<html>
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<div class="moz-cite-prefix">I believe I've gotten the SSH
authentication working correctly. My problem now is that the
remote client that I'm attempting to monitor is a FreeNAS box with
a Read-Only file system. I can manually enter 'mount -uw /'
directly on the client machine to overcome the Read-Only issue,
but I can't seem to figure out what to do in the rclient script
that will accomplish the same thing. Any ideas?<br>
<div class="moz-signature">
<title>Signature - Kris</title>
<meta content="text/html; charset=UTF-8"
http-equiv="content-type">
<style type="text/css">@import url('<a class="moz-txt-link-freetext" href="https://themes.googleusercontent.com/fonts/css?kit=wAPX1HepqA24RkYW1AuHYA">https://themes.googleusercontent.com/fonts/css?kit=wAPX1HepqA24RkYW1AuHYA</a>');ol{margin:0;padding:0}.c0{color:#990000;font-size:10pt;background-color:#ffffff;font-family:"Calibri";font-weight:bold}.c5{color:#990000;font-size:8pt;background-color:#ffffff;font-family:"Calibri"}.c1{color:#990000;font-size:10pt;background-color:#ffffff;font-family:"Calibri"}.c2{max-width:468pt;background-color:#ffffff;padding:72pt 72pt 72pt 72pt}.c4{text-decoration:underline}.c3{direction:ltr}.title{widows:2;padding-top:0pt;line-height:1.15;orphans:2;text-align:left;color:#000000;font-size:21pt;font-family:"Trebuchet MS";padding-bottom:0pt;page-break-after:avoid}.subtitle{widows:2;padding-top:0pt;line-height:1.15;orphans:2;text-align:left;color:#666666;font-style:italic;font-size:13pt;font-family:"Trebuchet MS";padding-bottom:10pt;page-break-afte
r:avoid}li{color:#000000;font-size:11pt;font-family:"Arial"}p{color:#000000;font-size:11pt;margin:0;font-family:"Arial"}h1{widows:2;padding-top:10pt;line-height:1.15;orphans:2;text-align:left;color:#000000;font-size:16pt;font-family:"Trebuchet MS";padding-bottom:0pt;page-break-after:avoid}h2{widows:2;padding-top:10pt;line-height:1.15;orphans:2;text-align:left;color:#000000;font-size:13pt;font-family:"Trebuchet MS";font-weight:bold;padding-bottom:0pt;page-break-after:avoid}h3{widows:2;padding-top:8pt;line-height:1.15;orphans:2;text-align:left;color:#666666;font-size:12pt;font-family:"Trebuchet MS";font-weight:bold;padding-bottom:0pt;page-break-after:avoid}h4{widows:2;padding-top:8pt;line-height:1.15;orphans:2;text-align:left;color:#666666;font-size:11pt;text-decoration:underline;font-family:"Trebuchet MS";padding-bottom:0pt;page-break-after:avoid}h5{widows:2;padding-top:8pt;line-height:1.15;orphans:2;text-align:left;color:#666666;font-size:11pt;font-family:"Trebuchet MS";padding-botto
m:0pt;page-break-after:avoid}h6{widows:2;padding-top:8pt;line-height:1.15;orphans:2;text-align:left;color:#666666;font-style:italic;font-size:11pt;font-family:"Trebuchet MS";padding-bottom:0pt;page-break-after:avoid}</style>
<br>
<p class="c3"><span class="c1">Thank you.</span></p>
<p class="c3"><span class="c1">------------------------------------------------</span></p>
<p class="c3"><span class="c0">Kris Springer</span></p>
<br>
<br>
</div>
On 7/27/2014 8:26 PM, Jeremy Laidman wrote:<br>
</div>
<blockquote
cite="mid:CAAnki7AJ7uci_WHwFaGffj06sBEj3j9XHyfkvVeiLdaSF8k1_A@mail.gmail.com"
type="cite">
<div dir="ltr">
<div class="gmail_extra">
<div class="gmail_quote">On 26 July 2014 04:24, Kris Springer
<span dir="ltr"><<a moz-do-not-send="true"
href="mailto:kspringer@innovateteam.com" target="_blank">kspringer@innovateteam.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF"> I'm trying to get
rclient working and I'm not understanding the SSH
requirements. The whole point of this is to not need to
configure the client, so what am I supposed to do with
SSH keys? I can SSH into the client with user:pass but
how do I do that with this script? It wants me to
create SSH keys? Anyone have a clue for me? I'd rather
just use the user:pass</div>
</blockquote>
<div><br>
</div>
<div>Kris</div>
<div><br>
</div>
<div>It's not clear to me if you're saying a) you want to
use key authentication but can't work out how; or b) you
don't want to use key authentication and would prefer to
use password authentication.</div>
<div><br>
</div>
<div>The requirement for key-based authentication (rather
than user:password) is so that a human doesn't need to
type a password every 5 minutes when the script runs. If
you want (prefer) to use a password, you will need a way
to get the password entered into the ssh client.
Alternatively, use a non-ssh client that supports
fetching a password some other way and tell
xymon-rclient.sh to use that (eg telnet and expect), but
this is generally less secure than using a key pair for
authentication.<br>
</div>
<div><br>
</div>
<div>If you can ssh with username and password, then setting
up keys for authentication is fairly quick to do. In case
you need help with this, here's a brief set of
instructions.</div>
<div><br>
</div>
<div>First, login to the Xymon server as the xymon user (or
su), and create a key pair with no passphrase:</div>
<div><br>
</div>
<div>$ ssh-keygen -N "" -f ~/.ssh/xymon-rclient</div>
<div><br>
</div>
<div>This creates two key files called xymon-rclient and
xymon-rclient.pub, both in the .ssh subdirectory of the
xymon user's home directory. The contents of the ".pub"
file needs to be copied into a file on the host(s) you
want to monitor. The other file should be kept secret and
secure, because it's not protected by a password, yet is a
"password equivalent".</div>
<div><br>
</div>
<div>Second, append the contents of the .pub file into the
.ssh/authorized_keys file on the host you want to manage,
perhaps by doing this:</div>
<div><br>
</div>
<div>$ ssh xymon@host-to-manage "cat >>
~/.ssh/authorized_keys" < ~/.ssh/xymon-rclient.pub</div>
<div><br>
</div>
<div>Now you should be able to login using the private key
instead of a password, and as long as it matches the
public key at the other end, you should get in:</div>
<div><br>
</div>
<div>$ ssh -i ~/.ssh/xymon-rclient xymon@host-to-manage
uname -n</div>
<div><br>
</div>
<div>Now, you have key authentication setup, and can start
using xymon-rclient.sh.</div>
<div><br>
</div>
<div>J</div>
<div><br>
</div>
</div>
</div>
</div>
</blockquote>
<br>
</body>
</html>