Afaik, you will need to modify the script. Try changing this line:
spawn ssh $hostname By: spawn ssh -p 1234 $hostname Hope that helps On Mon, Jan 25, 2016 at 7:03 AM, Log <[email protected]> wrote: > Disclaimer: I'm working with ossec for the first time. > > Is it possible to set up agentless monitoring with non-standard SSH ports? > > > For example this configuration works as the server I'm monitoring is in > the same LAN as the OSSEC server > > <agentless> > <type>ssh_integrity_check_linux</type> > <frequency>36</frequency> > <host>[email protected]</host> > <state>periodic</state> > <arguments>/bin /etc/ /sbin</arguments> > </agentless> > > > However using the syntax that I would normally use to connect to a Linux > machine from the command line does not work > > <agentless> > <type>ssh_integrity_check_linux</type> > <frequency>36</frequency> > <host>[email protected] -p 1234</host> > <state>periodic</state> > <arguments>/bin /etc/ /sbin</arguments> > </agentless> > > > I see this in the ossec log: > > > 2016/01/22 16:02:55 ossec-agentlessd: ERROR: ssh_integrity_check_linux: > [email protected] -p 1234: Password for '[email protected] -p 1234' > not found. > > > This is what the .passlist file entry looks like: > > [email protected]|NOPASS|-p|1234 > > > (pubic IP address replaced with xxx.xxx.xxx.xxx) > > Is there a way to configure OSSEC to connect over a non-standard SSH port? > if so how would it be done? > > > Thank you > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
