[Nagiosplug-devel] [ nagiosplug-Bugs-1252285 ] check_ssh reports critical for some SSH servers

SourceForge.net noreply at sourceforge.net
Sun Jun 3 19:49:54 CEST 2007


Bugs item #1252285, was opened at 2005-08-05 01:59
Message generated for change (Comment added) made by psychotrahe
You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=397597&aid=1252285&group_id=29880

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: Interface (example)
Group: Release (specify)
Status: Open
Resolution: None
Priority: 5
Private: No
Submitted By: TexasDavid (daupperle)
Assigned to: Nobody/Anonymous (nobody)
Summary: check_ssh reports critical for some SSH servers

Initial Comment:
The check_ssh plugin reports STATE_CRITICAL for 
certain SSH servers.  As a result some valid SSH 
servers are reported down.  For example, the following 
is a valid response for a working SSH server:

sshd2: SSH Secure Shell 2.4.0 (non-commercial 
version) on hppa2.0n-hp-hpux11.00 

The problem lies on line 216 of check_ssh.c (Version 
1.27).  THe function strncmp should be replaced with 
strncasecmp.  Note: this change will not return the 
version properly, but it will return the state information.

The following changes will properly evaluate the above 
SSH server in more detail and probably should be 
applied to the patch.

216c216
<       if (strncmp (output, "SSH", 3)) {
---
>       if (strncasecmp (output, "SSH", 3)) {
224,227c224,237
<               ssh_proto = output + 4;
<               ssh_server = ssh_proto + strspn 
(ssh_proto, "-0123456789. ");
<               ssh_proto[strspn 
(ssh_proto, "0123456789. ")] = 0;
<
---
>                 if (strncmp(output,"sshd2",5)==0) {
>                    // Output(one line): sshd2: SSH Secure
>                    //    Shell 2.4.0 (non-commercial version)
>                    //    on hppa2.0n-hp-hpux11.00
>                    ssh_server = output + 7;
>                  ssh_server[strcspn 
(ssh_server, "0123456789")-1] = 0;
>                    ssh_proto = ssh_server + strlen
(ssh_server)+1;
>                  ssh_proto[strspn 
(ssh_proto, "0123456789. ")] = 0;
>                 }
>                 else { // Standard servers
>                 ssh_proto = output + 4;
>                 ssh_server = ssh_proto + strspn 
(ssh_proto, "-0123456789. ");
>                 ssh_proto[strspn 
(ssh_proto, "0123456789. ")] = 0;
>                 }


----------------------------------------------------------------------

>Comment By: Matthias Eble (psychotrahe)
Date: 2007-06-03 19:49

Message:
Logged In: YES 
user_id=1694341
Originator: NO

Hi David,

I looked at the rfc (http://tools.ietf.org/html/rfc4253#section-4.2) and
this claims that 
there must be a line like SSH-... but there MAY be other lines before that
one that specifies the version.

could you send the whole text the server offers (eg using netcat 127.0.0.1
22)?

The patch you specified is a bit too specific to me.

Matthias

----------------------------------------------------------------------

You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=397597&aid=1252285&group_id=29880




More information about the Devel mailing list