Integrating Nagios with Firefox and SSH sessions

Even advanced command line users are sometimes fed up with writing long hostnames to startup ssh sessions. The situation gets worst as more hosts have to be accessed on a daily basis.

Unlike other monitoring systems Nagios presents a web-based interface which, by default, does not provide a way for directly acessing the monitored hosts.

Would it be nice to access Nagios from Firefox and have it launch SSH (or other connections) with a single click? Definitely. Let's see how it's done.

1. Register the ssh:// protocol on Firefox

In the past external handlers were registered via user preferences. From version 3 onward, Firefox honors whatever is registered with gconf. Run the following commands as regular user:

gconftool-2 -s /desktop/gnome/url-handlers/ssh/command '/usr/local/AS/bin/dossh.sh %s' --type String
gconftool-2 -s /desktop/gnome/url-handlers/ssh/enabled --type Boolean true
gconftool-2 -s /desktop/gnome/url-handlers/ssh/needs_terminal --type Boolean false

Update: this will not work on GNOME 3 and Unity based systems, like Ubuntu 12.04. For such systems add a new firefox preference in about:config

network.protocol-handler.expose.ssh=false

This will allow you to manually choose a handler application the first time an ssh:// URL is clicked.

2) Write a helper script to launch SSH sessions

The first command includes the path to a helper script that launches the SSH session. In our case the dossh.sh script is as follows:

#!/bin/bash

ARGS=`echo $@ | sed -e "s/%20/ /g"`
REMOTEHOST=`echo $ARGS | awk '{ print $1 }' |sed -e "s/ssh:\/\///"`
REMOTEPORT=`echo $ARGS | awk '{ print $2 }'`

if [ "x$REMOTEPORT" = "x" ]; then
  REMOTEPORT=22
fi

TERMINAL=xterm
ARGS="-fn 9x18 -fg white -bg black -T  $REMOTEHOST"

export REMOTEHOST
export REMOTEPORT

$TERMINAL $ARGS -e 'echo -n "Username: " ;read REMOTEUSER; ssh $REMOTEHOST -p $REMOTEPORT -l $REMOTEUSER'

You can adapt the script to use a different terminal (adapting its arguments as well), to assume a predefined user so that the username doesn't have to be typed everytime, to accept arguments for other SSH features (ex: portforwarding) and so on. If you have SSH public key distribution in place, you may even login without being prompted for a password.

3) Let Nagios add a special ssh:// URL next to the regular host URL

For this to happen your hosts must include the hostexinfo section in their definition. Please refer to the following example to understand how the action_url parameter creates the special URL:

define host {
use generic-host
host_name vmserver01.intranet
alias vmserver01
address vmserver01.intranet
check_command zoneedit-check-host-alive
max_check_attempts 10
notification_interval 120
notification_period 24x7
notification_options d,u,r
}

define hostextinfo{
use server
host_name vmserver01.intranet
notes CentOS 5.4
action_url ssh://$HOSTNAME$ PORT
}

Note that $HOSTNAME$ is actually to be written with the dollar signs around whereas PORT should be replaced by the port sshd runs on on the particular machine. If the port number is not present the script will assume port 22.

Once this is done, and Nagios is restarted a new icon will appear next to each host. This icon represents a link of the form ssh:// which is handled by the script defined in step 2).

The "explosion" icon is a ssh://hostname link that is handled by Firefox

4) Prevent Firefox from opening a new TAB each time you try to launch an SSH session

By default Nagios creates the new ssh:// links with a target=_blank parameter. This causes a new tab to open on each click. To fix it, you should be able to add or change the following line in the cgi.cfg configuration file:

action_url_target=_self

This option, even if correct according to Nagios documentation, seems to be ignored in our setup. An alternative solution, that works really well, is installing this Greasemonkey script, that gets rid of all the intruse HTML _blank targets.


5) Conclusion:
Nagios can be integrated with Firefox to automate the startup of SSH sessions. The user experience is certainly much better this way. The idea presented here can be adapted and extended. For example, the dossh.sh script can be tweaked so that certain local ports are automatically forwarded by ssh so that we can connect to hosts behind Linux gateways using rdesktop, Firefox, XWindows, FreeNX, VMWare and so on.