-
Notifications
You must be signed in to change notification settings - Fork 10
/
check_nx_localkey
executable file
·36 lines (30 loc) · 1.46 KB
/
check_nx_localkey
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
#!/bin/bash
#
# check_nx_localkey
# Kyle Anderson, 2011, Under the GPL 2
# Nrpe check to ensure that the nx user can ssh to 127.0.0.1 for normal user auth
# NX ssh's to localhost, if it can't you will get login failures with less
# than helpful messages
# Requires this sudo line:
# nagios ALL=(nx) NOPASSWD: /usr/bin/ssh -o StrictHostKeyChecking=yes -o PasswordAuthentication=no -i /var//lib/nxserver/home/.ssh/client.id_dsa.key nx@127.0.0.1
# check for plugin directory where utils.sh lives
[ -d /usr/lib/nagios/plugins ] && UTILPATH=/usr/lib/nagios/plugins
[ -d /usr/lib64/nagios/plugins ] && UTILPATH=/usr/lib64/nagios/plugins
# load states and strings
if [ -x "$UTILPATH"/utils.sh ]; then
. "$UTILPATH"/utils.sh
else
echo "ERROR: Cannot find utils.sh"
exit
fi
# This requires some explaination
#We are sending the quit command, because the nx user just runs the nx server, which will wait, quit will make it quit
# This is the acutal sudo which is needed, we have to sudo to nx, but nx ssh's to itself for the real auth
# No password promts, we are detecting if the local ssh key works
if echo quit | sudo -u nx /usr/bin/ssh -o StrictHostKeyChecking=yes -o PasswordAuthentication=no -i /var//lib/nxserver/home/.ssh/client.id_dsa.key nx@127.0.0.1 > /dev/null ; then
echo "OK: The NX user can ssh to 127.0.0.1 properly"
exit $STATE_OK
else
echo "CRITICAL: The NX user could not ssh to nx@127.0.0.1, please check the key"
exit $STATE_CRITICAL
fi