[HOWTO] Use a remote script via SSH as Data Input, no SNMP

If you figure out how to do something interesting/cool in Cacti and want to share it with the community, please post your experience here.

Moderators: Developers, Moderators

Un4Seen
Posts: 8
Joined: Sat Dec 08, 2012 7:57 pm
Contact:

Re: [HOWTO] Use a remote script via SSH as Data Input, no SN

Post by Un4Seen »

I am deeply thankful for your help!
I found out this way that cacti runs its cron job under the user www-data. I adapted the steps of your tutorial accordingly and it works like a charm! I'm very happy :) Thank you!
Un4Seen
Posts: 8
Joined: Sat Dec 08, 2012 7:57 pm
Contact:

Re: [HOWTO] Use a remote script via SSH as Data Input, no SN

Post by Un4Seen »

Running scripts on remote hosts via SSH is very convenient and I've been doing it a lot in the past weeks since I've found out about it. However recently I've bumped into a very strange problem.

Using the method described in this thread I can easily set up a passwordless SSH connection between machine A and B, with users a and b:
a@A is running a script via SSH as b@B, no password asked

But if the user on the machine which tries to SSH into the remote machine is root, then the remote machine always asks for a password:

root@A is running a script via SSH as b@B, machine B always asks for b's password

In other words, this works without a password:
a@A: ssh b@B -p22 "df -h"
But this one always asks for b's password:
root@A: ssh b@B -p22 "df -h"
like this:
b@B's password:

I did try to generate the ssh key for root on machine A and added it to the authorized_keys file on machine B, but it did not help. For some reason it does not let the root from machine A execute a script on machine B without asking for a password (but strangely not asking for the root password, it's asking for b's password on machine B).

Does anybody know how to get around this?

Thank you!
User avatar
white-jeroen
Posts: 25
Joined: Sat Mar 22, 2008 10:35 am

Re: [HOWTO] Use a remote script via SSH as Data Input, no SN

Post by white-jeroen »

Hi Un4Seen,

Maybe you can check the setting PermitRootLogin in the SSH Server config.
The config file is probably /etc/ssh/sshd_config.

The setting must be:

Code: Select all

PermitRootLogin without-password
for root login to work via keys.
Jeroen Vermeulen BVBA - freelance PHP, Perl & Magento expert - http://www.jeroenvermeulen.eu/
Un4Seen
Posts: 8
Joined: Sat Dec 08, 2012 7:57 pm
Contact:

Re: [HOWTO] Use a remote script via SSH as Data Input, no SN

Post by Un4Seen »

Thank you white-jeroen!

Yes, that was my first suspicion, but it did not help.
In the end I found the solution but I still don't understand why this solution solves the problem.

The solution I found was to generate the SSH key on machine A both for user a and for user root, then add both these keys to the ~/.ssh/authorized_keys file for user b on machine B (two keys, each on a separate line). After this it works, user root from machine A can log in without password onto machine B as user b, like this:

Code: Select all

root@A: ssh b@B -p22 "df -h"
What I still don't understand is why it was not enough to generate the key for user root on machine A and store it in the authorized_keys file for user b on machine B, why I had to generate the key for user a on machine A too and add it to the same file on machine B. Anyway, it works...
Perhaps it's because what I actually do is I log in to machine A with user a originally and then execute the ssh commands with sudo (which temporarily elevates user a to user root, but maybe it still knows that the command are coming from user a somehow...):

Code: Select all

a@A: sudo ssh b@B -p22 "df -h"
The home dir for user a on machine A was /home/a
The home dir for user root on machine A was /root
Post Reply

Who is online

Users browsing this forum: No registered users and 1 guest