From 552aa61a160104aa647bdc8218a63494b72f5359 Mon Sep 17 00:00:00 2001 From: Denis Knauf Date: Wed, 16 Mar 2022 21:13:21 +0100 Subject: [PATCH] README.adoc added. Description about CLI - prometheus-config missing, yet --- README.adoc | 80 +++++++++++++++++++++++++++++++++++++++++++++++++++++ README.md | 3 -- 2 files changed, 80 insertions(+), 3 deletions(-) create mode 100644 README.adoc delete mode 100644 README.md diff --git a/README.adoc b/README.adoc new file mode 100644 index 0000000..3a03a4d --- /dev/null +++ b/README.adoc @@ -0,0 +1,80 @@ +ssh_blackbox_exporter +===================== + +Tries to connect to ssh and fetches informations about the connections, ciphers, keys/certs. +Like blackbox_exporter, but with more ssh-related informations. + +Installation +------------ + +The dependencies can be installed by bundler: + + $ bundle install + +TODO: The systemd-service-file + +Configuration +------------- + +Add the exporter to prometheus. +Set target like blackbox_exporter-targets. +The exporter will provide the informations about the target. + +TODO + +CLI-Usage +--------- + +Additional to provide the metrics for prometheus, this tool provides some manual checks. + +You can check a host without starting the server by using: + + ./probe.rb user@remotehost + +If you are not able to login via IdentityFile, it will fail, but you would get some informations about the server: + +---- +$ ./probe.rb user@remotehost +--- +start: '2022-03-16 21:02:19 +0100' +status: pid 291884 exit 255 +stop: '2022-03-16 21:02:19 +0100' +duration: 0.063974201 +protocol: '2.0' +remote_software: OpenSSH_7.9p1 Debian-10+deb10u2 +host_cert: + key: ssh-ed25519-cert-v01@openssh.com SHA256:HASHSUM + serial: 43 + id: 'host: REMOTEHOST' + ca: ssh-ed25519 SHA256:HASHSUM + valid_from: '2022-03-02 00:00:00 +0100' + valid_to: '2023-02-25 00:00:00 +0100' +host_in_cert: REMOTEHOST.FQDN +host_cert_type: ED25519-CERT +server_sig_algs: +- ssh-ed25519 +- ssh-rsa +- rsa-sha2-256 +- rsa-sha2-512 +- ssh-dss +- ecdsa-sha2-nistp256 +- ecdsa-sha2-nistp384 +- ecdsa-sha2-nistp521 +authentications: +- publickey +- gssapi-keyex +- gssapi-with-mic +- password +---- + +The server has a Host-Certificate and the used CA is known by your local machine (`known_hosts`: `@cert-authority`). + +It's possible to print the metrics without starting a server: + + ./collector.rb user@remotehost + +For starting server, use `puma`: + +---- +$ puma -eproduction +---- diff --git a/README.md b/README.md deleted file mode 100644 index bc52ae6..0000000 --- a/README.md +++ /dev/null @@ -1,3 +0,0 @@ -# ssh_blackbox_exporter - -Tries to connect to ssh and fetches informations about the connections, ciphers, keys/certs. Like blackbox_exporter, but with more ssh-related informations. \ No newline at end of file