From ccf4ed25f9c96e4d0cd647bbd8d91f38df75dfc0 Mon Sep 17 00:00:00 2001
From: "Archie L. Cobbs" <archie.cobbs@gmail.com>
Date: Thu, 14 Jul 2022 01:47:54 -0500
Subject: check_by_ssh: Add "-U" flag (#1123). (#1774)

This causes a 255 exit value from ssh(1), which indicates a connection failure,
to return UNKNOWN instead of CRITICAL; similar to check_nrpe's "-u" flag.

diff --git a/plugins/check_by_ssh.c b/plugins/check_by_ssh.c
index 39d4907..1ad547e 100644
--- a/plugins/check_by_ssh.c
+++ b/plugins/check_by_ssh.c
@@ -50,6 +50,7 @@ unsigned int services = 0;
 int skip_stdout = 0;
 int skip_stderr = 0;
 int warn_on_stderr = 0;
+bool unknown_timeout = FALSE;
 char *remotecmd = NULL;
 char **commargv = NULL;
 int commargc = 0;
@@ -101,6 +102,13 @@ main (int argc, char **argv)
 
 	result = cmd_run_array (commargv, &chld_out, &chld_err, 0);
 
+	/* SSH returns 255 if connection attempt fails; include the first line of error output */
+	if (result == 255 && unknown_timeout) {
+		printf (_("SSH connection failed: %s\n"),
+		        chld_err.lines > 0 ? chld_err.line[0] : "(no error output)");
+		return STATE_UNKNOWN;
+	}
+
 	if (verbose) {
 		for(i = 0; i < chld_out.lines; i++)
 			printf("stdout: %s\n", chld_out.line[i]);
@@ -180,6 +188,7 @@ process_arguments (int argc, char **argv)
 		{"verbose", no_argument, 0, 'v'},
 		{"fork", no_argument, 0, 'f'},
 		{"timeout", required_argument, 0, 't'},
+		{"unknown-timeout", no_argument, 0, 'U'},
 		{"host", required_argument, 0, 'H'},    /* backward compatibility */
 		{"hostname", required_argument, 0, 'H'},
 		{"port", required_argument,0,'p'},
@@ -212,7 +221,7 @@ process_arguments (int argc, char **argv)
 			strcpy (argv[c], "-t");
 
 	while (1) {
-		c = getopt_long (argc, argv, "Vvh1246fqt:H:O:p:i:u:l:C:S::E::n:s:o:F:", longopts,
+		c = getopt_long (argc, argv, "Vvh1246fqt:UH:O:p:i:u:l:C:S::E::n:s:o:F:", longopts,
 		                 &option);
 
 		if (c == -1 || c == EOF)
@@ -234,6 +243,9 @@ process_arguments (int argc, char **argv)
 			else
 				timeout_interval = atoi (optarg);
 			break;
+		case 'U':
+			unknown_timeout = TRUE;
+			break;
 		case 'H':									/* host */
 			hostname = optarg;
 			break;
@@ -445,6 +457,8 @@ print_help (void)
   printf ("    %s\n", _("Tell ssh to suppress warning and diagnostic messages [optional]"));
 	printf (UT_WARN_CRIT);
 	printf (UT_CONN_TIMEOUT, DEFAULT_SOCKET_TIMEOUT);
+	printf (" %s\n","-U, --unknown-timeout");
+	printf ("    %s\n", _("Make connection problems return UNKNOWN instead of CRITICAL"));
 	printf (UT_VERBOSE);
 	printf("\n");
   printf (" %s\n", _("The most common mode of use is to refer to a local identity file with"));
@@ -474,7 +488,7 @@ void
 print_usage (void)
 {
 	printf ("%s\n", _("Usage:"));
-	printf (" %s -H <host> -C <command> [-fqv] [-1|-2] [-4|-6]\n"
+	printf (" %s -H <host> -C <command> [-fqvU] [-1|-2] [-4|-6]\n"
 	        "       [-S [lines]] [-E [lines]] [-W] [-t timeout] [-i identity]\n"
 	        "       [-l user] [-n name] [-s servicelist] [-O outputfile]\n"
 	        "       [-p port] [-o ssh-option] [-F configfile]\n",
-- 
cgit v0.10-9-g596f