Trying to debug with expect I got:
*expect -d agentless/ssh_integrity_check_linux u...@server.com
/directory/to/check*
*expect version 5.45*
*argv[0] = expect argv[1] = -d argv[2] =
agentless/ssh_integrity_check_linux argv[3] = u...@server.com argv[4] =
/directory/to/check*
*set argc 2*
*set argv0 "agentless/ssh_integrity_check_linux"*
*set argv "u...@server.com /directory/to/check"*
*executing commands from command file agentless/ssh_integrity_check_linux*
*spawn ssh u...@server.com*
*parent: waiting for sync byte*
*parent: telling child to go ahead*
*parent: now unsynchronized from child*
*spawn: returns {456}*
*expect: does "" (spawn_id exp4) match glob pattern "WARNING: REMOTE HOST"?
no*
*"*sure you want to continue connecting*"? no*
*"ssh: connect to host*"? no*
*"no address associated with name"? no*
*"*Connection refused*"? no*
*"*Connection closed by remote host*"? no*
*"* password:*"? no*
*user@server ~ $*
*expect: does "\u001b[01;31malk2\u001b[01;33m@\u001b[01;36malk2
\u001b[01;33m~ \u001b[01;35m$ \u001b[00m" (spawn_id exp4) match glob
pattern "WARNING: REMOTE HOST"? no*
*"*sure you want to continue connecting*"? no*
*"ssh: connect to host*"? no*
*"no address associated with name"? no*
*"*Connection refused*"? no*
*"*Connection closed by remote host*"? no*
*"* password:*"? no*
*expect: timed out*
I don't have access to auth.log on remote server, it's shared hosting which
is why I am trying to implement agentless monitoring there. I am able to
manually log in with user ossec and keyfile to that server without problems.
Regards
On Tuesday, 21 March 2017 13:59:57 UTC+1, Kat wrote:
>
> Hi,
>
> Could you post the log entries? Also, an ssh -vvv output would help to see
> what is going on. It is clearly a connection problem, but hard to diagnose
> based on what you have posted.
>
> Kat
>
> On Friday, March 17, 2017 at 10:20:58 PM UTC-5, Marcin Gołębiowski wrote:
>>
>> I can't seem to make the agentless monitoring to work. I added two remote
>> boxes with /var/ossec/agentless/register_host.sh and configured
>> paswordless connection generating ssh keys for user ossec. However after
>> restarting ossec the connection to remote server fails every time.
>> Ossec.log shows: ossec-agentlessd: ERROR: ssh_integrity_check_linux:
>> us...@remote.server.pl: Public key authentication failed to host:
>> us...@remote.server.pl. I tried to connect wit a password but this time
>> I got timeout: ERROR: ssh_integrity_check_linux: u...@remote.server.pl:
>> Timeout while connecting to host: us...@remote.server.pl. I checked
>> .passlist file and passwords are correct. What is more - I am able to ssh
>> to remote server using id_rsa generated for ossec user so theoretically
>> ossec should connect with NOPASS option. But it doesn't. I am in the dark.
>> Server is Ubuntu Server 16.04, OSSEC verson 2.8.3, expect installed,
>> firewall disabled. Any ideas?
>>
>
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
