Nagios plugin for checking SSHFP records
Clone or download
Pull request Compare This branch is 3 commits ahead of stump:master.
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.

This is a Nagios plugin for checking SSHFP records. It checks that all SSHFP records correspond to a key the server offers, that all keys the server offers have SSHFP records, and that all SSHFP records are correct. Incorrect SSHFP records are considered CRITICAL; missing or superfluous ones are considered WARNING.

In case of WARNING or CRITICAL the SSHFP records that are wrong or missing are printed to stdout.

Requires Python 3, dnspython, and the ssh-keyscan program. (On Debian, that means python3-dnspython and openssh-client.) Currently happens to work under Python 2 also, but this has not been tested as extensively.

Here's a define command stanza for it:

define command {
  command_name check_sshfp
  command_line /path/to/check_sshfp '$HOSTADDRESS$'

MIT license.