The ultimate security for invoking a Checkmk-agent is offered by invoking it via Secure Shell – in Linux in the form of an implementation of OpenSSH.  Since Windows 10 and Windows Server 2019 OpenSSH is already included.

Step-by-step guide

Add the steps involved:

  1. nStart OpenSSH Server

    net start sshd


  2. Create SSH Key pair

    ssh-keygen




  3.  Create the file 'authorized_keys' in C:\Users\<USERNAME>\.ssh\

    fsutil file createnew authorized_keys 2000


    1. Put in the public key from Checkmk Site User
  4. Now you can login without Password to the Windows machine

    OMD[nagnis_master]:~$ ssh IEUser@192.168.2.106
    
    Microsoft Windows [Version 10.0.17763.379]
    (c) 2018 Microsoft Corporation. Alle Rechte vorbehalten.
    
    ieuser@MSEDGEWIN10 C:\Users\IEUser>
    
    
    


  5. Modify the authorized_keys on the Windows Host and restrict access to the execution on the agent

    command="\C":\\Program Files (x86)\\checkmk\\service\\check_mk_agent.exe\" test" ssh-rsa AAAAC3NzaC1lZDI1NTE5AAAAIGb6AaqRPlbEmDnBkeIW3Q6Emb5lr2QEbWEQLmA5pb48 mysite@mycmkserver


  6. Go to Checkmk and configure a special agent for the Windows Hosts
    1. WATO CONFIGURATION → Host & Service Parameters → Datasource Programs → Individual program call instead of agent access


  7. Modify the Datasource of the Windows Host
    1. WATO CONFIGURATION → Hosts → Edit the properties of this host


  8. Now you can stop the Checkmk Agent Service on the Windows Host

    net stop CheckMkService


  9. Diagnosis

    OMD[nagnis_master]:~$ cmk -d Windows_SSH |more
    <<<check_mk>>>
    Version: 1.6.0p19
    BuildDate: Nov 16 2020
    AgentOS: windows
    Hostname: MSEDGEWIN10
    Architecture: 64bit
    
    or via SSH
    
    OMD[nagnis_master]:~/$ ssh IEUser@192.168.2.128 " "
    or
    OMD[nagnis_master]:~/$ ssh -T IEUser@192.168.2.128
    
    



If OpenSSH is not already installed on your System, you can install it by following this manual: https://docs.microsoft.com/de-de/windows-server/administration/openssh/openssh_install_firstuse

If you want to learn more about configuring OpenSSH under Windows, please take a look at this manual: https://docs.microsoft.com/de-de/windows-server/administration/openssh/openssh_server_configuration  

A more detailed manual:  https://forum.checkmk.com/t/windows-agent-abfrage-uber-ssh/22421

Related articles

Related articles appear here based on the labels you select. Click to edit the macro and add or change labels.



Related issues