Versions Compared

Old Version 17

changes.mady.by.user Matthew Hierholzer

Saved on

compared with

New Version 18

changes.mady.by.user Matthew Hierholzer

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Info
The ultimate security for invoking a Checkmk-agent is offered by invoking it via Secure Shell – in Linux in the form of an implementation of OpenSSH.  Since Windows 10 and Windows Server 2019, OpenSSH is already included.

Status
colourGreen
titleLAST TESTED ON CHECKMK 2.2.0P1

Table of Contents

Step-by-step guide

...

  1. Start OpenSSH Server

    Code Block
    languagepowershell
    themeRDark
    C:\ProgramData\checkmk\agent\plugins>  net start sshd


  2. Create SSH Key pair

    Code Block
    languagebash
    themeRDark
    C:\ProgramData\checkmk\agent\plugins> ssh-keygen





  4.  Create the file 'authorized_keys' in C:\Users\<USERNAME>\.ssh\

    Code Block
    languagepowershell
    themeRDark
    fsutil file createnew authorized_keys 2000


    • Put in the public key from Checkmk Site User

  5. Now you can login log in without Password a password to the Windows machine

    Code Block
    languagebash
    themeRDark
    OMD[nagnis_mastermysite]:~$ ssh IEUser@192.168.2.106

Microsoft Windows [Version 10.0.17763.379]
(c) 2018 Microsoft Corporation. Alle Rechte vorbehalten.

ieuser@MSEDGEWIN10 C:\Users\IEUser>


  6. Modify the authorized_keys on the Windows Host and restrict access to the execution on the agent

    Code Block
    languagebash
    themeRDark
    command="\C":\\Program Files (x86)\\checkmk\\service\\check_mk_agent.exe\" test" ssh-rsa AAAAC3NzaC1lZDI1NTE5AAAAIGb6AaqRPlbEmDnBkeIW3Q6Emb5lr2QEbWEQLmA5pb48 mysite@mycmkserver


  7. Go to Checkmk and configure a special agent for the Windows Hosts
      WATO CONFIGURATION → Host & Service Parameters → Datasource Programs

      • Setup → Agents → Other integrations → Individual program call instead of agent access → Add rule

      info


      • Image Added


    • Image Removed

      Modify the Datasource of the Windows Host
      WATO CONFIGURATION

      • Setup → Hosts →

      Edit the properties

      • Properties of

      this

      • host

      info


      • Image Added

      Image Removed


    • Now you can stop the Checkmk Agent Service on the Windows Host

      Code Block
      languagebash
      themeRDark
      net stop CheckMkService


    • Diagnosis

      Code Block
      languagebash
      themeRDark
      OMD[nagnis_mastermysite]:~$ cmk -d Windows_SSH |more
<<<check_mk>>>
Version: 1.6.0p19
BuildDate: Nov 16 2020
AgentOS: windows
Hostname: MSEDGEWIN10
Architecture: 64bit

or via SSH

OMD[nagnis_mastermysite]:~/$ ssh IEUser@192.168.2.128 " "
or
OMD[nagnis_mastermysite]:~/$ ssh -T IEUser@192.168.2.128



Info

If OpenSSH is not already installed on your System, you can install it by following this manual: https://docs.microsoft.com/de-de/windows-server/administration/openssh/openssh_install_firstuse

If you want to learn more about configuring OpenSSH under Windows, please take a look at this manual: https://docs.microsoft.com/de-de/windows-server/administration/openssh/openssh_server_configuration  

A more detailed manual:  https://forum.checkmk.com/t/windows-agent-abfrage-uber-ssh/22421

...