On 09/10/2014 10:52 AM, Lingenfelter, Troy Contractor wrote: > I’m running the check_ssh plugin from a RHEL6 Linux Server running > NAGIOS XI. When running the check_ssh script from the Linux server to > a remote Solaris 10 system I get the following in the > /var/adm/messages log > > sshd2[13600]: [ID 800047 local6.crit] fatal getpeername failed: > Transport endpoint is not connected > > I’m trying to determine what would be causing this error > > Regards, > Troy Lingenfelter > Integration Specialist – Contractor > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > > I haven't seen anyone else answer this, so I'll take a stab. at a guess, I'd think that the check_ssh script is causing the sshd to throw that error becasue it's just connecting (in the TCP sense, as opposed to at the application layer sense, sending handshake, et al). Nagios is jus making sure something is there and then closing the connection, which makes the solaris sshd server flip out just a little (or give you some bread crumbs to know that someone's probing your ssh service, if you prefer to look at it that way)
you could confirm by tailing the messages file on the solaris side and then choose another box to run 'telnet <solaris server's name> 22' then use control-] control-d to break and close the telnet session; I'd expect the same error message to show up. as far as not getting that error, the only things I could suggest would be building a new check_ssh script/program and either use an unprivileged user id with ssh keys (possibly bad, since you're sending from a .gov address, seems likely to violate a security policy) hardcoded password in an expect script (far worse, IMHO, but possibly more difficult for auditors to find). or just stop checking ssh as a service... or change some logging rules to ignore/filter that message.. or compiling a different server to run (that seems to be what's going on for my prod servers; I can't reproduce that problem on solaris 10)
