Windows agent exited with code 5

Hi,
I have installed windows msi agent in windows 2012 R2. I have added it to my Checkmk server which is 1.6.0p20.cee and did a service discovery on port 6556. I am able to get the data. Now I have added the below rule in Datasource Programs → Individual program call instead of agent access:

ssh -p 22 -4 -T -o PreferredAuthentications=publickey -o ConnectTimeout=120 -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null user@ip

I have added the public key into the authorized_keys file. But i ended up with the below exception:

[agent] ERROR: Agent exited with code 5: Warning: Permanently added ‘10.52.16.194’ (ECDSA) to the list of known hosts.

I am not sure about this code and couldn’t find anywhere.

You are sure that the agent is executed over SSH on the Windows machine?
What happens if you do the ssh call manually on the command line?

Yes we are trying to execute via ssh and debug1: Authentication succeeded (publickey) when executed manually.

I mean the complete call with agent execution. Not only the SSH login.
The problem is what do you do on the system after the login? The Windows agent run’s as service and is waiting only on port 6556 for connection. It is normally not advised to run the agent interactively, as the runtime can be very long, depending on the used plugins.

If you want an encrypted data transfer between CMK and client it is easier to use the included encryption option.

But we need to call the agent via ssh

Perhaps this helps:

According to that posting, the exit code 5 is just handed down by ssh from the windows process and indicates an “Access is denied” error for the remote command.

As Andreas said: try the ssh command manually.

Again as Andreas already hinted: There is no agent call in that command. You are just connecting to the remote host but not calling any command.

(security-wise, turning off strict host key checking is rather questionable, but I guess you know that already.)

We have prepended command="/usr/bin/check_mk_agent" befoew the pub key and added it in the authorized keys file in the windows host.

On the Windows host? I say it again the Windows agent should not be used as an interactive application like the Linux shell script. It is a service what should run in the background and collect the asynchronous plugin output there.

Are you sure that “/usr/bin/check_mk_agent” is a valid command on a Windows machine?! Ok, I’m not much of a Windows guy myself, who knows what these new Linux subsystem, Ubuntu in a VM, etc. come with.
And is that command really available for the Windows account that you use?

Again, please manually test the exact and full command you are calling from WATO. You could add one or more “-v” to ssh to get more information. But as long as that command does not succeed and output valid agent data from the site shell, it won’t work in WATO either.

Using the below as per the official guide:
command="“C:\Program Files (x86)\checkmk\service\check_mk_agent.exe” test" ssh-rsa AAAAC3NzaC1lZDI1NTE5AAAAIGb6AaqRPlbEmDnBkeIW3Q6Emb5lr2QEbWEQLmA5pb48 master@mycmkserver

Now that’s something different. Still I’d listen to what Andreas says about the Windows agent.

BTW: I find it quite cumbersome trying to get little pieces of information one bit after the other. Are you aware that this is a not a commercial support ticket but a thread in a community forum where users try to help each other for free and in their spare time? Please try to not make it that hard for the people whose help you are seeking.

Again, provide the full command as called from a shell as the monitoring site’s user. and the output of that command.

That’s different from the call in the manual.
You need to pay attention to the escaping of special characters.

command="\"C:\\Program Files (x86)\\checkmk\\service\\check_mk_agent.exe\" test" ....

This topic was automatically closed 365 days after the last reply. New replies are no longer allowed. Contact @fayepal if you think this should be re-opened.