Private Key Authentication for SSH Monitoring

2022/08/04 by Leave a comment

Now you can monitor your SSH services using private key authentication with NodePing’s SSH check.

NodePing has supported password authentication for SSH monitoring for many years but starting today we’ve added support for key-based authentication. You’ll be the first to know when SSH services are offline. Faster detection means faster intervention which means less downtime.

Our SSH check can not only verify that your SSH services are up and running but also match a string in the console output. It’s a great feature if you, for example, want to make sure your database is up and running but don’t want to punch another hole in your firewall. Have your login script run a CLI database query and pipe the output to stdout before closing the SSH connection. If the host is offline, or SSH isn’t working, or your database isn’t responding correctly, the check will fail and you’ll get quick notifications.

We have an important ‘SSH monitoring best practices‘ post over on the NodePing site to help you mitigate the risks associated with SSH monitoring. In particular, consideration should be given to the Security Considerations section.

We’ve also updated our Terms of Service to reflect this new functionality and its risks.

SSH private key authentication is available on the ‘Premiere‘ plan. If you don’t have a NodePing account yet, sign up for our free, 15-day trial and see for yourself how with NodePing you will be the first to know when important services are down.

Filed under Announcement, SSH

SSH Check with Content String Matching

2012/04/19 by 1 Comment

NodePing is happy to announce the new SSH check. In its simplest use, the new SSH monitoring provides a real SSH connection for monitoring those critical SSH services, but our check can do much more than that.

Not only can we monitor the availability of your SSH services on any port, but we can also optionally have the check log in and verify the presence, or absence, of a particular string in the login response. Pairing the SSH check with a login script makes it much more powerful and flexible. With it, you can monitor much more than SSH.

In the example below, we’re going to set a login script that checks server load, available memory, and disk usage. We’ll use its simple ‘PASS‘ or ‘FAIL‘ output to trigger email and SMS alerts from NodePing when the 1 minute load average goes over 4.0, when available memory drops below 50MB, or when the disk becomes more than 90% full.

The script is a simple BASH script that relies on commonly installed programs like ‘top’, ‘free’, and ‘df’ to determine the ‘PASS’/’FAIL’ status for each of the things we’re monitoring. It’s not the prettiest thing, but it seems to work well on an Ubuntu server.

#!/bin/bash
# Load average limit
# A quad-core server may be maxing out CPUs at 4.0
LOADLIMIT=4;
# Free memory floor in MB.
FREEMEMLIMIT=50;
# Disk usage in percentage, but without the percent sign. 
DISKUTILIZATION=90;
# Path to the disk partition you want to monitor.
DISKPATH='/dev/sda7';

LOAD=`top -n1 | grep 'load average' | awk -F" " '{print $12}'`;
LOAD=${LOAD:0:4}
LOAD=`echo "$LOAD > $LOADLIMIT" | bc`
if [ $LOAD -eq 1 ]; then
echo "LOAD:FAIL";
else
echo "LOAD:PASS";
fi

MEMUSAGE=`free -m | grep '^Mem' | awk -F" " '{print $4}'`;
MEMUSAGE=`echo "$MEMUSAGE < $FREEMEMLIMIT" | bc`;
if [ $MEMUSAGE -eq 1 ]; then
echo "MEM:FAIL";
else
echo "MEM:PASS";
fi
DISKSPACE=`df | grep "$DISKPATH" | awk -F" " '{print $5}'`;
LEN=`expr "$DISKSPACE" : '.*'`;
LEN=`echo "$LEN-1" | bc`;
DISKSPACE=${DISKSPACE:0:$LEN}
DISKSPACE=`echo "$DISKSPACE > $DISKUTILIZATION " | bc`;
if [ $DISKSPACE -eq 1 ]; then
echo "DISK:FAIL";
else
echo "DISK:PASS";
fi
# logout right away
# This SSH user is restricted for security purposes
exit;

We saved this script as ‘mylogin.bash‘ in our user’s home folder and then edited the /etc/passwd file, replacing the shell ‘/bin/bash‘ with ‘/home/testuser/mylogin.bash‘.  Don’t forget to make the script file executable with something like 

chmod 0755 /home/testuser/mylogin.bash 

Now when our test user logs in, we see something like:

Last login: Thu Apr 12 22:41:33 2012 from 127.0.0.1
LOAD:PASS
MEM:PASS
DISK:PASS
Connection to 127.0.0.1 closed.

It’s the response text above that will be checked against our user defined content string. In our SSH check configuration, we’ll set the ‘Content string‘ dropdown to ‘Does not contain‘ and type ‘FAIL‘ in the text field.  Now when NodePing’s probe servers login via SSH and find the word ‘FAIL‘ in the response, I’ll get a notification!

But the notification just says that the SSH check failed. We won’t know what failed.  It could be the load, memory, or disk.  Instead of logging in to see, I’ll be lazy and create three separate SSH checks, all with the same host and login information, but have one check for the string ‘LOAD:FAIL‘, another check for ‘MEM:FAIL‘, and the other ‘DISK:FAIL‘.  I’ll label the one that checks the load average a nice informative name like “Load Average on test server” and the other checks something similar. Now my SMS notification say something like “SSH Check failed for: Load Average on test server“, letting me know exactly what’s failing.

NodePing provides 1000 checks run at up to 1 minute intervals for only $10/month so you’re running out of reasons not to monitor everything. If you don’t have a NodePing account yet, sign up for our free 15-day trial and kick the tires.  We think you’ll like it.

The above example is fairly simple.  You can write your own login scripts in Node.js, Python, etc to check statuses for databases, VPN connections, virus definition updates,… dang near anything!  You can find information on how to configure your SSH checks in our documentation.

How will you use the new SSH check with content string matching?  Let us know in the comments below.

Filed under Monitoring, NodePing, NodePing Updates, SSH, Using NodePing