List supported Algorithms and SignatureAlgorithms. No Hostkey verification (/dev/null, no strict).
This commit is contained in:
Denis Knauf
parent
94d241c6f1
commit
d4691e1411
|
|
@ -21,6 +21,8 @@ class BlackboxSshd::Collector
|
|||
@registry.gauge :sshd_host_certificate, docstring: 'Provides informations about the host_certificate in labels. 1=certificate used, 0=no certificate used (possible simple key)', labels: %i[key ca id]
|
||||
@registry.gauge :sshd_host_certificate_valid_to, docstring: 'Certificate will usable till this time, then it will expire.'
|
||||
@registry.gauge :sshd_host_certificate_valid_from, docstring: 'Certificate is usable from this time.'
|
||||
@registry.gauge :sshd_host_supported_signature_algorithm, docstring: 'Server supported signature algorithm. Only 1. If not supported, it will not listed.', labels: %i[supported]
|
||||
@registry.gauge :sshd_host_supported_authentications, docstring: 'Server supported authentication methods. Only 1. If not supported, it will not listed.', labels: %i[supported]
|
||||
@metrics = OpenStruct.new @registry.instance_variable_get( :@metrics)
|
||||
@prober = prober || BlackboxSshd::Prober.new
|
||||
end
|
||||
|
|
@ -41,6 +43,12 @@ class BlackboxSshd::Collector
|
|||
else
|
||||
@metrics.sshd_host_key.set 0, labels: {key: ""}
|
||||
end
|
||||
r[:server_sig_algs].reverse.each_with_index do |alg, i|
|
||||
@metrics.sshd_host_supported_signature_algorithm.set i+1, labels: {supported: alg}
|
||||
end
|
||||
r[:authentications].reverse.each_with_index do |alg, i|
|
||||
@metrics.sshd_host_supported_authentications.set i+1, labels: {supported: alg}
|
||||
end
|
||||
@metrics.sshd_up.set 0 == r[:status].exitstatus ? 1 : 0
|
||||
@metrics.sshd_probe_duration.set r[:duration]
|
||||
self
|
||||
|
|
|
|||
16
probe.rb
16
probe.rb
|
|
@ -1,4 +1,5 @@
|
|||
#!/usr/bin/env ruby
|
||||
# vim: set noet sw=2 ts=2 sts=2:
|
||||
|
||||
require 'time'
|
||||
|
||||
|
|
@ -118,10 +119,14 @@ end
|
|||
|
||||
class BlackboxSshd::Prober
|
||||
DefaultSshOpts = {
|
||||
HostbasedKeyTypes: 'ssh-ed25519-cert-v01@openssh.com',
|
||||
HostbasedKeyTypes: 'ssh-ed25519-cert-v01@openssh.com,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa',
|
||||
PreferredAuthentications: :publickey,
|
||||
IdentitiesOnly: true,
|
||||
IdentityFile: '~/.ssh/id_ed25519'
|
||||
IdentityFile: '~/.ssh/id_ed25519',
|
||||
CheckHostIP: false,
|
||||
StrictHostKeyChecking: false,
|
||||
UpdateHostKeys: 'no',
|
||||
UserKnownHostsFile: '/dev/null',
|
||||
}
|
||||
|
||||
attr_reader :ssh_opts
|
||||
|
|
@ -142,7 +147,9 @@ class BlackboxSshd::Prober
|
|||
|
||||
def probe hostident
|
||||
r = {lines: [], start: Time.now}
|
||||
ssh = Popen3.new *%w[ssh -v], *ssh_opts_list, hostident, "true"
|
||||
cmd = %w[ssh -v] + ssh_opts_list + [hostident, "true"]
|
||||
r[:command] = cmd
|
||||
ssh = Popen3.new *cmd
|
||||
lines = ssh.each_line.to_a
|
||||
ssh.close
|
||||
r[:status] = ssh.wait2[1]
|
||||
|
|
@ -157,7 +164,6 @@ class BlackboxSshd::Prober
|
|||
when /\Adebug1: Server host key: (.*?)\z/
|
||||
r[:host_key] = $1
|
||||
when /\Adebug1: Server host certificate: (.*?)\z/
|
||||
# ssh-ed25519-cert-v01@openssh.com SHA256:P3b20g3rde66C7kDUF+/rV/CC3s5EaoUoZ35oyxs8aA, serial 43 ID \"host: gtw2\" CA ssh-ed25519 SHA256:9gmtFgVB7VfFE8/UYC22xmToHyDQ23arMQBtsir9w9E valid from 2022-03-02T00:00:00 to 2023-02-25T00:00:00
|
||||
meta = $1
|
||||
c = {}
|
||||
c[:key] = $1 if %r{\A([^ ]+ [^ ]+),} =~ meta
|
||||
|
|
@ -187,7 +193,9 @@ end
|
|||
if __FILE__ == $0
|
||||
require 'yaml'
|
||||
require 'json'
|
||||
require 'shellwords'
|
||||
r = BlackboxSshd::Prober.probe( ARGV[0])
|
||||
STDERR.puts "# #{r.delete( :command).shelljoin}"
|
||||
STDERR.puts r.delete( :lines)
|
||||
STDERR.puts
|
||||
puts JSON.parse(r.to_json).to_yaml
|
||||
|
|
|
|||
Loading…
Reference in a new issue