I believe I've gotten the SSH authentication working correctly. My problem now is that the remote client that I'm attempting to monitor is a FreeNAS box with a Read-Only file system. I can manually enter 'mount -uw /' directly on the client machine to overcome the Read-Only issue, but I can't seem to figure out what to do in the rclient script that will accomplish the same thing. Any ideas? Signature - Kris
Thank you.
Kris Springer
On 7/27/2014 8:26 PM, Jeremy Laidman wrote:
On 26 July 2014 04:24, Kris Springer <kspringer at innovateteam.com <mailto:kspringer at innovateteam.com>> wrote:
I'm trying to get rclient working and I'm not understanding the SSH requirements. The whole point of this is to not need to configure the client, so what am I supposed to do with SSH keys? I can SSH into the client with user:pass but how do I do that with this script? It wants me to create SSH keys? Anyone have a clue for me? I'd rather just use the user:passKris
It's not clear to me if you're saying a) you want to use key authentication but can't work out how; or b) you don't want to use key authentication and would prefer to use password authentication.
The requirement for key-based authentication (rather than user:password) is so that a human doesn't need to type a password every 5 minutes when the script runs. If you want (prefer) to use a password, you will need a way to get the password entered into the ssh client. Alternatively, use a non-ssh client that supports fetching a password some other way and tell xymon-rclient.sh to use that (eg telnet and expect), but this is generally less secure than using a key pair for authentication.
If you can ssh with username and password, then setting up keys for authentication is fairly quick to do. In case you need help with this, here's a brief set of instructions.
First, login to the Xymon server as the xymon user (or su), and create a key pair with no passphrase:
$ ssh-keygen -N "" -f ~/.ssh/xymon-rclient
This creates two key files called xymon-rclient and xymon-rclient.pub, both in the .ssh subdirectory of the xymon user's home directory. The contents of the ".pub" file needs to be copied into a file on the host(s) you want to monitor. The other file should be kept secret and secure, because it's not protected by a password, yet is a "password equivalent".
Second, append the contents of the .pub file into the .ssh/authorized_keys file on the host you want to manage, perhaps by doing this:
$ ssh xymon at host-to-manage "cat >> ~/.ssh/authorized_keys" < ~/.ssh/xymon-rclient.pub
Now you should be able to login using the private key instead of a password, and as long as it matches the public key at the other end, you should get in:
$ ssh -i ~/.ssh/xymon-rclient xymon at host-to-manage uname -n
Now, you have key authentication setup, and can start using xymon-rclient.sh.
J