On 07/27/14 23:26, Jeremy Laidman wrote:

Second, append the contents of the .pub file into the .ssh/authorized_keys file on the host you want to manage, perhaps by doing this:

$ ssh xymon at host-to-manage "cat >> ~/.ssh/authorized_keys" < ~/.ssh/xymon-rclient.pub

Or, while still the xymon user, simply:

$ ssh-copy-id xymon at host-to-manage

-- Bill Arlofski Reverse Polarity, LLC http://www.revpol.com/ -- Not responsible for anything below this line --

I believe I've gotten the SSH authentication working correctly. My problem now is that the remote client that I'm attempting to monitor is a FreeNAS box with a Read-Only file system. I can manually enter 'mount -uw /' directly on the client machine to overcome the Read-Only issue, but I can't seem to figure out what to do in the rclient script that will accomplish the same thing. Any ideas? Signature - Kris

Thank you.

Kris Springer

On 7/27/2014 8:26 PM, Jeremy Laidman wrote:

On 26 July 2014 04:24, Kris Springer <kspringer at innovateteam.com <mailto:kspringer at innovateteam.com>> wrote:

I'm trying to get rclient working and I'm not understanding the
SSH requirements.  The whole point of this is to not need to
configure the client, so what am I supposed to do with SSH keys? 
I can SSH into the client with user:pass but how do I do that with
this script?  It wants me to create SSH keys?  Anyone have a clue
for me?  I'd rather just use the user:pass

Kris

It's not clear to me if you're saying a) you want to use key authentication but can't work out how; or b) you don't want to use key authentication and would prefer to use password authentication.

The requirement for key-based authentication (rather than user:password) is so that a human doesn't need to type a password every 5 minutes when the script runs. If you want (prefer) to use a password, you will need a way to get the password entered into the ssh client. Alternatively, use a non-ssh client that supports fetching a password some other way and tell xymon-rclient.sh to use that (eg telnet and expect), but this is generally less secure than using a key pair for authentication.

If you can ssh with username and password, then setting up keys for authentication is fairly quick to do. In case you need help with this, here's a brief set of instructions.

First, login to the Xymon server as the xymon user (or su), and create a key pair with no passphrase:

$ ssh-keygen -N "" -f ~/.ssh/xymon-rclient

This creates two key files called xymon-rclient and xymon-rclient.pub, both in the .ssh subdirectory of the xymon user's home directory. The contents of the ".pub" file needs to be copied into a file on the host(s) you want to monitor. The other file should be kept secret and secure, because it's not protected by a password, yet is a "password equivalent".

Second, append the contents of the .pub file into the .ssh/authorized_keys file on the host you want to manage, perhaps by doing this:

$ ssh xymon at host-to-manage "cat >> ~/.ssh/authorized_keys" < ~/.ssh/xymon-rclient.pub

Now you should be able to login using the private key instead of a password, and as long as it matches the public key at the other end, you should get in:

$ ssh -i ~/.ssh/xymon-rclient xymon at host-to-manage uname -n

Now, you have key authentication setup, and can start using xymon-rclient.sh.

J

I think I'm misunderstanding exactly how the rclient script functions and how it aquires the info from the client machine. It appears that I have the SSH keys setup and working because I can enter ' *ssh -i ~/.ssh/xymon-rclient root at freenas.*mydomainname*.com uname -n' from a command line on the xymon server and it displays the hostname of the cli*ent without requesting a password, but it's not collecting the data for some reason.

(I've manually edited my specific IP and domain name in all the following due to this being a public post)

I can verify that there are SSH keys listed in the client's /root/.ssh/ directory and they're labeled with my xymon server's user at hostname confirming that they uploaded into the client correctly when I ran the following commands from the xymon server. #su xymon *#ssh-keygen -N "" -f ~/.ssh/xymon-rclient*

*ssh root at freenas.mydomainname.com "cat >> ~/.ssh/authorized_keys" <

~/.ssh/xymon-rclient.pub

Here's what I have in my tasks.cfg file.

[xymon-rclient]

ENVFILE $XYMONHOME/etc/xymonserver.cfg

CMD $XYMONHOME/ext/xymon-rclient.sh -d 1

LOGFILE $XYMONSERVERLOGS/xymon-rclient.log

INTERVAL 5m* Signature - Kris Here's what I have in my hosts.cfg file. 1.2.3.4 FreeNAS *# trace ssh https://freenas.mydomainname.com "RCLIENT:cmd(ssh -T root@*freenas.mydomainname.com*),ostype(freebsd)"*

Here's what I get in the logs. Wed Jul 30 13:20:00 PDT 2014: starting /usr/lib/xymon/server/ext/xymon-rclient.sh Wed Jul 30 13:20:00 PDT 2014 Adding hosts from hosts.cfg Server 1 freenas.mydomainname.com(freebsd) Command: ssh -T root at freenas.mydomainname.com Wed Jul 30 13:20:01 PDT 2014: Failed to collect data for freenas.mydomainname.com Wed Jul 30 13:20:01 PDT 2014: finished /usr/lib/xymon/server/ext/xymon-rclient.sh (completed 0 out of 1)

Hopefully this gives some sort of clue as to what's going on or what I'm doing wrong.

Thank you.

Kris Springer

On 7/30/2014 12:02 AM, Jeremy Laidman wrote:

On 30 July 2014 16:48, Kris Springer <kspringer at innovateteam.com <mailto:kspringer at innovateteam.com>> wrote:

I believe I've gotten the SSH authentication working correctly. 
My problem now is that the remote client that I'm attempting to
monitor is a FreeNAS box with a Read-Only file system.  I can
manually enter 'mount -uw /' directly on the client machine to
overcome the Read-Only issue, but I can't seem to figure out what
to do in the rclient script that will accomplish the same thing. 
Any ideas?

I'm not sure I follow. If you manually run "mount -uw /" then you don't need to do anything in the rclient script. If you want to do this every time, simply create an extra task.cfg entry that uses "ssh" to do this for you.

I'm puzzled why rclient needs a writeable root filesystem. Does it give an error message?

J

On 31 July 2014 06:27, Kris Springer <kspringer at innovateteam.com> wrote:

I can enter ' *ssh -i ~/.ssh/xymon-rclient root at freenas.*mydomainname*.com uname -n' from a command line on the xymon server and it displays the hostname of the cli*ent

Good

Here's what I have in my hosts.cfg file.

1.2.3.4 FreeNAS *# trace ssh https://freenas.mydomainname.com <https://freenas.mydomainname.com> "RCLIENT:cmd(ssh -T root@* freenas.mydomainname.com*),ostype(freebsd)"*

I wonder if this is the problem. By default, ssh will try to use a key file called "identity", then it will try "id_rsa" and finally "id_dsa" (all in the .ssh directory). So to use a different key file, you use "-i <dirname/filename>" on the command-line. If you need to do this when you do the "uname -n" test, then you probably also need to specify it in the cmd() specification in hosts.cfg.

J

I've modified a few things but haven't gotten any successful results.
See below.

My hosts.cfg. I've tried (freebsd) and also (linux) with the same failed results. 1.2.3.4 freenas.domain.com # trace ssh "RCLIENT:cmd(ssh -T -i /home/xymon/.ssh/xymon-rclient root@%{H}),ostype(freebsd)"

Log results. Thu Jul 31 07:58:23 PDT 2014: starting /usr/lib/xymon/server/ext/xymon-rclient.sh Thu Jul 31 07:58:23 PDT 2014 Adding hosts from hosts.cfg Server 1 freenas.domain.com(freebsd) Command: ssh -T -i /home/xymon/.ssh/xymon-rclient root at freenas.domain.com Thu Jul 31 07:58:24 PDT 2014: Failed to collect data for freenas.domain.com Thu Jul 31 07:58:24 PDT 2014: finished /usr/lib/xymon/server/ext/xymon-rclient.sh (completed 0 out of 1) Thu Jul 31 08:03:23 PDT 2014: starting /usr/lib/xymon/server/ext/xymon-rclient.sh Thu Jul 31 08:03:23 PDT 2014 Adding hosts from hosts.cfg Server 1 freenas.domain.com(linux) Command: ssh -T -i /home/xymon/.ssh/xymon-rclient root at freenas.domain.com Thu Jul 31 08:03:24 PDT 2014: Failed to collect data for freenas.domain.com Thu Jul 31 08:03:24 PDT 2014: finished /usr/lib/xymon/server/ext/xymon-rclient.sh (completed 0 out of 1)

Signature - Kris I can enter the following at command line and get positive result without a password being requested from the client. #su xymon

ssh -T -i /home/xymon/.ssh/xymon-rclient root at freenas.domain.com

<mailto:root at freenas.mydomainname.com> uname -n

Thank you.

Kris Springer

On 7/31/2014 7:19 AM, Root, Paul T wrote:

Oh, I glossed right over that. If you aren’t going to use the default file name for the identity file, then you have to tell xymon to use that non-standard file as well. That doesn’t seem to be an option for the command. So you’d need to either change the command to take that as input, or make the filename the default.

*From:*Xymon [mailto:xymon-bounces at xymon.com] *On Behalf Of *Jeremy Laidman *Sent:* Wednesday, July 30, 2014 9:45 PM *To:* Kris Springer *Cc:* Xymon MailingList *Subject:* Re: [Xymon] xymon-rclient.sh

On 31 July 2014 06:27, Kris Springer <kspringer at innovateteam.com <mailto:kspringer at innovateteam.com>> wrote:

I can enter ' ssh -i ~/.ssh/xymon-rclient root at freenas.mydomainname.com <mailto:root at freenas.mydomainname.com> uname -n' from a command line on the xymon server and it displays the hostname of the client

Good

Here's what I have in my hosts.cfg file.
1.2.3.4  FreeNAS  # trace ssh https://freenas.mydomainname.com
"RCLIENT:cmd(ssh -T root at freenas.mydomainname.com
<http://freenas.mydomainname.com>),ostype(freebsd)"

I wonder if this is the problem. By default, ssh will try to use a key file called "identity", then it will try "id_rsa" and finally "id_dsa" (all in the .ssh directory). So to use a different key file, you use "-i <dirname/filename>" on the command-line. If you need to do this when you do the "uname -n" test, then you probably also need to specify it in the cmd() specification in hosts.cfg.

J

Xymon server is Ubuntu and Scp is not installed. Could that have something to do with my problems? Signature - Kris

Thank you.

Kris Springer

On 7/31/2014 8:29 AM, Root, Paul T wrote:

Signature - Kris

I believe FreeNas is based on FreeBSD. So that should be close.

Can you provide the output of what I sent yesterday? That is scping the freebsd client script and running it.

That is going to provide the debugging info needed.

My guess is that the FreeBSD client script will need to be modified (and renamed) to work for FreeNas.

*From:*Kris Springer [mailto:kspringer at innovateteam.com] *Sent:* Thursday, July 31, 2014 10:18 AM *To:* Root, Paul T; Jeremy Laidman *Cc:* Xymon MailingList *Subject:* Re: [Xymon] xymon-rclient.sh

I've modified a few things but haven't gotten any successful results.
See below.

My hosts.cfg. I've tried (freebsd) and also (linux) with the same failed results. 1.2.3.4 freenas.domain.com # trace ssh "RCLIENT:cmd(ssh -T -i /home/xymon/.ssh/xymon-rclient root@%{H}),ostype(freebsd)"

Log results. Thu Jul 31 07:58:23 PDT 2014: starting /usr/lib/xymon/server/ext/xymon-rclient.sh Thu Jul 31 07:58:23 PDT 2014 Adding hosts from hosts.cfg Server 1 freenas.domain.com(freebsd) Command: ssh -T -i /home/xymon/.ssh/xymon-rclient root at freenas.domain.com <mailto:root at freenas.domain.com> Thu Jul 31 07:58:24 PDT 2014: Failed to collect data for freenas.domain.com Thu Jul 31 07:58:24 PDT 2014: finished /usr/lib/xymon/server/ext/xymon-rclient.sh (completed 0 out of 1) Thu Jul 31 08:03:23 PDT 2014: starting /usr/lib/xymon/server/ext/xymon-rclient.sh Thu Jul 31 08:03:23 PDT 2014 Adding hosts from hosts.cfg Server 1 freenas.domain.com(linux) Command: ssh -T -i /home/xymon/.ssh/xymon-rclient root at freenas.domain.com <mailto:root at freenas.domain.com> Thu Jul 31 08:03:24 PDT 2014: Failed to collect data for freenas.domain.com Thu Jul 31 08:03:24 PDT 2014: finished /usr/lib/xymon/server/ext/xymon-rclient.sh (completed 0 out of 1)

I can enter the following at command line and get positive result without a password being requested from the client. #su xymon

ssh -T -i /home/xymon/.ssh/xymon-rclient root at freenas.domain.com

<mailto:root at freenas.mydomainname.com> uname -n

Thank you.

---

Kris Springer

On 7/31/2014 7:19 AM, Root, Paul T wrote:

Oh, I glossed right over that. If you aren’t going to use the
default file name for the identity file, then you have to tell
xymon to use that non-standard file as well. That doesn’t seem to
be an option for the command. So you’d need to either change the
command to take that as input, or make the filename the default.

*From:*Xymon [mailto:xymon-bounces at xymon.com] *On Behalf Of
*Jeremy Laidman
*Sent:* Wednesday, July 30, 2014 9:45 PM
*To:* Kris Springer
*Cc:* Xymon MailingList
*Subject:* Re: [Xymon] xymon-rclient.sh

On 31 July 2014 06:27, Kris Springer <kspringer at innovateteam.com
<mailto:kspringer at innovateteam.com>> wrote:

I can enter ' ssh -i ~/.ssh/xymon-rclient
root at freenas.mydomainname.com
<mailto:root at freenas.mydomainname.com> uname -n' from a command
line on the xymon server and it displays the hostname of the client

Good

    Here's what I have in my hosts.cfg file.
    1.2.3.4  FreeNAS  # trace ssh https://freenas.mydomainname.com
    "RCLIENT:cmd(ssh -T root at freenas.mydomainname.com
    <http://freenas.mydomainname.com>),ostype(freebsd)"

I wonder if this is the problem.  By default, ssh will try to use
a key file called "identity", then it will try "id_rsa" and
finally "id_dsa" (all in the .ssh directory).  So to use a
different key file, you use "-i <dirname/filename>" on the
command-line.  If you need to do this when you do the "uname -n"
test, then you probably also need to specify it in the cmd()
specification in hosts.cfg.

J