[Nagiosplug-help] check_by_ssh with cluster

Lawrence, Lynne LLawrence at osc.uscg.mil
Tue Nov 9 12:39:02 CET 2004


This has happened to us as well.  The way to get around it is, in your
/root/.ssh/known_hosts file, preface the key info with multiple host names.
For instance:

efrirdb,clnode1 ssh-rsa KEY_VALUE_clnode1
efrirdb,clnode2 ssh-rsa KEY_VALUE_clnode2

Then sshd will accept either key for "host" efrirdb.  This works for us :-)

Lynne Lawrence
QSS/USCG

> -----Original Message-----
> From: nagiosplug-help-admin at lists.sourceforge.net 
> [mailto:nagiosplug-help-admin at lists.sourceforge.net]On Behalf 
> Of Horváth Tamás
> Sent: Tuesday, November 09, 2004 12:23 PM
> To: Nagiosplug-Help at Lists. Sourceforge. Net
> Subject: [Nagiosplug-help] check_by_ssh with cluster
> 
> 
> Hi List Members!
> 
> My cluster consists of two Solaris 9 hosts: clnode1 and clnode2. This
> cluster provides a logical Oracle database host: efrirdb. I 
> use check_by_ssh
> against efrirdb to run the check_oracle plugin. I use the 
> identity (-i)
> option to login via public RSA keys.
> 
> Until now it worked very well. However yesterday the Oracle 
> database has
> stopped on clnode1 host and started to run on clnode2. This is normal
> operation of a cluster, but after that the check_by_ssh 
> plugin give me the
> following output:
> 
> "@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
> @    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
> @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
> IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
> Someone could be eavesdropping on you right now 
> (man-in-the-middle attack)!
> It is also possible that the RSA host key has just been changed.
> The fingerprint for the RSA key sent by the remote host is
> 08:4e:05:5c:db:22:95:94:47:f2:d3:9d:3f:bf:80:8d.
> Please contact your system administrator.
> Add correct host key in /root/.ssh/known_hosts to get rid of 
> this message.
> Offending key in /root/.ssh/known_hosts:10
> Password authentication is disabled to avoid 
> man-in-the-middle attacks."
> 
> I turned of the relevant variables on ssh_config file. After 
> it I can login
> via ssh client to efrirdb, but the same output appeared again.
> 
> HOW CAN I RESOLVE THIS ISSUE WITH check_by_ssh?
> 
> As I think, If I'll put the key of clnode2 to the 
> /root/.ssh/known_hosts I
> would give back the same output when the database stareted 
> tor un on clnode1
> again.
> 
> Another problem: states of database services changed to warning with a
> PLUGIN OUTPUT: 
> "@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"
> 
> HOW CAN I IGNORE IT?
> 
> Versions:
> Nagios 1.2 on Debian 3.1
> check_by_ssh (nagios-plugins 1.3.1) 1.9
> 
> Thanks in advance!
> 
> Bye, Tamas!
> 
> 
> 
> -------------------------------------------------------
> This SF.Net email is sponsored by:
> Sybase ASE Linux Express Edition - download now for FREE
> LinuxWorld Reader's Choice Award Winner for best database on Linux.
> http://ads.osdn.com/?ad_id=5588&alloc_id=12065&op=click
> _______________________________________________
> Nagiosplug-help mailing list
> Nagiosplug-help at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/nagiosplug-help
> ::: Please include plugins version (-v) and OS when reporting 
> any issue. 
> ::: Messages without supporting info will risk being sent to /dev/null
> 




More information about the Help mailing list