[Xymon] xymon-rclient.sh

Jeremy Laidman jlaidman at rebel-it.com.au
Mon Jul 28 05:26:03 CEST 2014

On 26 July 2014 04:24, Kris Springer <kspringer at innovateteam.com> wrote:

>  I'm trying to get rclient working and I'm not understanding the SSH
> requirements.  The whole point of this is to not need to configure the
> client, so what am I supposed to do with SSH keys?  I can SSH into the
> client with user:pass but how do I do that with this script?  It wants me
> to create SSH keys?  Anyone have a clue for me?  I'd rather just use the
> user:pass


It's not clear to me if you're saying a) you want to use key authentication
but can't work out how; or b) you don't want to use key authentication and
would prefer to use password authentication.

The requirement for key-based authentication (rather than user:password) is
so that a human doesn't need to type a password every 5 minutes when the
script runs.  If you want (prefer) to use a password, you will need a way
to get the password entered into the ssh client.  Alternatively, use a
non-ssh client that supports fetching a password some other way and tell
xymon-rclient.sh to use that (eg telnet and expect), but this is generally
less secure than using a key pair for authentication.

If you can ssh with username and password, then setting up keys for
authentication is fairly quick to do.  In case you need help with this,
here's a brief set of instructions.

First, login to the Xymon server as the xymon user (or su), and create a
key pair with no passphrase:

$ ssh-keygen -N "" -f ~/.ssh/xymon-rclient

This creates two key files called xymon-rclient and xymon-rclient.pub, both
in the .ssh subdirectory of the xymon user's home directory.  The contents
of the ".pub" file needs to be copied into a file on the host(s) you want
to monitor.  The other file should be kept secret and secure, because it's
not protected by a password, yet is a "password equivalent".

Second, append the contents of the .pub file into the .ssh/authorized_keys
file on the host you want to manage, perhaps by doing this:

$ ssh xymon at host-to-manage "cat >> ~/.ssh/authorized_keys" <

Now you should be able to login using the private key instead of a
password, and as long as it matches the public key at the other end, you
should get in:

$ ssh -i ~/.ssh/xymon-rclient xymon at host-to-manage uname -n

Now, you have key authentication setup, and can start using

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.xymon.com/pipermail/xymon/attachments/20140728/88abac02/attachment.html>

More information about the Xymon mailing list