[Xymon] Understanding the protocol.cfg file and ssh test

Don Kuhlman Don.Kuhlman at schawk.com
Fri Mar 9 23:26:35 CET 2012 

Ok. Since we are sort of talking about the protocol.cfg file and other related things, ;),  I wanted to try and verify my understanding of it and also pose another question about how the tests are working.

Our protocols.cfg file contains this for ssh|ssh1|ssh2

[ssh|ssh1|ssh2]
   send "SSH-2.0-OpenSSH_4.1\r\n"
   expect "SSH"
   options banner
   port 22

I have a host running the ssh test configured as below in hosts.cfg:
1.2.3.4 sshostbeingtested.our.domain.com #fqdn.hostbeingtested.our.domain.com noconn ssh

This is an external server that is not ours and not on our internal network.
We are doing a sftp connection to it from applications and want to make sure sftp is working to that host.
The connection is using port 22 so that's why I picked the ssh test.

I can make a connection to that host over port 22 from a computer on our network.
It returns a string as below when I make a connection over port 22:

SSH-2.0-mod_sftp/0.9.7
☻|      ¶╧▐÷⌐└⌡
               7ï╝ôm╫ë┬÷ïdiffie-hellman-group-exchange-sha256,diffie-hellman-gro
up-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa1024-
sha1ssh-rsa,ssh-dssÅaes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes12
8-cbc,blowfish-ctr,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,3des-ctr,3des-
cbcÅaes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,blowfish-c
tr,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,3des-ctr,3des-cbc:hmac-sha1,hm
ac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160:hmac-sha1,hmac-sha1-96,hmac-md5,h
mac-md5-96,hmac-ripemd160♦none♦noneV8┬·╗┐$█╥SSH-2.0-OpenSSH_4.1

1) So, is the ssh|ssh1|ssh2 test in protocols.cfg supposed to make the connection to the target host via port 22, then send it that string in red above - "SSH-2.0-OpenSSH_4.1\r\n" ?

2) If so, why would it send this, as we don't want to tell that to the host do we?

3) Then is it expecting the host to reply with only "SSH" or is it looking for anything matching that in the reply?
As you can see, the target host is sending a lot more back when you make a port 22 connection to it.

4) Is the options banner line supposed to say it's okay to send us all that other stuff back or not?

Thanks all.

If this has been answered, please send me the link as my google foo isn't fooing well again today while searching for this kind of clarification.

Don K

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.xymon.com/pipermail/xymon/attachments/20120309/ccc15532/attachment.html>

More information about the Xymon mailing list