I want to create a custom sensor which accesses Linux machines using SSH. For authentication, PRTG provides the command line parameters %linuxuser and %linuxpassword. However, for security reasons, we use SSH pubic key authentication on our Linux servers. The corresponding private keys are in PRTG and work well with predefined SSH sensors. How can I access those private keys in my custom sensor?
We do not have a placeholder for the key since this would cause more issues for us when used and we would be forced to change how some of the sensors work. The keys that are set up at the device level will work for the sensors themselves but we cannot pass this parameter through a placeholder.
So that means SSH is not usable in custom sensors when devices are accessed via RSA authentication (which should be the default in corporate environments)?
If you place a custom SSH sensor on a Linux machine and are running the sensor locally, the RSA key that is in the settings for that device will be used to run the script. If you are running the SSH sensor to query another Linux machine from the Linux machine that is set up in PRTG, there is no placeholder for an RSA key. So it's possible to run a custom SSH sensor with PRTG when you are using RSA keys, it just isn't possible to use a Linux box to run the custom SSH sensor on a different Linux box.
What does "the RSA key that is in the settings for that device will be used to run the script" mean? How do I access the RSA key from inside the script? When I connect via SSH to the Linux machine I've created the sensor for using an SSH library, I usually have to explicitly provide the RSA key to use, it doesn't "just happen". In this concrete case, I'm using a Perl script with lib Net::SSH2.
What I mean is that PRTG will use the RSA key that is stated in the settings for a device to authenticate to the device in order to run the script that it is set up to run.
What does this script do exactly? If you are using the lib SSH2 I would think you are trying to access another Linux machine with the script on the machine that is being monitored by PRTG.
OK I see the misunderstanding here. We do not use an SSH script sensor, as we have devices where we have SSH access to, but not the option to create the directory on the device that is necessary to hold the scripts in order to be accessible to an SSH script sensor. What we want to create is a script sensor that monitors a device via SSH, having the complete monitoring logic as well as the SSH functionality inside the script that runs on the probe. That's the reason I need to have the SSH private key configured for the device in PRTG to be accessible via a command line argument placeholder, as I need to pass it to the sensor script.
I will bring this idea up at the next support / dev meeting and write here what the result is. I think that likely it will get shot down since RSA keys are not something that we want to transmit in our skripts for security reasons but I will check and get back to you.