<html>
  <head>
    <meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
  </head>
  <body text="#000000" bgcolor="#FFFFFF">
    <div class="moz-cite-prefix">I believe I've gotten the SSH
      authentication working correctly.  My problem now is that the
      remote client that I'm attempting to monitor is a FreeNAS box with
      a Read-Only file system.  I can manually enter 'mount -uw /'
      directly on the client machine to overcome the Read-Only issue,
      but I can't seem to figure out what to do in the rclient script
      that will accomplish the same thing.  Any ideas?<br>
      <div class="moz-signature">
        <title>Signature - Kris</title>
        <meta content="text/html; charset=UTF-8"
          http-equiv="content-type">
        <style type="text/css">@import url('<a class="moz-txt-link-freetext" href="https://themes.googleusercontent.com/fonts/css?kit=wAPX1HepqA24RkYW1AuHYA">https://themes.googleusercontent.com/fonts/css?kit=wAPX1HepqA24RkYW1AuHYA</a>');ol{margin:0;padding:0}.c0{color:#990000;font-size:10pt;background-color:#ffffff;font-family:"Calibri";font-weight:bold}.c5{color:#990000;font-size:8pt;background-color:#ffffff;font-family:"Calibri"}.c1{color:#990000;font-size:10pt;background-color:#ffffff;font-family:"Calibri"}.c2{max-width:468pt;background-color:#ffffff;padding:72pt 72pt 72pt 72pt}.c4{text-decoration:underline}.c3{direction:ltr}.title{widows:2;padding-top:0pt;line-height:1.15;orphans:2;text-align:left;color:#000000;font-size:21pt;font-family:"Trebuchet MS";padding-bottom:0pt;page-break-after:avoid}.subtitle{widows:2;padding-top:0pt;line-height:1.15;orphans:2;text-align:left;color:#666666;font-style:italic;font-size:13pt;font-family:"Trebuchet MS";padding-bottom:10pt;page-break-afte
r:avoid}li{color:#000000;font-size:11pt;font-family:"Arial"}p{color:#000000;font-size:11pt;margin:0;font-family:"Arial"}h1{widows:2;padding-top:10pt;line-height:1.15;orphans:2;text-align:left;color:#000000;font-size:16pt;font-family:"Trebuchet MS";padding-bottom:0pt;page-break-after:avoid}h2{widows:2;padding-top:10pt;line-height:1.15;orphans:2;text-align:left;color:#000000;font-size:13pt;font-family:"Trebuchet MS";font-weight:bold;padding-bottom:0pt;page-break-after:avoid}h3{widows:2;padding-top:8pt;line-height:1.15;orphans:2;text-align:left;color:#666666;font-size:12pt;font-family:"Trebuchet MS";font-weight:bold;padding-bottom:0pt;page-break-after:avoid}h4{widows:2;padding-top:8pt;line-height:1.15;orphans:2;text-align:left;color:#666666;font-size:11pt;text-decoration:underline;font-family:"Trebuchet MS";padding-bottom:0pt;page-break-after:avoid}h5{widows:2;padding-top:8pt;line-height:1.15;orphans:2;text-align:left;color:#666666;font-size:11pt;font-family:"Trebuchet MS";padding-botto
m:0pt;page-break-after:avoid}h6{widows:2;padding-top:8pt;line-height:1.15;orphans:2;text-align:left;color:#666666;font-style:italic;font-size:11pt;font-family:"Trebuchet MS";padding-bottom:0pt;page-break-after:avoid}</style>
        <br>
        <p class="c3"><span class="c1">Thank you.</span></p>
        <p class="c3"><span class="c1">------------------------------------------------</span></p>
        <p class="c3"><span class="c0">Kris Springer</span></p>
        <br>
        <br>
      </div>
      On 7/27/2014 8:26 PM, Jeremy Laidman wrote:<br>
    </div>
    <blockquote
cite="mid:CAAnki7AJ7uci_WHwFaGffj06sBEj3j9XHyfkvVeiLdaSF8k1_A@mail.gmail.com"
      type="cite">
      <div dir="ltr">
        <div class="gmail_extra">
          <div class="gmail_quote">On 26 July 2014 04:24, Kris Springer
            <span dir="ltr"><<a moz-do-not-send="true"
                href="mailto:kspringer@innovateteam.com" target="_blank">kspringer@innovateteam.com</a>></span>
            wrote:<br>
            <blockquote class="gmail_quote" style="margin:0 0 0
              .8ex;border-left:1px #ccc solid;padding-left:1ex">
              <div text="#000000" bgcolor="#FFFFFF"> I'm trying to get
                rclient working and I'm not understanding the SSH
                requirements.  The whole point of this is to not need to
                configure the client, so what am I supposed to do with
                SSH keys?  I can SSH into the client with user:pass but
                how do I do that with this script?  It wants me to
                create SSH keys?  Anyone have a clue for me?  I'd rather
                just use the user:pass</div>
            </blockquote>
            <div><br>
            </div>
            <div>Kris</div>
            <div><br>
            </div>
            <div>It's not clear to me if you're saying a) you want to
              use key authentication but can't work out how; or b) you
              don't want to use key authentication and would prefer to
              use password authentication.</div>
            <div><br>
            </div>
            <div>The requirement for key-based authentication (rather
              than user:password) is so that a human doesn't need to
              type a password every 5 minutes when the script runs.  If
              you want (prefer) to use a password, you will need a way
              to get the password entered into the ssh client.
               Alternatively, use a non-ssh client that supports
              fetching a password some other way and tell
              xymon-rclient.sh to use that (eg telnet and expect), but
              this is generally less secure than using a key pair for
              authentication.<br>
            </div>
            <div><br>
            </div>
            <div>If you can ssh with username and password, then setting
              up keys for authentication is fairly quick to do.  In case
              you need help with this, here's a brief set of
              instructions.</div>
            <div><br>
            </div>
            <div>First, login to the Xymon server as the xymon user (or
              su), and create a key pair with no passphrase:</div>
            <div><br>
            </div>
            <div>$ ssh-keygen -N "" -f ~/.ssh/xymon-rclient</div>
            <div><br>
            </div>
            <div>This creates two key files called xymon-rclient and
              xymon-rclient.pub, both in the .ssh subdirectory of the
              xymon user's home directory.  The contents of the ".pub"
              file needs to be copied into a file on the host(s) you
              want to monitor.  The other file should be kept secret and
              secure, because it's not protected by a password, yet is a
              "password equivalent".</div>
            <div><br>
            </div>
            <div>Second, append the contents of the .pub file into the
              .ssh/authorized_keys file on the host you want to manage,
              perhaps by doing this:</div>
            <div><br>
            </div>
            <div>$ ssh xymon@host-to-manage "cat >>
              ~/.ssh/authorized_keys" < ~/.ssh/xymon-rclient.pub</div>
            <div><br>
            </div>
            <div>Now you should be able to login using the private key
              instead of a password, and as long as it matches the
              public key at the other end, you should get in:</div>
            <div><br>
            </div>
            <div>$ ssh -i ~/.ssh/xymon-rclient xymon@host-to-manage
              uname -n</div>
            <div><br>
            </div>
            <div>Now, you have key authentication setup, and can start
              using xymon-rclient.sh.</div>
            <div><br>
            </div>
            <div>J</div>
            <div><br>
            </div>
          </div>
        </div>
      </div>
    </blockquote>
    <br>
  </body>
</html>