README.adoc added. Description about CLI - prometheus-config missing, yet
This commit is contained in:
parent
84b34d41a2
commit
552aa61a16
80
README.adoc
Normal file
80
README.adoc
Normal file
|
@ -0,0 +1,80 @@
|
||||||
|
ssh_blackbox_exporter
|
||||||
|
=====================
|
||||||
|
|
||||||
|
Tries to connect to ssh and fetches informations about the connections, ciphers, keys/certs.
|
||||||
|
Like blackbox_exporter, but with more ssh-related informations.
|
||||||
|
|
||||||
|
Installation
|
||||||
|
------------
|
||||||
|
|
||||||
|
The dependencies can be installed by bundler:
|
||||||
|
|
||||||
|
$ bundle install
|
||||||
|
|
||||||
|
TODO: The systemd-service-file
|
||||||
|
|
||||||
|
Configuration
|
||||||
|
-------------
|
||||||
|
|
||||||
|
Add the exporter to prometheus.
|
||||||
|
Set target like blackbox_exporter-targets.
|
||||||
|
The exporter will provide the informations about the target.
|
||||||
|
|
||||||
|
TODO
|
||||||
|
|
||||||
|
CLI-Usage
|
||||||
|
---------
|
||||||
|
|
||||||
|
Additional to provide the metrics for prometheus, this tool provides some manual checks.
|
||||||
|
|
||||||
|
You can check a host without starting the server by using:
|
||||||
|
|
||||||
|
./probe.rb user@remotehost
|
||||||
|
|
||||||
|
If you are not able to login via IdentityFile, it will fail, but you would get some informations about the server:
|
||||||
|
|
||||||
|
----
|
||||||
|
$ ./probe.rb user@remotehost
|
||||||
|
---
|
||||||
|
start: '2022-03-16 21:02:19 +0100'
|
||||||
|
status: pid 291884 exit 255
|
||||||
|
stop: '2022-03-16 21:02:19 +0100'
|
||||||
|
duration: 0.063974201
|
||||||
|
protocol: '2.0'
|
||||||
|
remote_software: OpenSSH_7.9p1 Debian-10+deb10u2
|
||||||
|
host_cert:
|
||||||
|
key: ssh-ed25519-cert-v01@openssh.com SHA256:HASHSUM
|
||||||
|
serial: 43
|
||||||
|
id: 'host: REMOTEHOST'
|
||||||
|
ca: ssh-ed25519 SHA256:HASHSUM
|
||||||
|
valid_from: '2022-03-02 00:00:00 +0100'
|
||||||
|
valid_to: '2023-02-25 00:00:00 +0100'
|
||||||
|
host_in_cert: REMOTEHOST.FQDN
|
||||||
|
host_cert_type: ED25519-CERT
|
||||||
|
server_sig_algs:
|
||||||
|
- ssh-ed25519
|
||||||
|
- ssh-rsa
|
||||||
|
- rsa-sha2-256
|
||||||
|
- rsa-sha2-512
|
||||||
|
- ssh-dss
|
||||||
|
- ecdsa-sha2-nistp256
|
||||||
|
- ecdsa-sha2-nistp384
|
||||||
|
- ecdsa-sha2-nistp521
|
||||||
|
authentications:
|
||||||
|
- publickey
|
||||||
|
- gssapi-keyex
|
||||||
|
- gssapi-with-mic
|
||||||
|
- password
|
||||||
|
----
|
||||||
|
|
||||||
|
The server has a Host-Certificate and the used CA is known by your local machine (`known_hosts`: `@cert-authority`).
|
||||||
|
|
||||||
|
It's possible to print the metrics without starting a server:
|
||||||
|
|
||||||
|
./collector.rb user@remotehost
|
||||||
|
|
||||||
|
For starting server, use `puma`:
|
||||||
|
|
||||||
|
----
|
||||||
|
$ puma -eproduction
|
||||||
|
----
|
Loading…
Reference in a new issue