Zabbix – SSH checks

Zabbix can execute shell commands over SSH and record the results.  This ability does not require a Zabbix agent, which is helpful for remote machines.

I use Zabbix SSH checks to verify logins to an SFTP server.

SSH checks in Zabbix are not enabled by default.  You’ll have to enable them in the zabbix_server.conf file as well as compiling support into the server when you build it.

To compile support into the server make sure you add –with-ssh2 to your configure.  You will probably also have to add libssh2 libraries if you get an error like this during your configure

checking for SSH2 support... no
configure: error: SSH2 library not found

I’m running CentOS 5.8 and the repositories I have set up do not have a recent version of 32 bit libssh2.  The 64 bit version that installs is libssh2-1.2.7.1, but that’s not good enough for Zabbix.

I found a 1.2.7.1 RPM for 32 bit libssh2 at http://pkgs.repoforge.org/libssh2/.  Once installed, the configure completes with the –with-ssh2 flag.

After your Zabbix binaries are built.  Edit the zabbix_server.conf configuration file and modify  the SSHKeyLocation to set the full path of the folder where your public and private keys are located.

I use the home directory of the zabbix user

SSHKeyLocation=/home/zabbix/.ssh

Save the modified configuration file and restart the zabbix_server to activate the changes.

Create public and private keys:

# sudo -u zabbix ssh-keygen -t rsa

I did not enter a passphrase for the key pair, but it’s probably best to use a passphrase.

Two files, id_rsa.pub and id_rsa, will be created in the /home/zabbix/.ssh directory and this directory is specified in the zabbix_server.conf file.

Copy the public key to the server you wish to use this check on.  There are many methods, but I use this one regularly:

ssh <username>@<server> "mkdir .ssh; chmod 0700 .ssh; chown <username> .ssh"
cat .ssh/id_rsa.pub | ssh -l <username> <server> "cat - >>.ssh/authorized_keys"
ssh <username>@<server> "chmod 0600 .ssh/authorized_keys; chown <username> .ssh/authorized_keys"

Test your connection after copying SSH key files

sudo -u zabbix ssh <username>@<server>

Create item for your new check

Host                     c_Template_SSHcheck
Description              SSH check
Type                     SSH agent
Key                      ssh.run[1]
Authentication method    Public key
User name                <username>
Public key file          id_rsa.pub    
Private key file         id_rsa
Password    
Executed script          hostname -s
Type of information      Text
Update interval (in sec) 300    
Flexible intervals (sec) No flexible intervals
New flexible interval    Delay Period
Keep history (in days)   7
Status                   Active
New application          SSH    
Applications

http://www.zabbix.com/documentation/2.0/manual/config/items/itemtypes/ssh_checks

Once your item is created, check Latest Data in Zabbix for your new SSH checks. If you don’t see any results be sure to look into the Zabbix logs for more details.

Zabbix SSH checks add simple agentless monitoring to your environment, extending the functionality of Zabbix.


2 Comments on “Zabbix – SSH checks”

  1. Eric says:

    As an update to this for people who find this on Google.

    If using CentOS 6- you don’t need to download the library mentioned above (and it doesn’t exist for 6 anyway at that URL).

    Just do this:

    yum install libssh2-devel.i686 libssh2-devel

    (install both rpms just to keep both system architectures in sync although it may only care about one of the other- didn’t try)

    That will make sure you get the required packages to compile. Just worked for me on Centos 6.4 and Zabbix 2.0.6 from source.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s