Last update: December 28, 2022
This is a monitoring plugin written in Bash to check SFTP servers. The plugin supports both key and password authentication. Both open and encrypted (by passphrase) private keys are supported. The plugin will attempt to establish a connection to a specified SFTP server (-H). After a successful connection, the plugin will upload and then download a temporary file into a specified remote directory (-d).
If you are looking for commercial support for this monitoring plugin, need customized modifications or in general customized monitoring plugins, contact us at Infiniroot.com.
820 downloads so far...
Download plugin and save it in your Nagios/Monitoring plugin folder (usually /usr/lib/nagios/plugins, depending on your distribution). Afterwards adjust the permissions (usually chmod 755).
Community contributions welcome on GitHub repository.
20221223 1.0.0: Public release
20221223 1.0.1: Add private key authentication with passphrase (issue #1)
20221227 1.0.2: Adjust help, add key auth commands requirement, debug clean
Parameter | Description |
-H * | Hostname or ip address of SFTP server |
-P | Port (default: 22) |
-u | Username for SFTP login (default: $USER from Shell environment |
-p | Password for SFTP login. The use of a password will toggle password authentication, unless an identity key file (-i) is used; in this case it will be used as passphrase for the private key |
-i | Identity file/Private Key for Key Authentication (example: '~/.ssh/id_rsa') |
-o | Additional SSH options (-o ...) to be added (default: '-o StrictHostKeyChecking=no ') |
-d | Remote directory to use for upload/download (default: monitoring) |
-t | Local temp directory (default: /tmp) |
-v | Verbose mode (shows sftp commands and output) |
-h | Shows help |
* mandatory parameter
Usage:
./check_sftp.sh -H SFTPServer [-P port] [-u username] [-p password] [-i privatekey] [-o options] [-d remotedir] [-t tmpdir] [-v]
Example: SFTP check using password authentication. By submitting a username and password, password authentication will be toggled in the plugin.
./check_sftp.sh -H sftp.example.com -u sftpuser -p verysecret
CHECK_SFTP OK: Communication to sftp.example.com worked. Upload, Download and Removal of file (mon.1672123986) into/from remote directory (monitoring) worked.|checktime=0s;;;;
Example: SFTP check using a different SSH port. By submitting a port, the default port (22) will be overwritten.
./check_sftp.sh -H sftp.example.com -P 2222 -u sftpuser -p verysecret
CHECK_SFTP OK: Communication to sftp.example.com worked. Upload, Download and Removal of file (mon.1672123986) into/from remote directory (monitoring) worked.|checktime=0s;;;;
Example: SFTP check using key authentication. By specifying a private key as identity file (-i), key authentication will be toggled in the plugin.
./check_sftp.sh -H sftp.example.com -u sftpuser -i ~/.ssh/id_rsa
CHECK_SFTP OK: Communication to sftp.example.com worked. Upload, Download and Removal of file (mon.1672124527) into/from remote directory (monitoring) worked.|checktime=1s;;;;
Example: SFTP check using key authentication with encrypted private key. When using key authentication (-i), the password parameter (-p) can be used to define the passphrase to unlock the private key.
./check_sftp.sh -H sftp.example.com -u sftpuser -i ~/.ssh/id_rsa -p passphrase
CHECK_SFTP OK: Communication to sftp.example.com worked. Upload, Download and Removal of file (mon.1672124662) into/from remote directory (monitoring) worked.|checktime=1s;;;;
The following command definition allows optional parameters all defined within ARG3.
# 'check_sftp' command definition using password authentication
define command{
command_name check_sftp
command_line $USER1$/check_sftp.sh -H $HOSTADDRESS$ -u $ARG1$ -p $ARG2$ $ARG3$
}
Another way using private key paths for key authentication. Additional parameters can be defined within ARG3.
# 'check_sftp' command definition using key authentication
define command{
command_name check_sftp
command_line $USER1$/check_sftp.sh -H $HOSTADDRESS$ -u $ARG1$ -i $ARG2$ $ARG3$
}
object CheckCommand "check_sftp" {
import "plugin-check-command"
command = [ PluginDir + "/check_sftp.sh" ]
arguments = {
"-H" = "$sftp_address$"
"-P" = "$sftp_port$"
"-u" = "$sftp_user$"
"-p" = "$sftp_password$"
"-i" = "$sftp_keyfile$"
"-o" = "$sftp_options$"
"-d" = "$sftp_directory$"
"-t" = "$sftp_tmpdir$"
"-v" = {
set_if = "$sftp_verbose$"
}
}
vars.sftp_address = "$address$"
vars.sftp_verbose = false
vars.sftp_port = "22"
vars.sftp_directory = "monitoring"
vars.sftp_tmpdir = "/tmp"
}
# Check SFTP using password auth
define service{
use generic-service
host_name sftp.example.com
service_description SFTP
check_command check_sftp!sftpuser!password
}
# Check SFTP using key auth
define service{
use generic-service
host_name sftp.example.com
service_description SFTP
check_command check_sftp!sftpuser!/home/nagios/sftp_example_com_key!-p passphrase
}
# Check SFTP using password authentication
object Service "SFTP" {
import "generic-service"
host_name = "sftp.example.com"
check_command = "check_sftp"
vars.sftp_user = "sftpuser"
vars.sftp_password = "password"
}
# Check SFTP using key authentication and key passphrase
object Service "SFTP" {
import "generic-service"
host_name = "sftp.example.com"
check_command = "check_sftp"
vars.sftp_user = "sftpuser"
vars.sftp_keyfile = "/home/nagios/sftp_example_com_key"
vars.sftp_password = "passphrase"
}