You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Created by jackjackdrpr on 2014-10-24 21:19:07 +00:00
Assignee: (none)
Status: Resolved (closed on 2015-05-28 08:54:02 +00:00)
Target Version: 2.0.0-rc1
Last Update: 2015-05-28 08:54:02 +00:00 (in Redmine)
Despite being able to specify a user in the remote settings, the remote transport still tries to ssh supplying the apache/nginx user's ssh key location, which I think is a cause for security issues, if we allow bash access to the said user. Right now my work around was exactly that. Giving apache user bash and ssh key. Although the apache user really does not have a password set to it.
Noticed when CommandTransport forms the commands it creates something like this:
Updated by elippmann on 2015-03-31 09:39:49 +00:00
Subject changed from CommandTransport ssh command missing -i option when using a ssh user aside from the webserver's user to Commands sent over SSH are missing the -i option when using a ssh user aside from the webserver's user
This issue has been migrated from Redmine: https://dev.icinga.com/issues/7447
Created by jackjackdrpr on 2014-10-24 21:19:07 +00:00
Assignee: (none)
Status: Resolved (closed on 2015-05-28 08:54:02 +00:00)
Target Version: 2.0.0-rc1
Last Update: 2015-05-28 08:54:02 +00:00 (in Redmine)
Despite being able to specify a user in the remote settings, the remote transport still tries to ssh supplying the apache/nginx user's ssh key location, which I think is a cause for security issues, if we allow bash access to the said user. Right now my work around was exactly that. Giving apache user bash and ssh key. Although the apache user really does not have a password set to it.
Noticed when CommandTransport forms the commands it creates something like this:
ssh -o BatchMode=yes -p 22 -l 'icingauser' 'icinga101.dev.company.com' "echo '[1414183090] SCHEDULE_FORCED_SVC_CHECK;icinga103.dev.company.com;load;1414183090' > '/var/run/icinga2/cmd/icinga2.cmd'"
The -l "user" option requires a -i "location of the key", counterpart.
Changesets
2015-05-28 08:51:56 +00:00 by afuhr a47d05a
Relations:
The text was updated successfully, but these errors were encountered: