Tries to connect to ssh and fetches informations about the connections, ciphers, keys/certs. Like blackbox_exporter, but with more ssh-related informations.
Find a file
2022-03-29 15:59:38 +02:00
.gitignore code-highlighting 2022-03-16 21:23:56 +01:00
collector.rb List supported Algorithms and SignatureAlgorithms. No Hostkey verification (/dev/null, no strict). 2022-03-29 15:59:38 +02:00
config.ru first implementation. 2022-03-16 20:51:51 +01:00
Gemfile first implementation. 2022-03-16 20:51:51 +01:00
Gemfile.lock first implementation. 2022-03-16 20:51:51 +01:00
LICENSE Initial commit 2022-03-16 20:49:33 +01:00
probe.rb List supported Algorithms and SignatureAlgorithms. No Hostkey verification (/dev/null, no strict). 2022-03-29 15:59:38 +02:00
README.adoc code-highlighting 2022-03-16 21:23:56 +01:00
ssh_blackbox_exporter.service.erb systemd-service-file added 2022-03-16 21:36:26 +01:00

ssh_blackbox_exporter
=====================
:source-highlighter: coderay

Tries to connect to ssh and fetches informations about the connections, ciphers, keys/certs.
Like blackbox_exporter, but with more ssh-related informations.

Installation
------------

The dependencies can be installed by bundler:

....
$ bundle install
....

TODO: The systemd-service-file

Configuration
-------------

Add the exporter to prometheus.
Set target like blackbox_exporter-targets.
The exporter will provide the informations about the target.

TODO

CLI-Usage
---------

Additional to provide the metrics for prometheus, this tool provides some manual checks.

You can check a host without starting the server by using:

....
$ ./probe.rb user@remotehost
....

If you are not able to login via IdentityFile, it will fail, but you would get some informations about the server:

....
$ ./probe.rb user@remotehost
[...debug...]
....

[source,yaml]
----
---
start: '2022-03-16 21:02:19 +0100'
status: pid 291884 exit 255
stop: '2022-03-16 21:02:19 +0100'
duration: 0.063974201
protocol: '2.0'
remote_software: OpenSSH_7.9p1 Debian-10+deb10u2
host_cert:
  key: ssh-ed25519-cert-v01@openssh.com SHA256:HASHSUM
  serial: 43
  id: 'host: REMOTEHOST'
  ca: ssh-ed25519 SHA256:HASHSUM
  valid_from: '2022-03-02 00:00:00 +0100'
  valid_to: '2023-02-25 00:00:00 +0100'
host_in_cert: REMOTEHOST.FQDN
host_cert_type: ED25519-CERT
server_sig_algs:
- ssh-ed25519
- ssh-rsa
- rsa-sha2-256
- rsa-sha2-512
- ssh-dss
- ecdsa-sha2-nistp256
- ecdsa-sha2-nistp384
- ecdsa-sha2-nistp521
authentications:
- publickey
- gssapi-keyex
- gssapi-with-mic
- password
----

The server has a Host-Certificate and the used CA is known by your local machine (`known_hosts`: `@cert-authority`).

It's possible to print the metrics without starting a server:

	./collector.rb user@remotehost

For starting server, use `puma`:

[source,sh]
----
$ puma -eproduction
----