Efficient Nagios remote monitoring with SSH (version 2)

I never liked have to install agents for different tasks like Backups or monitoring. I think that is always enough with SSH. In this post I will introduce some concepts that I am using as an alternative to the NRPE for nagios.

Time ago I explained how to setup SSH for remote monitor servers in Nagios, using the ControlMaster feature to reuse the connection.

In that post I was using runit to keep the connections alive.

But in OpenSSH 5.6 a new feature has been released:

  • Added a ControlPersist option to ssh_config(5) that automatically starts a background ssh(1) multiplex master when connecting. This connection can stay alive indefinitely, or can be set to automatically close after a user-specified duration of inactivity.

And this is COOL! We can just use some options in the checkbyssh plugin to automatically create the session. The options are:

So, the command definition can be:

define command{ command_name    check_users_ssh command_line    $USER1$/check_by_ssh \ -o ControlMaster=auto \ -o ControlPath=/var/run/nagios/$HOSTNAME$ \ -o ControlPersist=yes \ -i $USER6$ -H $HOSTADDRESS$ -l $USER5$ \ 'check_users -w $ARG1$ -c $ARG2$' }

Note: You have to define the USER variables in resources.cfg.

Then we only need to create the proper user in the remote host. To improve the security, you can:

1. Create the user 'nagiosssh' with shell=/home/nagiosssh/rbash


2. Create a script /home/nagiosssh/rbash:

`#!/bin/sh

Restricted shell for the client.

Sets the path to checks

PATH=/home/icingassh/checks exec /bin/bash --restricted "$@"`

3. Create the directory /home/icingassh/checks  and link here all the desired checks.

Maybe in some days I upload a chef recipe to setup this.