Secure Shell (SSH) Check Guidelines

Introduction

SSH Secure Shell allows secure network services over an insecure network, such as the Internet. With SSH, ActiveXperts Network Monitor can login onto a remote machine running the SSH daemon, and execute a command or shell script. ActiveXperts Network Monitor requires the output (i.e. StdOut) to be formatted according to the following syntax:

[ SUCCESS | ERROR | UNCERTAIN]: { <explanation> } { DATA:<value>}

The <explanation> will be shown in the 'Last Response' column in the Manager application. The <value> field will be shown in the 'Data' column in the Manager application. Samples:

ERROR: Free Disk space is less than 40 GB DATA:34

SUCCESS: Daemon 'LPD' is running

An SSH Shell Script check requires the following parameters:

• Host - Host name or IP address of the remote LINUX/UNIX host;
• Port - TCP port used for RSH on the remote host. Default port is 22;
• SSH Command - Specifies the command to run on the remote host;
• Script Timeout - Specifies the maximum number of milliseconds to wait for completion of the script; if the script takes longer, it will be terminated. Default value: 5000 milliseconds;
• Account - Account used to authenticate to the remote host;
• Password - Password used to authenticate to the remote host. If you use a Private Key File to authenticate, you can leave the 'Password' field blank;
• Private Key File - Private Key File used to authenticate to the remote host. If you use a Password to authenticate, you can leave the 'Private Key File' field blank. The file must be in PuTTY compatible format.
• If StdErr is not empty, the result will be - If there's an error in the script, you can handle this error and specify what the result of the check should be: Uncertain, Error or Success.

Private Key File format

To logon using a Private Key File, make sure that your key file is in PuTTY compatible format. PuTTY is a free and open-source terminal emulator, and very popular under Windows.

In order to use Private Key File authentication with ActiveXperts, make sure you have generated your public/private key pair under Linux, and copy the private key file to a Windows machine, like this:

• Login to your Linux machine as root
• Create a key-pair from the command prompts:
  ssh-keygen -t rsa
• Save the keys. E.g. when logged on as 'myaccount' root user to Linux:
  Enter file in which to save the key (/home/myaccount/.ssh/id_rsa):
• Copy public key to Linux' authorized_keys file (assuming your linux host has IP 192.168.31.104):
  ssh-copy-id myaccount@192.168.31.104
• Copy private key file 'id_rsa' (located in '/home/myaccount/.ssh/') to your Windows server.

Now, you need to convert your private key file (e.g. 'id_rsa') to a PuTTY compatible file (e.g. 'id_rsa.ppk'):

• Launch PuTTYGen.exe, click menu 'Conversions';
• Load your private key file generated under Linux (e.g.'id-rsa'), click on [Save Private Key] and save it with a .ppk extension (e.g. 'id_rsa.ppk')

SSH login takes long

If connecting to a host with SSH takes much longer than reasonable, it is likely that reverse DNS lookup by the SSH daemon is the reason for that.

There is a setting in OpenSSH that controls whether SSHd should not only resolve remote host names but also check whether the resolved host names map back to remote IPs. That setting is enabled by default in OpenSSH.

There are two way to fix it (on the SSH host):

• Add 'UseDNS no' to /etc/ssh/sshd_config
• OR Add the client's net address to the server's /etc/hosts file

Network Monitor SSH checks

Please click here for more information on Network Monitor SSH checks.

Samples

Please click here for more information on Network Monitor SSH samples.