Configuring SSH checks in Zabbix

It took somehow some Linux servers to configure SSH checks to not install Zabbix-agent on them.
Zabbix-server itself is installed on Ubuntu Server.

Below in order I will describe how to configure SSH checks in Zabbix.

Authorization for SSH will be configured by key instead of password, for this we stop zabbix-agent and zabbix-server:

sudo service zabbix-agent stop
sudo service zabbix-server stop

Create a Zabbix user home directory (for storing ssh keys):

sudo usermod -m -d /home/zabbix zabbix
sudo chown zabbix:zabbix /home/zabbix
sudo chmod 700 /home/zabbix

Run back zabbix-agent and zabbix-server:

sudo service zabbix-agent start
sudo service zabbix-server start

Open the configuration file /etc/zabbix/zabbix_server.conf (in the nano editor, press Ctrl+O and Enter means save, Ctrl+X to exit):

sudo nano /etc/zabbix/zabbix_server.conf

Uncomment the string SSHKeyLocation and specify the path to the directory with the keys:

SSHKeyLocation=/home/zabbix/.ssh

Restart zabbix-server:

sudo service zabbix-server restart

Generate the ssh key:

sudo -u zabbix ssh-keygen -t rsa

Press Enter if the path is /home/zabbix/.ssh/id_rsa
On the offer to encrypt the key file, press Enter to not encrypt it or enter twice any password (it will encrypt the key file and you will have to specify it when connecting it)

Copy the generated key to the server we will be watching:

sudo -u zabbix ssh-copy-id -i /home/zabbix/.ssh/id_rsa.pub -p 22 root@192.168.0.55

If an error occurs while copying the key, you can manually copy the line from id_rsa.pub to the remote server in the authorized_keys file.

And we will try to connect to the remote server without entering the password with the command:

sudo -u zabbix ssh -p 22 root@192.168.0.55

Now in Zabbix we add the data element to the template or host:
Name: any
Type: SSH agent
Key: ssh.run[description,ip,port,encoding] (eg ssh.run[cpu,192.168.0.55,22,utf8]
Authentication method: Public key
User name (on remote host): root
Public key file: id_rsa.pub
Private key file: id_rsa
Phrase key password: leave blank if you did not encrypt the key with a password
Executed script: command running on a remote server, examples below

Below is an example of commands for Linux that you can execute and get various information.
CPU load for 1min / 5min / 15min:

cat /proc/loadavg |cut -d " " -f1
cat /proc/loadavg |cut -d " " -f2
cat /proc/loadavg |cut -d " " -f3

Number of currently running processes of the specified program:

pgrep apache2|wc -l
pgrep -c sshd

Free space at the mount point “/” (in megabytes):

df -m|grep "/$"|awk '{print $4}'

Occupied space at the mount point “/” (in percent):

df|grep "/$"|awk '{print $5}'|tr -d "%"

Received byte on the network interface eth0:

cat /proc/net/dev|grep eth0|awk '{print $2}'

Bytes sent to the network interface eth0:

cat /proc/net/dev|grep eth0|awk '{print $10}'

Amount of free RAM:

free |grep "Memory:"|awk '{print $4}'
free |grep "Mem:"|awk '{print $4}'

See also:
Connect to SSH using the keys

Leave a Reply