List supported Algorithms and SignatureAlgorithms. No Hostkey verification (/dev/null, no strict).

collector.rb

@@ -21,6 +21,8 @@ class BlackboxSshd::Collector
 		@registry.gauge :sshd_host_certificate, docstring: 'Provides informations about the host_certificate in labels.  1=certificate used, 0=no certificate used (possible simple key)', labels: %i[key ca id]
 		@registry.gauge :sshd_host_certificate_valid_to, docstring: 'Certificate will usable till this time, then it will expire.'
 		@registry.gauge :sshd_host_certificate_valid_from, docstring: 'Certificate is usable from this time.'
+		@registry.gauge :sshd_host_supported_signature_algorithm, docstring: 'Server supported signature algorithm.  Only 1.  If not supported, it will not listed.', labels: %i[supported]
+		@registry.gauge :sshd_host_supported_authentications, docstring: 'Server supported authentication methods.  Only 1.  If not supported, it will not listed.', labels: %i[supported]
 		@metrics = OpenStruct.new @registry.instance_variable_get( :@metrics)
 		@prober = prober || BlackboxSshd::Prober.new
 	end
@@ -41,6 +43,12 @@ class BlackboxSshd::Collector
 		else
 			@metrics.sshd_host_key.set 0, labels: {key: ""}
 		end
+		r[:server_sig_algs].reverse.each_with_index do |alg, i|
+			@metrics.sshd_host_supported_signature_algorithm.set i+1, labels: {supported: alg}
+		end
+		r[:authentications].reverse.each_with_index do |alg, i|
+			@metrics.sshd_host_supported_authentications.set i+1, labels: {supported: alg}
+		end
 		@metrics.sshd_up.set 0 == r[:status].exitstatus ? 1 : 0
 		@metrics.sshd_probe_duration.set r[:duration]
 		self

probe.rb

@@ -1,4 +1,5 @@
 #!/usr/bin/env ruby
+# vim: set noet sw=2 ts=2 sts=2:
 
 require 'time'
 
@@ -118,10 +119,14 @@ end
 
 class BlackboxSshd::Prober
 	DefaultSshOpts = {
-    HostbasedKeyTypes: 'ssh-ed25519-cert-v01@openssh.com',
+		HostbasedKeyTypes: 'ssh-ed25519-cert-v01@openssh.com,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa',
 		PreferredAuthentications: :publickey,
 		IdentitiesOnly: true,
-    IdentityFile: '~/.ssh/id_ed25519'
+		IdentityFile: '~/.ssh/id_ed25519',
+		CheckHostIP: false,
+		StrictHostKeyChecking: false,
+		UpdateHostKeys: 'no',
+		UserKnownHostsFile: '/dev/null',
 	}
 
 	attr_reader :ssh_opts
@@ -142,7 +147,9 @@ class BlackboxSshd::Prober
 
 	def probe hostident
 		r = {lines: [], start: Time.now} 
-    ssh = Popen3.new *%w[ssh -v], *ssh_opts_list, hostident, "true"
+		cmd = %w[ssh -v] + ssh_opts_list + [hostident, "true"]
+		r[:command] = cmd
+		ssh = Popen3.new *cmd
 		lines = ssh.each_line.to_a
 		ssh.close
 		r[:status] = ssh.wait2[1]
@@ -157,7 +164,6 @@ class BlackboxSshd::Prober
 			when /\Adebug1: Server host key: (.*?)\z/
 				r[:host_key] = $1
 			when /\Adebug1: Server host certificate: (.*?)\z/
-        # ssh-ed25519-cert-v01@openssh.com SHA256:P3b20g3rde66C7kDUF+/rV/CC3s5EaoUoZ35oyxs8aA, serial 43 ID \"host: gtw2\" CA ssh-ed25519 SHA256:9gmtFgVB7VfFE8/UYC22xmToHyDQ23arMQBtsir9w9E valid from 2022-03-02T00:00:00 to 2023-02-25T00:00:00
 				meta = $1
 				c = {}
 				c[:key] = $1          if %r{\A([^ ]+ [^ ]+),} =~ meta
@@ -187,7 +193,9 @@ end
 if __FILE__ == $0
 	require 'yaml'
 	require 'json'
+	require 'shellwords'
 	r = BlackboxSshd::Prober.probe( ARGV[0])
+	STDERR.puts "# #{r.delete( :command).shelljoin}"
 	STDERR.puts r.delete( :lines)
 	STDERR.puts
 	puts JSON.parse(r.to_json).to_yaml