Troubleshooting the Failure of the eG Remote Agent to Connect to or Report Measures for Linux Guests
By default, the eG agent uses secure shell (SSH) to connect to Linux guests, and collect performance metrics from them. Password Authentication is the default method for SSH connections in eG Enterprise. If the eG agent fails to report measures for a Linux guest or is unable to connect to a guest, it could imply that the Linux guest does not support SSH or that password authentication is not supported by the SSH daemon running on the Linux guest. Under such circumstances, you can perform either of the following:
- Enable Password Authentication in the SSH daemon on the Linux guest; or,
- Implement Key-Based Authentication between eG agent and the SSH daemon of the Linux guest.
If you pick option (1), then follow the steps given below to enable password authentication:
- Login to the Linux guest to be monitored.
- Edit the sshd_config file in the /etc/ssh directory.
- Check whether the Password Authentication flag in the sshd_config file is set to no. If so, set it to yes.
-
Then, save the file and restart/signal the SSH daemon (eg., using kill -1 <sshd_config pid>).
On the contrary, if you choose to enable key-based authentication [i.e, option (2)], then you will have to generate a public/private key pair. A public/private key pair is available in the <eg_install_dir>\agent\sshkeys directory (on Windows; on Unix, this will be /opt/egurkha/agent/sshkeys) of the eG agent. While the private key is available in the file named id_rsa, the public key is contained within the file authorized_keys. You now have the option to proceed with the default keys or generate a different key pair. If you decide to go with the keys bundled with the eG agent, do the following:
- To enable key-based authentication, the private key should remain in the <eg_install_dir>\agent\sshkeys directory (on Windows; on Unix, this will be /opt/egurkha/agent/sshkeys), and the public key should be copied to each of the Linux guests to be monitored. To achieve this, first login to the Linux guest to be monitored as the eG user.
- Create a directory named .ssh in the <user_Home_dir> on the guest operating system, using the command: mkdir ~/.ssh.
- Next, copy the authorized_keys file from the <eg_install_dir>\agent\sshkeys directory (on Windows; on Unix, this will be /opt/egurkha/agent/sshkeys) on the eG remote agent host to the <user_Home_dir>/.ssh directory on the Linux guest.
- Make sure that the permission of the .ssh directory and the authorized_keys file is 700.
- Finally, on the eG manager host, edit the <eg_install_dir>\manager\config\eg_tests.ini file. Against the EgJavaSSHKeyFile parameter, enter: agent/sshkeys/id_rsa.pub, and save the file.
On the other hand, if you want to generate a new key pair, then do the following:
- Login to any Linux host in your environment (even a Linux VM) as an eG user.
-
From the <user_home_dir>, execute the command: ssh-keygen -t rsa. Upon executing the command, you will be requested to specify the full path to the file to which the key is to be saved. By default, a directory named .ssh will be created in the <user_home_dir>, to which the key pair will be saved. To go with the default location, simply press Enter.
Generating public/private rsa key pair.
Enter file in which to save the key (/home/egurkha/.ssh/id_rsa): -
Next, you will be prompted to provide a pass phrase. Provide any pass phrase of your choice.
Enter passphrase (empty for no passphrase): eginnovations
Enter same passphrase again: eginnovations -
If the key pair is created successfully, then the following messages will appear:
Your identification has been saved in /hom
e/egurkha/.ssh/id_rsa.
Your public key has been saved in /home/egurkha/.ssh/id_rsa.pub.
The key fingerprint is:
09:f4:02:3f:7d:00:4a:b4:6d:b9:2f:c1:cb:cf:0e:e1 dclements@sde4.freshwater.com - The messages indicate that the private key has been saved to a file named id_rsa in the <user_home_dir>/.ssh, and the public key has been saved to a file named id_rsa.pub in the same directory. Now, to enable key-based authentication, login to the Linux guest to be monitored as the eG user.
- Create a directory named .ssh in the <user_Home_dir> on the guest operating system, using the command: mkdir ~/.ssh.
- Next, copy the id_rsa.pub file from the <user_home_dir>/.ssh directory on the Linux host to the <user_Home_dir>/.ssh directory on the Linux guest.
- Ensure that the id_rsa.pub file on the Linux guest is renamed as authorized_keys.
- Repeat this procedure on every Linux guest to be monitored.
-
Then, lock the file permissions down to prevent other users from being able to read the key pair data, using the following commands:
chmod go-w ~/
chmod 700 ~/.ssh
chmod go-rwx ~/.ssh/*
- Finally, on the eG manager host, edit the <eg_install_dir>\manager\config\eg_tests.ini file. Against the EgJavaSSHKeyFile parameter, enter: agent/sshkeys/id_rsa.pub, and save the file.
Instead of choosing between the authentication modes (Password or Key-based), you can also disable the usage of the Java SSH client, and use plink to connect to Linux guests. To achieve this, follow the steps given below:
- Edit the eg_tests.ini file in the /opt/egurkha/manager/config directory (on Unix; on Windows, this will be <EG_INSTALL_DIR>\manager\config directory).
- Set the JavaSSHForVm flag in the [agent_settings] section of the file to false; by default, this is set to true indicating that the eG agent uses Java SSH by default. By setting the flag to false, you can ensure that the eG agent does not use Java SSH, and instead uses the plink command to connect to Linux guests.
-
The plink command exists in the <EG_INSTALL_DIR>\lib\vmgfiles directory (on Windows; on Unix, this will be /opt/egurkha/lib/vmgfiles) of the eG agent. To use the plink command, you need to explicitly configure the SSH keys, so that the eG agent is able to communicate with the Linux guests using SSH. To do this, follow the steps given below:
- Go to the command prompt and switch to the directory containing the plink command.
-
Then, execute the plink command to connect to any of the Linux-based virtual machines on the vSphere host. The syntax for the plink command is as follows:
plink -ssh <user>@<IP_of_target_host> <command>
For example, assume that you want to connect to the virtual machine, 192.168.10.7, as user john with password john, to know its hostname. The syntax of the plink command in this case will be:
plink -ssh john@192.168.10.7 hostname, where hostname is the command to be executed on the remote host for extracting its hostname.
-
To ensure that you do not connect to an imposter host, ssh2.x presents you with a unique host key fingerprint for that host, and requests your confirmation to save the displayed host key to the cache.
The server's host key is not cached in the registry. You have no guarantee that the server is the computer you think it is.
The server's rsa2 key fingerprint is:<host key>
If you trust this host, enter "y" to add the key to PuTTY's cache and carry on connecting.
If you want to carry on connecting just once, without adding the key to the cache, enter "n".
If you do not trust this host, press Return to abandon the connection.
Store key in cache? (y/n) y
Once you confirm the host key storage and provide the user's password to connect to the virtual guest, this message will not appear during your subsequent attempts to connect to any Linux-based virtual machine on the monitored vSphere/ESX host. In other words, the eG agent will be able to execute tests on all Linux guests on the target ESX host without any interruption. Therefore, press y to confirm key storage.