Skip to main content

Using SSH to Check Services

Hands-On Lab

 

Photo of

Training Architect

Length

01:15:00

Difficulty

Intermediate

You need to connect to and perform a check on a client machine from the Nagios server. Due to your university's firewall rules (port 5666 is not allowed for NRPE), you will need to use SSH. In this hands-on lab, we will configure an SSH check on a client and the Nagios server.

What are Hands-On Labs?

Hands-On Labs are scenario-based learning environments where learners can practice without consequences. Don't compromise a system or waste money on expensive downloads. Practice real-world skills without the real-world risk, no assembly required.

Using SSH to Check Services

Introduction

You need to connect to and perform a check on a client machine from the Nagios server. Due to your university's firewall rules (port 5666 is not allowed for NRPE), you will need to use SSH. In this hands-on lab, we will configure an SSH check on a client and the Nagios server.

Connecting to the Lab

Connect to the Nagios Server

  1. Open your terminal application, and run the following command (remember to replace PUBLIC_IP with the public IP address you were provided on the lab instructions page):
    ssh cloud_user@PUBLIC_IP
  2. Enter yes at the prompt.
  3. Enter your cloud_user password at the prompt.

Connect to the Client

  1. Open a new terminal window, and run the following command (remember to replace CLIENT_IP with the client IP address you were provided on the lab instructions page):
    ssh cloud_user@CLIENT_IP
  2. Type yes at the prompt.
  3. Enter your cloud_user password at the prompt.

Generate SSH Keys for the nagios User

  1. In your Nagios server terminal window, become the nagios user.
    sudo su nagios
  2. Enter your cloud_user password at the prompt.
  3. Generate SSH keys for the nagios user.
    ssh-keygen
  4. Press Enter at the next three prompts to accept the defaults.
  5. Verify that the SSH keys were successfully created.
    ll /home/nagios/.ssh/

Copy the Public Key from the Nagios Server to the Client

  1. Run the following command from your Nagios server terminal window:
    sudo vim /home/nagios/.ssh/id_rsa.pub
  2. Select the entire key, then press Ctrl + Shift + C to copy it to your clipboard.
  3. In your client terminal window, open the authorized_keys file.
    sudo vim /home/cloud_user/.ssh/authorized_keys
  4. Press I to enter Insert mode.
  5. Scroll to the bottom of the file, and press Ctrl + Shift + V to paste the SSH key we just copied.
  6. Press Esc to exit Insert mode, and type :wq to save and exit the file.
  7. Go back to your Nagios server terminal window, and type :q to exit the file.

Test the SSH Connection

  1. From your Nagios server terminal window, run the following command:
    ssh cloud_user@CLIENT_IP
  2. Type yes at the prompt.
  3. After you see the success message, type exit, then exit again to log out and revert to cloud_user.
  4. Attempt to establish the SSH connection as cloud_user.
    ssh cloud_user@CLIENT_IP
  5. Run the following command:
    sudo -i /home/nagios/.ssh/id_rsa cloud_user@CLIENT_IP
  6. Enter the Nagios server password at the prompt.
  7. Type yes at the prompt.
  8. Run the exit command to close the connection.

Copy the check_disk Binaries from the Nagios Server to the Client

  1. Run the following command in your Nagios server terminal window:
    sudo scp -i /home/nagios/.ssh/id_rsa /usr/local/nagios/libexec/check_disk cloud_user@CLIENT_IP:/home/cloud_user/
  2. Enter your cloud_user password at the prompt.
  3. In your client terminal window, list the contents of the current directory.
    ll

Define an SSH Check Command Object on the Nagios Server

  1. In your Nagios server terminal window, change to the /usr/local/nagios/etc/objects/ directory.
    cd /usr/local/nagios/etc/objects/
  2. Open the commands.cfg file.
    sudo vim commands.cfg
  3. Press I to enter Insert mode, and paste the following into the file:

    define command {
    
        command_name    ssh_check_disk
        command_line    /usr/local/nagios/libexec/check_by_ssh -H $HOSTADDRESS$ -i /home/nagios/.ssh/id_rsa -l cloud_user -C "/home/cloud_user/check_disk -w 10% -c 5% -p /"
    }
  4. Press Esc to exit Insert mode, and type :wq to save and exit the file.

Create the Host, Host Group, and Service Object Definitions

  1. Create a new file named linux-server.cfg in the /usr/local/nagios/etc/objects/ directory.
    sudo touch /usr/local/nagios/etc/objects/linux-server.cfg
  2. Open the linux-server.cfg file.
    sudo vim /usr/local/nagios/etc/objects/linux-server.cfg
  3. Press I to enter Insert mode, and paste the following into the file (remember to replace CLIENT_IP with the actual client IP address):

    define host {
    
        use                     linux-server
        host_name               Linux Server
        alias                   linuxSrv
        address                 CLIENT_IP
    
    }
    
    define hostgroup {
    
        hostgroup_name          my-linux-servers
        alias                   Linux Servers
        members                 Linux Server
    
    }
    
    define service {
    
        use                     generic-service
        host_name               Linux Server
        service_description     Check DISK
        check_command           ssh_check_disk
    
    }
    
  4. Press Esc to exit Insert mode, and type :wq to save and exit the file.

Inform Nagios of the New File, Perform a Preflight Check, and Restart Nagios

  1. Run the following command:
    sudo vim /usr/local/nagios/etc/nagios.cfg
  2. Press I to enter Insert mode, and paste in the following:
    Definitions for monitoring a network printer
    cfg_file=/usr/local/nagios/etc/objects/linux-server.cfg
  3. Press Esc to exit Insert mode, and type :wq to save and exit the file.
  4. Run a preflight check.
    sudo /usr/local/nagios/bin/nagios -v /usr/local/nagios/etc/nagios.cfg
  5. Restart Nagios.
    sudo systemctl restart nagios
  6. Check the status of Nagios.
    sudo systemctl status nagios

Log In to the Nagios Web Interface and Reschedule a Check for the Check DISK Service

  1. In a private browser tab, navigate to http://NAGIOS_SERVER_IP/nagios.
  2. At the prompt, enter the following login credentials:
    • User Name: nagiosadmin
    • Password: BlaBla321
  3. Click OK.
  4. Click Services in the left sidebar.
  5. Click the Check DISK service.
  6. Under Service Commands, click Re-schedule the next check of this service.
  7. Next to Check Time, enter a time approximately 10-20 seconds from now (you can check the current time using the date command in your terminal window).
  8. Click Commit, then Done.
  9. Click Services in the left sidebar.
  10. Verify that there are no errors for the Check DISK service under Status Information.

Conclusion

Congratulations, you've successfully completed this hands-on lab!