summaryrefslogtreecommitdiffstats
path: root/plugins/t
diff options
context:
space:
mode:
authorAnton Lofgren <alofgren@op5.com>2013-10-21 08:18:30 +0200
committerLorenz Kästle <lorenz.kaestle@netways.de>2022-01-14 15:34:08 +0100
commitcb0b3e245afcdc29e606299c93fc232ddd6d7cef (patch)
tree69f35f5d31087e4efcd830dd7b1d0b73b4467c2e /plugins/t
parent9899bc736f45400fa70bdee281f5f5b46490b805 (diff)
downloadmonitoring-plugins-cb0b3e2.tar.gz
check_ssh: properly parse a delayed version control string
This resolves an issue with SSH servers which do not respond with their version control string as the first thing in the SSH protocol version exchange phase after connection establishment. This patch also makes sure that we disregard a potential comment in the version exchange string to avoid nonsense mismatches. In the future, we might want to add the capability to match against a user specified comment. In addition, the patch largely improves the communication towards the server, which adds better protocol adherence. Of course, new test cases are added to support the trigger and guard against regressions of the bugs solved by this patch. This fixes op5#7945 (https://bugs.op5.com/view.php?id=7945) Signed-off-by: Anton Lofgren <alofgren@op5.com>
Diffstat (limited to 'plugins/t')
-rw-r--r--plugins/t/check_ssh.t109
1 files changed, 89 insertions, 20 deletions
diff --git a/plugins/t/check_ssh.t b/plugins/t/check_ssh.t
index a5cd23ce..6b5e93bc 100644
--- a/plugins/t/check_ssh.t
+++ b/plugins/t/check_ssh.t
@@ -9,33 +9,102 @@ use Test::More;
9use NPTest; 9use NPTest;
10 10
11# Required parameters 11# Required parameters
12my $ssh_host = getTestParameter("NP_SSH_HOST", "A host providing SSH service", "localhost"); 12my $ssh_host = getTestParameter("NP_SSH_HOST",
13my $host_nonresponsive = getTestParameter("NP_HOST_NONRESPONSIVE", "The hostname of system not responsive to network requests", "10.0.0.1" ); 13 "A host providing SSH service",
14my $hostname_invalid = getTestParameter("NP_HOSTNAME_INVALID", "An invalid (not known to DNS) hostname", "nosuchhost" ); 14 "localhost");
15my $host_nonresponsive = getTestParameter("NP_HOST_NONRESPONSIVE",
16 "The hostname of system not responsive to network requests",
17 "10.0.0.1" );
15 18
19my $hostname_invalid = getTestParameter("NP_HOSTNAME_INVALID",
20 "An invalid (not known to DNS) hostname",
21 "nosuchhost" );
16 22
17plan skip_all => "SSH_HOST must be defined" unless $ssh_host; 23my $res;
18plan tests => 6;
19 24
20 25
21my $result = NPTest->testCmd( 26plan tests => 18;
22 "./check_ssh -H $ssh_host" 27SKIP: {
23 );
24cmp_ok($result->return_code, '==', 0, "Exit with return code 0 (OK)");
25like($result->output, '/^SSH OK - /', "Status text if command returned none (OK)");
26 28
29 skip "No netcat available", 12 unless (system("which nc > /dev/null") == 0);
27 30
28$result = NPTest->testCmd( 31 my $nc_flags = "-l 5003 -i 1";
29 "./check_ssh -H $host_nonresponsive -t 2" 32 #A valid protocol version control string has the form
30 ); 33 # SSH-protoversion-softwareversion SP comments CR LF
31cmp_ok($result->return_code, '==', 2, "Exit with return code 0 (OK)"); 34 #
32like($result->output, '/^CRITICAL - Socket timeout after 2 seconds/', "Status text if command returned none (OK)"); 35 # where `comments` is optional, protoversion is the SSH protocol version and
36 # softwareversion is an arbitrary string representing the server software version
37 open(NC, "echo 'SSH-2.0-nagiosplug.ssh.0.1' | nc ${nc_flags}|");
38 sleep 1;
39 $res = NPTest->testCmd( "./check_ssh -H localhost -p 5003" );
40 cmp_ok( $res->return_code, '==', 0, "Got SSH protocol version control string");
41 like( $res->output, '/^SSH OK - nagiosplug.ssh.0.1 \(protocol 2.0\)/', "Output OK");
42 close NC;
33 43
44 open(NC, "echo 'SSH-2.0-nagiosplug.ssh.0.1 this is a comment' | nc ${nc_flags} |");
45 sleep 1;
46 $res = NPTest->testCmd( "./check_ssh -H localhost -p 5003 -r nagiosplug.ssh.0.1" );
47 cmp_ok( $res->return_code, '==', 0, "Got SSH protocol version control string, and parsed comment appropriately");
48 like( $res->output, '/^SSH OK - nagiosplug.ssh.0.1 \(protocol 2.0\)/', "Output OK");
49 close NC;
34 50
35 51
36$result = NPTest->testCmd( 52 open(NC, "echo 'SSH-' | nc ${nc_flags}|");
37 "./check_ssh -H $hostname_invalid -t 2" 53 sleep 1;
38 ); 54 $res = NPTest->testCmd( "./check_ssh -H localhost -p 5003" );
39cmp_ok($result->return_code, '==', 3, "Exit with return code 0 (OK)"); 55 cmp_ok( $res->return_code, '==', 2, "Got invalid SSH protocol version control string");
40like($result->output, '/^check_ssh: Invalid hostname/', "Status text if command returned none (OK)"); 56 like( $res->output, '/^SSH CRITICAL/', "Output OK");
57 close NC;
41 58
59 open(NC, "echo '' | nc ${nc_flags}|");
60 sleep 1;
61 $res = NPTest->testCmd( "./check_ssh -H localhost -p 5003" );
62 cmp_ok( $res->return_code, '==', 2, "No version control string received");
63 like( $res->output, '/^SSH CRITICAL - No version control string received/', "Output OK");
64 close NC;
65
66 open(NC, "echo 'Not a version control string' | nc ${nc_flags}|");
67 sleep 1;
68 $res = NPTest->testCmd( "./check_ssh -H localhost -p 5003" );
69 cmp_ok( $res->return_code, '==', 2, "No version control string received");
70 like( $res->output, '/^SSH CRITICAL - No version control string received/', "Output OK");
71 close NC;
72
73
74 #RFC 4253 permits servers to send any number of data lines prior to sending the protocol version control string
75 open(NC, "echo 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\n
76 BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB\n
77 CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC\n
78 DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD\n
79 Some\nPrepended\nData\nLines\nSSH-2.0-nagiosplug.ssh.0.2' | nc ${nc_flags}|");
80 sleep 1;
81 $res = NPTest->testCmd( "./check_ssh -H localhost -p 5003" );
82 cmp_ok( $res->return_code, '==', 0, "Got delayed SSH protocol version control string");
83 like( $res->output, '/^SSH OK - nagiosplug.ssh.0.2 \(protocol 2.0\)/', "Output OK");
84 close NC;
85}
86
87SKIP {
88 skip "SSH_HOST must be defined", 6 unless $ssh_host;
89 $res = NPTest->testCmd(
90 "./check_ssh -H $ssh_host"
91 );
92 cmp_ok($result->return_code, '==', 0, "Exit with return code 0 (OK)");
93 like($result->output, '/^SSH OK - /', "Status text if command returned none (OK)");
94
95
96 $res = NPTest->testCmd(
97 "./check_ssh -H $host_nonresponsive -t 2"
98 );
99 cmp_ok($result->return_code, '==', 2, "Exit with return code 0 (OK)");
100 like($result->output, '/^CRITICAL - Socket timeout after 2 seconds/', "Status text if command returned none (OK)");
101
102
103
104 $res = NPTest->testCmd(
105 "./check_ssh -H $hostname_invalid -t 2"
106 );
107 cmp_ok($result->return_code, '==', 3, "Exit with return code 0 (OK)");
108 like($result->output, '/^check_ssh: Invalid hostname/', "Status text if command returned none (OK)");
109
110}