[dev.icinga.com #7447] Commands sent over SSH are missing the -i option when using a ssh user aside from the webserver's user

[icinga-migration]

This issue has been migrated from Redmine: https://dev.icinga.com/issues/7447

Created by jackjackdrpr on 2014-10-24 21:19:07 +00:00

Assignee: (none)
Status: Resolved (closed on 2015-05-28 08:54:02 +00:00)
Target Version: 2.0.0-rc1
Last Update: 2015-05-28 08:54:02 +00:00 (in Redmine)

---

Despite being able to specify a user in the remote settings, the remote transport still tries to ssh supplying the apache/nginx user's ssh key location, which I think is a cause for security issues, if we allow bash access to the said user. Right now my work around was exactly that. Giving apache user bash and ssh key. Although the apache user really does not have a password set to it.

Noticed when CommandTransport forms the commands it creates something like this:

ssh -o BatchMode=yes -p 22 -l 'icingauser' 'icinga101.dev.company.com' "echo '[1414183090] SCHEDULE_FORCED_SVC_CHECK;icinga103.dev.company.com;load;1414183090' > '/var/run/icinga2/cmd/icinga2.cmd'"

The -l "user" option requires a -i "location of the key", counterpart.

Changesets

2015-05-28 08:51:56 +00:00 by afuhr a47d05a

Add identity key usage for a specific user in remote command

refs #7595
fixes #7447

---

Relations:

• blocks #7447

[icinga-migration]

Updated by elippmann on 2015-03-31 09:39:49 +00:00

• Subject changed from CommandTransport ssh command missing -i option when using a ssh user aside from the webserver's user to Commands sent over SSH are missing the -i option when using a ssh user aside from the webserver's user
• Category set to Monitoring
• Target Version set to 2.0.0-rc1

[icinga-migration]

Updated by elippmann on 2015-03-31 09:41:55 +00:00

• Blocked set to 7595

[icinga-migration]

Updated by afuhr on 2015-05-28 08:54:02 +00:00

• Status changed from New to Resolved
• Done % changed from 0 to 100

Applied in changeset a47d05a.