[Nagiosplug-devel] Problem with check_ssh and RST

Georg Hoesch Georg.Hoesch at genua.de
Fri Sep 3 14:21:48 CEST 2010


I have a problem with check_ssh. check_ssh opens the connection, checks
the SSH server version string, sends its own check_ssh client identifier
and closes the socket.

The server usually continues with the protocol and sends a key exchange
packet. This packets hits the closed socket on the client side and
triggers a 'RST' packet. This RST is an error condition and should be

Instead check_ssh should assure that the connection is properly
closed (FIN) from both sides. This can be achieved by half-closing
the connection and waiting for close-confirmation from the other side.

Alternatively check_ssh can stop the check after receiving the server
identification string. If we close the connection in this state, the
server can handle it well and won't send data which we don't handle.
The client-identification is not sent but IMHO this is no problem.

I have written a small patch for this alternative and I hope that
someone is willing to test and integrate this.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: check_ssh_RST_bugfix.patch
Type: text/x-diff
Size: 911 bytes
Desc: not available
URL: <https://www.monitoring-plugins.org/archive/devel/attachments/20100903/c2c8a63e/attachment.patch>

More information about the Devel mailing list