nagios + opensshd + RSA Public Key authentication = self aware and healing network

ok, so… this isnt something i remember easily, so i am jotting it down for future reference.

problem: IIS Hangs on ASP.Net application i made. i am tired of resetting IIS

solution: use current implementation of nagios to restart the service, rather than me doing it manually every time it happens.

step 1 – install openssh server for windows on server
download and install openssh for windows, to c:\openssh
edit OpenSSH\etc\sshd_config and change these lines:
Protocol 2,1
StrictModes no
RSAAuthentication yes
PubkeyAuthentication yes
PasswordAuthentication no

from OpenSSH\etc folder in command line:
..\bin\mkpasswd -d -u administrator >passwd
..\bin\mkgroup -d >group
net start opensshd

step 2 – generate RSA keys (if never done) from nagios machine and copy to server
ssh-keygen -t rsa
scp ~/.ssh/

step 3 – authorize public key on server. command lines
cd \docume~1\{user}
mkdir .ssh
type >>.ssh\authorized_keys

step 4 – test passwordless ssh from nagios box to server
ssh user@server
if prompted for password, double check permissions through path to authorized_keys file and service logon, etc… otherwise, you should get to user homepath without a password.

step 5 – configure nagios
this will vary on version, but in my case, because i am sloppy:
define service{
name generic-service
active_checks_enabled 1
passive_checks_enabled 1
parallelize_check 1
obsess_over_service 1
check_freshness 0
notifications_enabled 1
event_handler_enabled 1
flap_detection_enabled 1
failure_prediction_enabled 1
process_perf_data 1
retain_status_information 1
retain_nonstatus_information 1
is_volatile 0
register 0
define service{
name remote-service
use generic-service
check_period 24x7
max_check_attempts 4
normal_check_interval 5
retry_check_interval 1
contact_groups admins
notification_options w,u,c,r
notification_interval 60
notification_period 24x7
register 0
define service{
use remote-service
host_name server
service_description http
check_command check_http!!"Thinwall Calculation Utility"
event_handler restart_w3svc

# 'check_http' command definition
define command{
command_name check_http
command_line $USER1$/check_http -H $HOSTADDRESS$ -u $ARG1$ -s $ARG2$
# the "-u" is the uri, and the "-s" is for expected string for check_http
#dustins restart_w3svc
define command{
command_name restart_w3svc
command_line /usr/bin/ssh -i /home/administrator/.ssh/id_rsa administrator@$HOSTADDRESS$ "net stop w3svc && net start w3svc"

you dont really need to see the rest of the configuration… but yea, this works.

Did you like this? Share it:
This entry was posted in Uncategorized. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *