I’ve got a custom monitoring script that I’m trying to run using the default check_by_ssh plugin. It’s attempting to run it, but when the monitoring server doesn’t know the host key of the server to be checked it returns a 255 - fair enough.
It seems a bit mad that I have to manually try to SSH to all of my monitored servers to add their SSH keys first, so I’ve tried disabling the host key checking in the Icinga user’s .ssh config file:
Host *
StrictHostKeyChecking no
UserKnownHostsFile=/dev/null
No luck there so I tried adding it to the options for my checks that use ssh as follows:
vars.by_ssh_arguments = {
"-C" = {
description = "Count OS Caches as Free Mem"
}
"-u" = {
description = "Check Used Mem"
}
"-w" = {
value = "$mem_warning$"
description = "Memory used warning threshold"
}
"-c" = {
value = "$mem_critical$"
description = "Memory used critical threshold"
}
"-o" = {
value = "StrictHostKeyChecking=no"
description = "Disable host key checking"
}
Oddly enough this seems to pass it to the check script because I get this output:
`check_by_ssh: Remote command ''/usr/lib64/nagios/plugins/check_uptime.sh' '--ssh-option' 'StrictHostKeyChecking=no' '-t' '3600'' returned status 255`
Could I get some help understanding how I can pass this through please? I’m pretty sure this never used to be an issue, but we seem to be struggling with it for every new Linux device I add.
Thanks for the quick reply ritzgu - I tried that here and it looks like it isn’t paying attention to it because nothing changed.
This is what the service looks like now - is this what you were thinking?
apply Service "load" to Host {
display_name = "CPU Load"
import "by_ssh"
vars.by_ssh_command = "/usr/lib64/nagios/plugins/check_load"
vars.by_ssh_options = "StrictHostKeyChecking=no"
vars.by_ssh_arguments = {
"-r" = {
description = ""
}
"-w" = {
value = "$load_wload1$,$load_wload5$,$load_wload15$"
description = "Exit with WARNING status if load average exceeds WLOADn"
}
"-c" = {
value = "$load_cload1$,$load_cload5$,$load_cload15$"
description = "Exit with CRITICAL status if load average exceed CLOADn; the load average format is the same used by 'uptime' and 'w'"
}
}
assign where "linux-servers" in host.groups && host.name != NodeName
vars.load_wload1 = "2"
vars.load_wload5 = "5"
vars.load_wload15 = "10"
vars.load_cload1 = "5"
vars.load_cload5 = "10"
vars.load_cload15 = "20"
}
This is what the default by_ssh check_command config looks like by the way, which lead me to believe that the SSH options should go where I originally put them - happy to be told that I’m wrong!
object CheckCommand "by_ssh" {
import "ipv4-or-ipv6"
command = [ PluginDir + "/check_by_ssh" ]
arguments = {
"-H" = {
value = "$by_ssh_address$"
description = "Host name, IP Address, or unix socket (must be an absolute path)"
}
"-p" = {
value = "$by_ssh_port$"
description = "Port number (default: none)"
}
"-C" = {{
var command = macro("$by_ssh_command$")
var arguments = macro("$by_ssh_arguments$")
if (typeof(command) == String && !arguments) {
return command
}
var escaped_args = []
for (arg in resolve_arguments(command, arguments)) {
escaped_args.add(escape_shell_arg(arg))
}
return escaped_args.join(" ")
}}
"-l" = {
value = "$by_ssh_logname$"
description = "SSH user name on remote host [optional]"
}
"-i" = {
value = "$by_ssh_identity$"
description = "identity of an authorized key [optional]"
}
"-q" = {
set_if = "$by_ssh_quiet$"
description = "Tell ssh to suppress warning and diagnostic messages [optional]"
}
"-w" = {
value = "$by_ssh_warn$"
description = "Response time to result in warning status (seconds)"
}
"-c" = {
value = "$by_ssh_crit$"
description = "Response time to result in critical status (seconds)"
}
"-t" = {
value = "$by_ssh_timeout$"
description = "Seconds before connection times out (default: 10)"
}
"-o" = {
value = "$by_ssh_options$"
description = "Provide ssh options (may be repeated)"
}
"-4" = {
set_if = "$by_ssh_ipv4$"
description = "Use IPv4 only"
}
"-6" = {
set_if = "$by_ssh_ipv6$"
description = "Use IPv6 only"
}
"-E" = {
value = "$by_ssh_skip_stderr$"
description = "Ignore all or (if specified) first n lines on STDERR [optional]"
}
}
vars.by_ssh_address = "$check_address$"
vars.by_ssh_quiet = false
vars.check_ipv4 = "$by_ssh_ipv4$"
vars.check_ipv6 = "$by_ssh_ipv6$"
}
