check_sftp: fixed validation for private-key arg

[wu3rstle]

corrected argument name to expect to prevent the error: option --private-key not recognized

[jherbel]

Hi, thanks for this PR. Are you actually using this argument? I am asking since it is not configurable via the GUI and it anyway does the same as --secret (which also looks like a bug to me).

[wu3rstle]

Hi, i am using this argument via Integrate Nagios plugins because we are connecting to an sftp server that only allows sftp authentication via ssh-key.

check_sftp --host $HOSTADDRESS$ --user <SFTP_USER> --private-key ~/.ssh/id_rsa.openssh

The two arguments are for different use cases:

• --secret: password for authentication
• --private-key: using ssh key for authentication

[jherbel]

Ok, this makes sense. However, then I think there is another bug in check_sftp. The code says:

elif opt in ["--secret"]:
	opt_pass = arg
elif opt in ["--private-key"]:
	opt_pass = arg

So --secret and --private-key effectively do the same thing (unintentionally). They are both passed on to paramiko.client.SSHClient.connect as password. I think --private-key should be set as pkey in paramiko.client.SSHClient.connect, right? The solution would be:

elif opt in ["--private-key"]:
	opt_key = arg

Could you please take a look and check if I am correct? If I am, could you please include this in your fix and also briefly test it?

[wu3rstle]

i added the missing commit which was only local.

[wu3rstle]

Now the check on my local check_mk installation works as expected with the copied file.

Now i tell paramiko.client.SSHClient.connect to use the key as argument for key_filename to allow usage of the given ssh key path.
I also adjusted the command's help message to make clear which key-format has to be used for the dependency.

[jherbel]

Hi, thanks for the changes, I would suggest to slightly rename the argument for clarity

[jherbel]

Looks good, thanks, this will be merged shortly.