How to monitor hosts using SSH

This article describes how to monitor hosts with GroundWork Monitor by using SSH to execute monitoring plugins and scripts on remote servers.

SSH is a secure communication protocol that can be used to login to and execute commands on remote servers. GroundWork Monitor can monitor metrics and services on remote servers by using an SSH plugin, check_by_ssh, for checking such services as disk space, load, and memory. This SSH procedure is an update from previous versions of GroundWork Monitor. The GroundWork Monitor 8.0.0 system uses Docker containers with Nagios in its own container, thus Docker commands are used in the setup process. 

The remote server requires a running SSHD, which is the daemon program for SSH that listens for a connection, this should be installed and running by default. The remote server also requires the public key authentication to be enabled, an ordinary user login (typically nagios) with a home directory. In addition, and the actual SSH monitoring requires a set of Nagios plugins resident on the remote server. Each variety of servers must get plugins that are binary and library compatible. You need to obtain and install plugin packages from the GroundWork knowledge base. These packages are for generic Linux hosts and most Linux variants will work and all the required libraries and Perl modules are included. You could also choose to copy plugins from a working target system with matching OS and architecture, or download plugins from the Nagios site per the site instructions.

The sections below step through the configuration of the remote server, setting up an SSH connection between the GroundWork sever and the remote server using SSH keys, and configuring a new host to monitor using SSH profiles. In our example we use the name groundworkserver when referring to the GroundWork server, and remoteserver when referring to the server to be monitored via SSH. 

Configuring the remote server

Set public key authentication

  1. Open a terminal session to the remote server.

  2. Become the root user:

    user@remoteserver:~$ sudo su -
  3. Edit the SSHD configuration file:

    root@remoteserver:~$ vi /etc/ssh/sshd_config
  4. Locate the entry for PubkeyAuthentication (under # Authentication) and make sure it's set to yes and not commented out, then save the file:

    PubkeyAuthentication yes
  5. Restart the daemon if the directive was modified, for example:

    root@remoteserver:~# service sshd restart

Create nagios user and ssh directory

  1. Create the nagios user with the following command, which also makes a home directory:

    root@remoteserver:~# useradd -m nagios
  2. Change to the nagios home directory:

    root@remoteserver:~# cd /home/nagios
  3. Create the .ssh directory:

    root@remoteserver:/home/nagios~# mkdir .ssh
  4. Change access permissions (owner can read, write and execute):

    root@remoteserver:/home/nagios~# chmod 700 .ssh
  5. Change file ownership and group:

    root@remoteserver:/home/nagios~# chown nagios.nagios .ssh

Copying keys from GroundWork to remote

This section steps through setting up an SSH connection between the GroundWork server and the remote server by picking up an already generated RSA private key on the GroundWork server and pushing it out to the remote server.

This process accesses the root shell on the Nagios container. Please use docker commands carefully.

Copy the key on the GroundWork server

  1. Open a terminal session to the GroundWork server.
  2. Become the user used to install and run GroundWork 8, and change to the gw8 directory:

    user@groundworkserver:~$ cd gw8

  3. Using the docker cp command, copy the public key file to the local directory:

    user@groundworkserver:~/gw8$ docker cp dockergw8_nagios_1:/home/nagios/.ssh/ .
  4. Listing the contents of the directory, you should see the file:

    user@groundworkserver:~/gw8$ ls
  5. Using the cat command display the contents of the .pub file, then copy the contents which will be used in the next section:

    user@groundworkserver:~/gw8$ cat

Paste the key on the remote server

  1. Open (or return to) a terminal session to the remote server.
  2. Become the root user, then the nagios user, and change to the .ssh directory:

    user@remoteserver:~$ sudo su – 
    root@remoteserver:~# su – nagios
    nagios@remoteserver:~$ cd .ssh
  3. Edit the authorized_keys file and paste in the previously copied key from above, then save the file:

    nagios@remoteserver:~/.ssh$ vi authorized_keys
  4. Adjust the permissions on the authorized_keys file, as most modern ssh servers require:

    nagios@remoteserver:~/.ssh$ chmod 600 authorized_keys

Execute SSH to the remote server from the GroundWork server

For host verification there is a requirement to contact the remote server from within the Nagios container on the GroundWork server. The Nagios container operates as a separate system inside Docker.

  1. Open (or return to) a terminal session to the GroundWork server.

  2. Become the root user and change to the gw8 directory:

    user@groundworkserver:~$ cd gw8
  3. Using the docker exec command launch a bash session on the Nagios container, you should receive a command prompt as root user on the Nagios container:

    ruser@groundworkserver:~/gw8# docker-compose exec nagios bash
  4. Become the nagios user on the Nagios container:

    root@a7ce873cfc8c:/src# su - nagios
  5. Enter the command to SSH to the remote server. You should then be connected to the remote server from your GroundWork server. To close the connection type exit. You should not be prompted for a password.

    $ ssh remoteserver
    nagios@remoteserver:~$ exit

Install plugins for the remote server

There are some plugin packages that GroundWork supplies for convenience, which are described here. Please note that there are many other packages of Nagios plugins in existence, and you can use them just as well, if not better, than these. Also, it's possible to use the GDMA plugins if GDMA is installed. See the Using GDMA Plugins with SSH section below for more information. 

  1. Open a browser to the Downloads page. Under the section Linux Plugin Packages for SSH Monitoring, download the two appropriate plugin files (32 or 64).
  2. Open a terminal session to your desktop (or where ever the plugin files were downloaded), and copy the downloaded files to the "" directory on the remote server.
  3. From a terminal session to the remote server, become the root user:

    user@remoteserver:~$ sudo su -
  4. Change file permissions, for example:

    root@remoteserver:~# chmod +x
  5. Run the script, then verify the files are in the correct directory:

    root@remoteserver:~# ./ nagios
    root@remoteserver:~# cd /home/nagios/libexec

Importing profiles and creating a new host

Lastly, in GroundWork Monitor, create a new host to be monitored using GroundWork SSH profiles.

Import the SSH profile

First, import the SSH profile to make it available to hosts you want to monitor with SSH. 

  1. In GroundWork Monitor, select Configuration > Monarch > Profiles.
  2. Click Profile importer > Import > SSH.
  3. Check the box for service-profile-ssh-unix.xml, and click Import.

Create a new host

  1. Select Configuration > Monarch > Hosts > Host wizard.
  2. Enter a Host nameAlias, and the IP address.
  3. For Host profile, select host-profile-ssh-unix.
  4. Commit the configuration (Configuration > Monarch > Control > Commit).
  5. That’s it. In the Status Summary (Dashboards > Status), you should start to see functioning GroundWork SSH profile services for the remote host and information coming in along with performance data.

Using GDMA plugins with SSH

In GroundWork 8, you might want to add your own plugins as you did in prior versions. This isn't so easy if you use other packages of plugins, or if the plugins you want to add are ones that are best run actively from the GroundWork server. GDMA plugins can be run via SSH, however, and the dependencies are very much the same as in prior versions (including the perl interpreter, etc.). Also, GDMA allows you to add plugins to the GroundWork server which can then be downloaded to all running GDMA installs, so you don't have to touch them all more than once. 

If you have GDMA installed on the remote host(s), you can enable SSH execution of plugins there by the following procedure:

  1. Add the Nagios user and keys as described above
  2. Instead of adding plugins from a package, instead add the nagios user to the gdma group on the remote system: 

    root@remoteserver:~/# usermod -g gdma nagios
  3. Symlink the libexec directory from gdma to the /home/nagios directory: 

    root@remoteserver:~/# su - nagios
    nagios@remoteserver:~/home/nagios$ ln -s /usr/local/groundwork/nagios/libexec libexec
  4. Test the execution of the plugins as above, and proceed to use the profiles, commands, and services as needed. 

Related articles