Taking advantage of check_by_ssh

nagios core install | nagios core | nagios plugins | nagios ssh

enable check_by_ssh

prepare nagios server

on the nagios server

omd

echo $HOME # /omd/sites/SITE-NAME
ssh-keygen -t ed25519
cat ~/.ssh/*pub

nagios core

    grep ^nagios-cmd /etc/passwd
    mkdir /var/nagios/.ssh/
    ssh-keygen -f /var/nagios/.ssh/id_ed25519 -t ed25519
    chown -R nagios-cmd:nagios-cmd /var/nagios/.ssh/
    vi /var/nagios/.ssh/id_ed25519.pub

    ... nagios-cmd@...

    cat /var/nagios/.ssh/id_ed25519.pub

prepare target system

for remote check_by_ssh checks to work, first make sure there’s an available user shell

on the nagios agent

chsh -s /bin/bash nagios

    grep ^nagios /etc/passwd
    mkdir /usr/libexec/nagios/.ssh/
    vi /usr/libexec/nagios/.ssh/authorized_keys

    (copy/paste)

    chown -R nagios:nagios /usr/libexec/nagios/.ssh/
    chmod 600 /usr/libexec/nagios/.ssh/authorized_keys

The stderr situation

either add that flag when calling check_by_ssh

 -E, --skip-stderr[=n]
    Ignore all or (if specified) first n lines on STDERR [optional]

or simply make sure there’s absolutely no stderr

vi /var/nagios/.ssh/config

host *
    visualhostkey no

Troubleshooting

UNKNOWN - check_by_ssh: Remote command execution failed: Host key fingerprint is SHA256:...

==> make sure there’s no sdterr when calling the remote hosts

Resources

https://www.techrepublic.com/article/remotely-monitor-servers-with-the-nagios-check-by-ssh-plugin/ ===> THAT WAS HELPFUL

https://exchange.nagios.org/directory/Plugins/*-Remote-Check-Tunneling ==> THAT ALSO