[Nagiosplug-devel] [ nagiosplug-Patches-1472491 ] extra options for check_by_ssh

SourceForge.net noreply at sourceforge.net
Mon Jan 22 05:11:10 CET 2007

Patches item #1472491, was opened at 2006-04-18 19:33
Message generated for change (Comment added) made by hweiss
You can respond by visiting: 

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: Enhancement
Group: None
>Status: Closed
Resolution: None
Priority: 5
Private: No
Submitted By: gerhard lausser (lausser)
Assigned to: Nobody/Anonymous (nobody)
Summary: extra options for check_by_ssh

Initial Comment:

if you use check_by_ssh and the hostkey of the server 
has changed, your /etc/ssh/ssh_known_hosts is poorly 
maintained or if you never made a successful 
connection to tihs server, then you will get the 

qqnagio at lt0073:~> check_by_ssh -H siapp11 -
C 'nrpe/libexec/check_dummy 0'
The authenticity of host 'siapp11 (' 
can't be established.
RSA key fingerprint is 
Are you sure you want to continue connecting 

The service will time out and a warning will be 
issued. If you generate your configuration 
automatically, so at any time new hosts can appear, 
you would have to execute ssh manually and answer 
with yes.
Now it will work until the host is reinstalled or its 
hostkey changes otherwise.

You can suppress this question if you set the 
StrictHostKeyChecking to no either in 
your /etc/ssh/ssh_config or if you give this option 
to ssh. I made a patch fot check_by_ssh.c which adds 
the possibility to call ssh with such an option. 

qqnagio at lt0073:~> check_by_ssh -H siapp11 -
o 'StrictHostKeyChecking =no' -
C 'nrpe/libexec/check_dummy 0' 
Warning: Permanently added 'siapp11' (RSA) to the 
list of known hosts.

Unfortunately you get this warning if you call the 
patches check_by_ssh for the first time. To prevent 
this i also added a '-q' option, which tells ssh to 
suppress warning and diagnostic messages.

qqnagio at lt0073:~> check_by_ssh -H siapp11 -
o 'StrictHostKeyChecking =no' -q -
C 'nrpe/libexec/check_dummy 0' 

Now check_by_ssh no longer cares for inconsistencies 
in your known_hosts files. Keep in mind, that this 
makes you vulnerable to trojan horse attacks.
Do not give secret information to the -a parameter.

You can download the patch from 

Greetings from Munich,


>Comment By: Holger Weiß (hweiss)
Date: 2007-01-22 05:11

Logged In: YES 
Originator: NO

I've updated your patch for the current CVS code, added the options to the
help/usage output and committed it to CVS.  Thanks!


You can respond by visiting: 

More information about the Devel mailing list