ASA2> en
Password: ********
TEST-ASA2# exit
Logoff
Connection to 192.168.56.103 closed by remote host.
Connection to 192.168.56.103 closed.
I think permission is fixed, but still it says timeout.
icinga@paymentsense-VirtualBox:/usr/lib/nagios/plugins$ ssh 192.168.56.103
Type help or ‘?’ for a list of available commands.
TEST-ASA2> exit
Logoff
Connection to 192.168.56.103 closed by remote host.
Connection to 192.168.56.103 closed.
icinga@paymentsense-VirtualBox:/usr/lib/nagios/plugins$
icinga@paymentsense-VirtualBox:/usr/lib/nagios/plugins$ ./check_by_ssh -H 192.168.56.103 -C show
CRITICAL - Plug-in timed out after 10 seconds
icinga@paymentsense-VirtualBox:/usr/lib/nagios/plugins$ time ssh 192.168.56.103 show
Enter passphrase for key ‘/home/icinga/.ssh/id_rsa’:
Type help or ‘?’ for a list of available commands.
TEST-ASA2> show
INFO: % Type “show ?” for a list of subcommands
TEST-ASA2> exit
exit
Logoff
Connection to 192.168.56.103 closed by remote host.
real 0m14.524s
user 0m0.122s
sys 0m0.000s
icinga@paymentsense-VirtualBox:/usr/lib/nagios/plugins$
Yea I thought we need to create it manually, not sure if it was already in place. I have created Icinga user manually and provided permissions. I was following below two links for login to ASA without password.
Thanks Matthais for response, I was able to resolve the actual issue. I think you are aware that ASA do not support BGP and IPSLA OID’s. Was trying to get the BGP state through check_by_ssh command. But did not work as it requires passphrase.
Apparently was able to write a python script and apply the Icinga codes to get notified when BGP state changes. Thanks you for your support.