Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Status
colourGreen
titleLAST TESTED ON CHECKMK 2.2.0P1

Table of Contents

Step-by-step guide

  1. Start OpenSSH Server

    Code Block
    languagepowershell
    themeRDark
    C:\ProgramData\checkmk\agent\plugins>  net start sshd

    .

  2. Create SSH Key pair

    Code Block
    languagebash
    themeRDark
    C:\ProgramData\checkmk\agent\plugins> ssh-keygen


    Code Block
    languagebash
    themeRDark
    C:\ProgramData\checkmk\agent\plugins>ssh-keygen
    Generating public/private rsa key pair.
    Enter file in which to save the key (C:\Users\IEUser/.ssh/id_rsa):
    Created directory 'C:\Users\IEUser/.ssh'
    Enter passphrase (empty for no passphrase):
    Enter same passphrase again:
    Your identification has been saved in C: \Users\IEUser/.ssh/id_rsa.
    Your public key has been saved in C:\Users\IEUser/.ssh/id_rsa.pub.
    The key fingerprint is:
    SHA256:dH/h0I/vQ56C5rRIC]bxEgxSRSGs2nVCdx+rasQk₩QU ieuser@MSEDGEWIN1O
    The key's randomart image is:
    +---[RSA 2048]----+
    | .OE*o           |
    | ..O . . .       |
    | + + = ..O       |
    | ..O             |
    |           ..O   |
    | + . 0           |
    |   =   =   =     |
    |      + = =      |
    | ..O         . 0 |
    +----[SHA256]-----|
    C:\ProgramData\checkmk\agent\plugins>

    .

  3.  Create the file 'authorized_keys' in C:\Users\<USERNAME>\.ssh\

    Code Block
    languagepowershell
    themeRDark
    fsutil file createnew authorized_keys 2000


    • Put in the public key from Checkmk Site User
      .
  4. Now you can log in without a password to the Windows machine

    Code Block
    languagebash
    themeRDark
    OMD[mysite]:~$ ssh IEUser@192.168.2.106
    
    Microsoft Windows [Version 10.0.17763.379]
    (c) 2018 Microsoft Corporation. Alle Rechte vorbehalten.
    
    ieuser@MSEDGEWIN10 C:\Users\IEUser>
    

    .

  5. Modify the authorized_keys on the Windows Host and restrict access to the execution on the agent

    Code Block
    languagebash
    themeRDark
    command="\C":\\Program Files (x86)\\checkmk\\service\\check_mk_agent.exe\" test" ssh-rsa AAAAC3NzaC1lZDI1NTE5AAAAIGb6AaqRPlbEmDnBkeIW3Q6Emb5lr2QEbWEQLmA5pb48 mysite@mycmkserver

    .

  6. Go to Checkmk and configure a special agent for the Windows Hosts
    • Setup → Agents → Other integrations → Individual program call instead of agent access → Add rule


      .

  7. Modify the Datasource of the Windows Host

    • Setup → Hosts → Properties of host

      .

  8. Now you can stop the Checkmk Agent Service on the Windows Host

    Code Block
    languagebash
    themeRDark
    net stop CheckMkService

    .

  9. Diagnosis

    Code Block
    languagebash
    themeRDark
    OMD[mysite]:~$ cmk -d Windows_SSH |more
    <<<check_mk>>>
    Version: 1.6.0p19
    BuildDate: Nov 16 2020
    AgentOS: windows
    Hostname: MSEDGEWIN10
    Architecture: 64bit
    
    or via SSH
    
    OMD[mysite]:~/$ ssh IEUser@192.168.2.128 " "
    or
    OMD[mysite]:~/$ ssh -T IEUser@192.168.2.128
    


...

Info

If OpenSSH is not already installed on your System, you can install it by following this manual: https://docs.microsoft.com/de-de/windows-server/administration/openssh/openssh_install_firstuse

If you want to learn more about configuring OpenSSH under Windows, please take a look at this manual: https://docs.microsoft.com/de-de/windows-server/administration/openssh/openssh_server_configuration  

A more detailed manual:  https://forum.checkmk.com/t/windows-agent-abfrage-uber-ssh/22421

Filter by label (Content by label)
showLabelsfalse
max5
spacesKB
showSpacefalse
sortmodified
reversetrue
typepage
cqllabel in ("windows","windows_agent") and type = "page" and space = "KB"
labelssecurity

...