You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
A mode of the SSH check that would only check for a valid SSH connection banner. It's an upgrade from a plain TCP check but lighter weight than a full SSH check as done today.
An example of a borked OpenSSH server that passes a TCP check:
Why do you personally want this feature to be implemented?
While the current SSH check does allow checking an SSH endpoint it has limitations that I'd love to overcome:
It can only validate with authentication -> Requires exposing credentials to monitoring, even if it can be done via env variables.
It requires password auth -> No support for pubkey auth, requires keeping password auth enabled in sshd which is against security best practices.
How long have you been using this project?
1y
Additional information
The banner check is just the first idea I was able to confirm in a real scenario. If someone knows a bit more of the protocol then perhaps there's more quick wins a bit deeper. But, then again a quick "does the server send any banner after TCP open would already be a big improvement.
The text was updated successfully, but these errors were encountered:
TwiN
changed the title
FR: authless basic SSH checking
fix(ssh): Support authless connection
Apr 9, 2024
Describe the feature request
A mode of the SSH check that would only check for a valid SSH connection banner. It's an upgrade from a plain TCP check but lighter weight than a full SSH check as done today.
An example of a borked OpenSSH server that passes a TCP check:
... After which the connection terminates.
An example of a functioning OpenSSH server:
... After which the connection terminates.
Why do you personally want this feature to be implemented?
While the current SSH check does allow checking an SSH endpoint it has limitations that I'd love to overcome:
How long have you been using this project?
1y
Additional information
The banner check is just the first idea I was able to confirm in a real scenario. If someone knows a bit more of the protocol then perhaps there's more quick wins a bit deeper. But, then again a quick "does the server send any banner after TCP open would already be a big improvement.
The text was updated successfully, but these errors were encountered: