On Tue, Mar 21, 2017 at 7:11 PM, Marcin Gołębiowski <[email protected]> wrote: > Trying to debug with expect I got: > expect -d agentless/ssh_integrity_check_linux [email protected] > /directory/to/check > expect version 5.45 > argv[0] = expect argv[1] = -d argv[2] = > agentless/ssh_integrity_check_linux argv[3] = [email protected] argv[4] = > /directory/to/check > set argc 2 > set argv0 "agentless/ssh_integrity_check_linux" > set argv "[email protected] /directory/to/check" > executing commands from command file agentless/ssh_integrity_check_linux > spawn ssh [email protected] > parent: waiting for sync byte > parent: telling child to go ahead > parent: now unsynchronized from child > spawn: returns {456} > > expect: does "" (spawn_id exp4) match glob pattern "WARNING: REMOTE HOST"? > no > "*sure you want to continue connecting*"? no > "ssh: connect to host*"? no > "no address associated with name"? no > "*Connection refused*"? no > "*Connection closed by remote host*"? no > "* password:*"? no > user@server ~ $
Which version of OSSEC is this? My version of the linux integrity thing continues checking every line of response for a bit until I get: "*Connection closed by remote host*"? no "* password:*"? no "*\$"? yes My prompt looks like: test@ossec-test:~$ But anything ending in a "$" should be valid. > expect: does "\u001b[01;31malk2\u001b[01;33m@\u001b[01;36malk2 > \u001b[01;33m~ \u001b[01;35m$ \u001b[00m" (spawn_id exp4) match glob pattern > "WARNING: REMOTE HOST"? no > "*sure you want to continue connecting*"? no > "ssh: connect to host*"? no > "no address associated with name"? no > "*Connection refused*"? no > "*Connection closed by remote host*"? no > "* password:*"? no > expect: timed out > > I don't have access to auth.log on remote server, it's shared hosting which > is why I am trying to implement agentless monitoring there. I am able to > manually log in with user ossec and keyfile to that server without problems. > > Regards > > On Tuesday, 21 March 2017 13:59:57 UTC+1, Kat wrote: >> >> Hi, >> >> Could you post the log entries? Also, an ssh -vvv output would help to see >> what is going on. It is clearly a connection problem, but hard to diagnose >> based on what you have posted. >> >> Kat >> >> On Friday, March 17, 2017 at 10:20:58 PM UTC-5, Marcin Gołębiowski wrote: >>> >>> I can't seem to make the agentless monitoring to work. I added two remote >>> boxes with /var/ossec/agentless/register_host.sh and configured paswordless >>> connection generating ssh keys for user ossec. However after restarting >>> ossec the connection to remote server fails every time. Ossec.log shows: >>> ossec-agentlessd: ERROR: ssh_integrity_check_linux: [email protected]: >>> Public key authentication failed to host: [email protected]. I tried to >>> connect wit a password but this time I got timeout: ERROR: >>> ssh_integrity_check_linux: [email protected]: Timeout while connecting >>> to host: [email protected]. I checked .passlist file and passwords are >>> correct. What is more - I am able to ssh to remote server using id_rsa >>> generated for ossec user so theoretically ossec should connect with NOPASS >>> option. But it doesn't. I am in the dark. Server is Ubuntu Server 16.04, >>> OSSEC verson 2.8.3, expect installed, firewall disabled. Any ideas? > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
