<div dir="ltr"><div class="gmail_extra"><div class="gmail_quote">On 26 July 2014 04:24, Kris Springer <span dir="ltr"><<a href="mailto:kspringer@innovateteam.com" target="_blank">kspringer@innovateteam.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
I'm trying to get rclient working and I'm not understanding the SSH
requirements. The whole point of this is to not need to configure
the client, so what am I supposed to do with SSH keys? I can SSH
into the client with user:pass but how do I do that with this
script? It wants me to create SSH keys? Anyone have a clue for me?
I'd rather just use the user:pass</div></blockquote><div><br></div><div>Kris</div><div><br></div><div>It's not clear to me if you're saying a) you want to use key authentication but can't work out how; or b) you don't want to use key authentication and would prefer to use password authentication.</div>
<div><br></div><div>The requirement for key-based authentication (rather than user:password) is so that a human doesn't need to type a password every 5 minutes when the script runs. If you want (prefer) to use a password, you will need a way to get the password entered into the ssh client. Alternatively, use a non-ssh client that supports fetching a password some other way and tell xymon-rclient.sh to use that (eg telnet and expect), but this is generally less secure than using a key pair for authentication.<br>
</div><div><br></div><div>If you can ssh with username and password, then setting up keys for authentication is fairly quick to do. In case you need help with this, here's a brief set of instructions.</div><div><br>
</div>
<div>First, login to the Xymon server as the xymon user (or su), and create a key pair with no passphrase:</div><div><br></div><div>$ ssh-keygen -N "" -f ~/.ssh/xymon-rclient</div><div><br></div><div>This creates two key files called xymon-rclient and xymon-rclient.pub, both in the .ssh subdirectory of the xymon user's home directory. The contents of the ".pub" file needs to be copied into a file on the host(s) you want to monitor. The other file should be kept secret and secure, because it's not protected by a password, yet is a "password equivalent".</div>
<div><br></div><div>Second, append the contents of the .pub file into the .ssh/authorized_keys file on the host you want to manage, perhaps by doing this:</div><div><br></div><div>$ ssh xymon@host-to-manage "cat >> ~/.ssh/authorized_keys" < ~/.ssh/xymon-rclient.pub</div>
<div><br></div><div>Now you should be able to login using the private key instead of a password, and as long as it matches the public key at the other end, you should get in:</div><div><br></div><div>$ ssh -i ~/.ssh/xymon-rclient xymon@host-to-manage uname -n</div>
<div><br></div><div>Now, you have key authentication setup, and can start using xymon-rclient.sh.</div><div><br></div><div>J</div><div><br></div></div></div></div>