SSH

You can use SSH to monitor your Unix servers with Argent. By using SSH, you don’t have to install anything on the monitored system. As long as the system has an SSH server running, and you have an account with login access, you can use this option.

Important Notes:

By default, the “root” account cannot be used to log in by SSH. This security setting can be modified, but it is not recommended. Argent generally does not need an account with any special rights. In other words, an ordinary user account will work in most cases.

The Unix Communication Option must be set in License Manager for the Argent GUI. While the following examples are for the Argent Guardian, the instructions are the same for each product.

In order to use this communication option, you’ll first need PSCP and PLINK on the Argent server that is doing the monitoring.If using additional Windows monitoring engines that will be monitoring your Unix servers via SSH, these two applications need to be present on those servers, too.

Both PSCP and PLINK can be downloaded from

http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html.

PSCP and PLINK are part of the PuTTY family. PSCP is used to copy the Rule (a Unix shell script) to the monitored server via SSH, while PLINK is a command-line SSH client. Argent recommends their use because all the parameters needed can be passed as command-line parameters.

Download PSCP.exe and PLINK.exe and put them in a directory that’s in your server’s path. Argent recommends you put them in the System32 directory under Windows (or WINNT, depending on your operating system), as that is always in the path.

Note:

When configuring Argent to use SSH to monitor a Unix system, you must be logged onto the Argent server as the Argent service account because PLINK and PSCP store the host keys for each system they’ve connected to in HKEY_CURRENT_USER.

To set the communication method, go to the Administration section of the Argent Guardian, then select License Manager ->Licensed Servers tab.

Locate the Unix server in the Server/Device column, then double-click the server name, or select it, then right-click and choose Properties.

Select the Use SSH And SCP To Run Scripts radio button. If your SSH server is not listening on TCP port 22, change the TCP/IP Port field to reflect the proper port.

Enter the username in the Logon field, and the password in the Password field.

Note:

If the name of the Unix server resolves properly from the Argent server (or any monitoring engine which will be used), do not use the Alternative IP field. This field should only be used if the name does not resolve on its own. (To test if the name resolves, open a command prompt and try to ping the name.) Even if the name and the IP address point to the same machine, any SSH client, including PLINK and PSCP, treats the two connections as being to different machines. This is part of the security built into the SSH protocol.

Test the connection by clicking the blue Test Unix Connection button. If the host key has not already been cached, you’ll see a message similar to the one below:

Type “y” and hit enter to cache the host key.

You’ll then see a list of files in the Unix machine’s /bin directory scroll by. When it finishes, simply close the window. Click OK, then right-click and choose Save to save the settings to the database.

If you’re using a monitoring engine installed on a Windows machine other than the main Argent server, you’ll need to cache the host key manually. Log onto the Windows machine as the monitoring engine service account and open a command prompt.

Type “plink (machine name)” and hit enter. If prompted to cache the host key, type “y” and hit enter. Once the “login as:” prompt appears, simply hit Ctrl-C to terminate the session. Repeat these steps for each monitored Unix machine.