[Xymon] xymon-rclient.sh

Kris Springer kspringer at innovateteam.com
Wed Jul 30 08:48:49 CEST 2014 

I believe I've gotten the SSH authentication working correctly.  My 
problem now is that the remote client that I'm attempting to monitor is 
a FreeNAS box with a Read-Only file system.  I can manually enter 'mount 
-uw /' directly on the client machine to overcome the Read-Only issue, 
but I can't seem to figure out what to do in the rclient script that 
will accomplish the same thing.  Any ideas?
Signature - Kris

Thank you.

------------------------------------------------

Kris Springer



On 7/27/2014 8:26 PM, Jeremy Laidman wrote:
> On 26 July 2014 04:24, Kris Springer <kspringer at innovateteam.com 
> <mailto:kspringer at innovateteam.com>> wrote:
>
>     I'm trying to get rclient working and I'm not understanding the
>     SSH requirements.  The whole point of this is to not need to
>     configure the client, so what am I supposed to do with SSH keys? 
>     I can SSH into the client with user:pass but how do I do that with
>     this script?  It wants me to create SSH keys?  Anyone have a clue
>     for me?  I'd rather just use the user:pass
>
>
> Kris
>
> It's not clear to me if you're saying a) you want to use key 
> authentication but can't work out how; or b) you don't want to use key 
> authentication and would prefer to use password authentication.
>
> The requirement for key-based authentication (rather than 
> user:password) is so that a human doesn't need to type a password 
> every 5 minutes when the script runs.  If you want (prefer) to use a 
> password, you will need a way to get the password entered into the ssh 
> client.  Alternatively, use a non-ssh client that supports fetching a 
> password some other way and tell xymon-rclient.sh to use that (eg 
> telnet and expect), but this is generally less secure than using a key 
> pair for authentication.
>
> If you can ssh with username and password, then setting up keys for 
> authentication is fairly quick to do.  In case you need help with 
> this, here's a brief set of instructions.
>
> First, login to the Xymon server as the xymon user (or su), and create 
> a key pair with no passphrase:
>
> $ ssh-keygen -N "" -f ~/.ssh/xymon-rclient
>
> This creates two key files called xymon-rclient and xymon-rclient.pub, 
> both in the .ssh subdirectory of the xymon user's home directory.  The 
> contents of the ".pub" file needs to be copied into a file on the 
> host(s) you want to monitor.  The other file should be kept secret and 
> secure, because it's not protected by a password, yet is a "password 
> equivalent".
>
> Second, append the contents of the .pub file into the 
> .ssh/authorized_keys file on the host you want to manage, perhaps by 
> doing this:
>
> $ ssh xymon at host-to-manage "cat >> ~/.ssh/authorized_keys" < 
> ~/.ssh/xymon-rclient.pub
>
> Now you should be able to login using the private key instead of a 
> password, and as long as it matches the public key at the other end, 
> you should get in:
>
> $ ssh -i ~/.ssh/xymon-rclient xymon at host-to-manage uname -n
>
> Now, you have key authentication setup, and can start using 
> xymon-rclient.sh.
>
> J
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.xymon.com/pipermail/xymon/attachments/20140729/bdf00ecc/attachment.html>

More information about the Xymon mailing list