The Industry Standard in IT Infrastructure Monitoring

Purpose
This document describes how to monitor hosts with Nagios XI by using SSH to execute monitoring plugins and scripts on remote
machines.
Target Audience
This document is intended for use by Nagios XI Administrators.
SSH Overview
SSH is a secure communication protocol that can be used to
login to remote servers andor execute commands on remote
servers.
Nagios XI can monitor metrics and services on remote
machines by using an SSH proxy plugin called
chec!"by"ssh. The chec!"by"ssh plugin allows Nagios to
execute monitoring plugins and scripts on the remote
machine in a secure manner# without having to supply
authentication credentials.
Prerequisites
$ou%ll need to configure SSH !eys for the nagios user on your Nagios XI server before you can continue. To do this# login to your
Nagios XI server as root and issue the following commands&
su nagios
ssh-keygen
'ress (NT() *accepting defaults+ when prompted for a filename and passphrase. 'ublic and private SSH !eys will be generated and
saved in the following directory&
homenagios.ssh
$ou will need the contents of the public !ey file *which has a .pub extension+ later.
,efore you can use the chec!"by"ssh plugin# you must installconfigure the following on the remote -inux.nix server you want to
monitor&
/reate a nagios user
Install Nagios plugins andor monitoring scripts
Install and configure the SSH daemon
-ogin to the remote -inux.nix server and issue the following commands&
su nagios
ssh-keygen
'ress (NT() *accepting defaults+ when prompted for a filename and passphrase.
Page 1
/opyright 0 1233 Nagios (nterprises# --/
)evision 3.2 4 August# 1231
Nagios XI Monitoring Hosts !sing SSH
Nagios "nterprises# $$% !S& 1'((('NA)IOS'1 *e+& www,nagios,co-
P,O, .o/ (101
Saint Pau2# MN 0013(
!SA
Int42& 51 601'731'8137 "-ai2& sa2es9nagios,co-
:a/& 51 601'731'813;
$ou must now copy the public !ey of the nagios user on the Nagios XI server to the authorized_keys file for the nagios user on the
remote -inux.nix server. $ou can do so automatically by running&
su nagios
ssh-copy-id nagios@remoteip
If the file doesn%t exist# you%ll need to create a new file.
I-portant& The permissions on the authori5ed"!eys files must be such that the file cannot be read or written to by anyone other than
the nagios user# as shown below.
[nagios@localhost .ssh]$ ls -al
total 24
drwx------ 2 nagios users 4096 ul !6 09"44 .
drwx------ # nagios users 4096 ul !6 09"4# ..
-rw------- ! nagios users 4!0 ul !6 09"44 authori$ed%keys
-rw------- ! nagios users !6&' ul !6 09"4# id%rsa
-rw-r--r-- ! nagios users 4!0 ul !6 09"4# id%rsa.pu(
[nagios@localhost .ssh]$
Test Password2ess $ogin
6erify that you can login to the remote server *without supplying a password+ by using the following commands on the Nagios XI server
*replace remoteip with the I' address of the remote -inuxServer+&
su nagios
ssh nagios@remoteip
If this is the first time you are connecting to the remote server# you will be as!ed if you want to connect. Select $es when prompted. If
the SSH !eys are configured properly you should be able to login to the remote machine without supplying credentials.
As a last test# run the following command as the nagios user on the Nagios XI server *replace remoteip with the I' address of the
remote -inuxServer+&
)usr)local)nagios)li(exec)check%(y%ssh -* remoteip -+ upti,e
If things are setup properly# you should get output from the 7uptime8 command on the remote server that loo!s similar to the following&
29&:2&3: up 32 days# 1;&2<# 1 users# load average& 3.=<# 3.;1# 3.;2
I-portant& If you are as!ed for a password# it means something isn%t setup properly> To remedy this# search the Internet for tutorials on
setting up passwordless authentication using SSH !eys.
Page 7
/opyright 0 1233 Nagios (nterprises# --/
)evision 3.2 4 August# 1231
Nagios XI Monitoring Hosts !sing SSH
Nagios "nterprises# $$% !S& 1'((('NA)IOS'1 *e+& www,nagios,co-
P,O, .o/ (101
Saint Pau2# MN 0013(
!SA
Int42& 51 601'731'8137 "-ai2& sa2es9nagios,co-
:a/& 51 601'731'813;
!sing The SSH *i<ard
An SSH proxy wi5ard has been developed for Nagios XI that ma!es monitoring remote servers easy. $ou can download the SSH proxy
wi5ard from the following .)-&
http&assets.nagios.comdownloadsnagiosxiwi5ardssshproxy.5ip
?nce you install the wi5ard in Nagios XI# you%ll see it in the list of available wi5ards.
@hen you run the wi5ard# it will as! you for the I' address and
?perating system of the remote -inux.NIX server you want to
monitor.
The wi5ard allows you to specify multiple commands that should be
executed for monitoring purposes. (ach command can have a
7friendly8 display name service description associated with it.
The screenshot to the right provides an example of how the
status detail page for the remote host will loo! once you
complete the wi5ard.
:inishing !p
That%s it> Aonitoring remote -inux.nix servers with Nagios
XI is simple to accomplish.
Page ;
/opyright 0 1233 Nagios (nterprises# --/
)evision 3.2 4 August# 1231
Nagios XI Monitoring Hosts !sing SSH
Nagios "nterprises# $$% !S& 1'((('NA)IOS'1 *e+& www,nagios,co-
P,O, .o/ (101
Saint Pau2# MN 0013(
!SA
Int42& 51 601'731'8137 "-ai2& sa2es9nagios,co-
:a/& 51 601'731'813;