List supported Algorithms and SignatureAlgorithms. No Hostkey verification (/dev/null, no strict).
This commit is contained in:
Denis Knauf
parent
94d241c6f1
commit
d4691e1411
|
|
@ -21,6 +21,8 @@ class BlackboxSshd::Collector
|
||||||
@registry.gauge :sshd_host_certificate, docstring: 'Provides informations about the host_certificate in labels. 1=certificate used, 0=no certificate used (possible simple key)', labels: %i[key ca id]
|
@registry.gauge :sshd_host_certificate, docstring: 'Provides informations about the host_certificate in labels. 1=certificate used, 0=no certificate used (possible simple key)', labels: %i[key ca id]
|
||||||
@registry.gauge :sshd_host_certificate_valid_to, docstring: 'Certificate will usable till this time, then it will expire.'
|
@registry.gauge :sshd_host_certificate_valid_to, docstring: 'Certificate will usable till this time, then it will expire.'
|
||||||
@registry.gauge :sshd_host_certificate_valid_from, docstring: 'Certificate is usable from this time.'
|
@registry.gauge :sshd_host_certificate_valid_from, docstring: 'Certificate is usable from this time.'
|
||||||
|
@registry.gauge :sshd_host_supported_signature_algorithm, docstring: 'Server supported signature algorithm. Only 1. If not supported, it will not listed.', labels: %i[supported]
|
||||||
|
@registry.gauge :sshd_host_supported_authentications, docstring: 'Server supported authentication methods. Only 1. If not supported, it will not listed.', labels: %i[supported]
|
||||||
@metrics = OpenStruct.new @registry.instance_variable_get( :@metrics)
|
@metrics = OpenStruct.new @registry.instance_variable_get( :@metrics)
|
||||||
@prober = prober || BlackboxSshd::Prober.new
|
@prober = prober || BlackboxSshd::Prober.new
|
||||||
end
|
end
|
||||||
|
|
@ -41,6 +43,12 @@ class BlackboxSshd::Collector
|
||||||
else
|
else
|
||||||
@metrics.sshd_host_key.set 0, labels: {key: ""}
|
@metrics.sshd_host_key.set 0, labels: {key: ""}
|
||||||
end
|
end
|
||||||
|
r[:server_sig_algs].reverse.each_with_index do |alg, i|
|
||||||
|
@metrics.sshd_host_supported_signature_algorithm.set i+1, labels: {supported: alg}
|
||||||
|
end
|
||||||
|
r[:authentications].reverse.each_with_index do |alg, i|
|
||||||
|
@metrics.sshd_host_supported_authentications.set i+1, labels: {supported: alg}
|
||||||
|
end
|
||||||
@metrics.sshd_up.set 0 == r[:status].exitstatus ? 1 : 0
|
@metrics.sshd_up.set 0 == r[:status].exitstatus ? 1 : 0
|
||||||
@metrics.sshd_probe_duration.set r[:duration]
|
@metrics.sshd_probe_duration.set r[:duration]
|
||||||
self
|
self
|
||||||
|
|
|
||||||
16
probe.rb
16
probe.rb
|
|
@ -1,4 +1,5 @@
|
||||||
#!/usr/bin/env ruby
|
#!/usr/bin/env ruby
|
||||||
|
# vim: set noet sw=2 ts=2 sts=2:
|
||||||
|
|
||||||
require 'time'
|
require 'time'
|
||||||
|
|
||||||
|
|
@ -118,10 +119,14 @@ end
|
||||||
|
|
||||||
class BlackboxSshd::Prober
|
class BlackboxSshd::Prober
|
||||||
DefaultSshOpts = {
|
DefaultSshOpts = {
|
||||||
HostbasedKeyTypes: 'ssh-ed25519-cert-v01@openssh.com',
|
HostbasedKeyTypes: 'ssh-ed25519-cert-v01@openssh.com,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa',
|
||||||
PreferredAuthentications: :publickey,
|
PreferredAuthentications: :publickey,
|
||||||
IdentitiesOnly: true,
|
IdentitiesOnly: true,
|
||||||
IdentityFile: '~/.ssh/id_ed25519'
|
IdentityFile: '~/.ssh/id_ed25519',
|
||||||
|
CheckHostIP: false,
|
||||||
|
StrictHostKeyChecking: false,
|
||||||
|
UpdateHostKeys: 'no',
|
||||||
|
UserKnownHostsFile: '/dev/null',
|
||||||
}
|
}
|
||||||
|
|
||||||
attr_reader :ssh_opts
|
attr_reader :ssh_opts
|
||||||
|
|
@ -142,7 +147,9 @@ class BlackboxSshd::Prober
|
||||||
|
|
||||||
def probe hostident
|
def probe hostident
|
||||||
r = {lines: [], start: Time.now}
|
r = {lines: [], start: Time.now}
|
||||||
ssh = Popen3.new *%w[ssh -v], *ssh_opts_list, hostident, "true"
|
cmd = %w[ssh -v] + ssh_opts_list + [hostident, "true"]
|
||||||
|
r[:command] = cmd
|
||||||
|
ssh = Popen3.new *cmd
|
||||||
lines = ssh.each_line.to_a
|
lines = ssh.each_line.to_a
|
||||||
ssh.close
|
ssh.close
|
||||||
r[:status] = ssh.wait2[1]
|
r[:status] = ssh.wait2[1]
|
||||||
|
|
@ -157,7 +164,6 @@ class BlackboxSshd::Prober
|
||||||
when /\Adebug1: Server host key: (.*?)\z/
|
when /\Adebug1: Server host key: (.*?)\z/
|
||||||
r[:host_key] = $1
|
r[:host_key] = $1
|
||||||
when /\Adebug1: Server host certificate: (.*?)\z/
|
when /\Adebug1: Server host certificate: (.*?)\z/
|
||||||
# ssh-ed25519-cert-v01@openssh.com SHA256:P3b20g3rde66C7kDUF+/rV/CC3s5EaoUoZ35oyxs8aA, serial 43 ID \"host: gtw2\" CA ssh-ed25519 SHA256:9gmtFgVB7VfFE8/UYC22xmToHyDQ23arMQBtsir9w9E valid from 2022-03-02T00:00:00 to 2023-02-25T00:00:00
|
|
||||||
meta = $1
|
meta = $1
|
||||||
c = {}
|
c = {}
|
||||||
c[:key] = $1 if %r{\A([^ ]+ [^ ]+),} =~ meta
|
c[:key] = $1 if %r{\A([^ ]+ [^ ]+),} =~ meta
|
||||||
|
|
@ -187,7 +193,9 @@ end
|
||||||
if __FILE__ == $0
|
if __FILE__ == $0
|
||||||
require 'yaml'
|
require 'yaml'
|
||||||
require 'json'
|
require 'json'
|
||||||
|
require 'shellwords'
|
||||||
r = BlackboxSshd::Prober.probe( ARGV[0])
|
r = BlackboxSshd::Prober.probe( ARGV[0])
|
||||||
|
STDERR.puts "# #{r.delete( :command).shelljoin}"
|
||||||
STDERR.puts r.delete( :lines)
|
STDERR.puts r.delete( :lines)
|
||||||
STDERR.puts
|
STDERR.puts
|
||||||
puts JSON.parse(r.to_json).to_yaml
|
puts JSON.parse(r.to_json).to_yaml
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue