Ad Widget

Collapse

ssh check fails with public key and password

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • danpre
    Junior Member
    • Dec 2021
    • 3
    #1

    ssh check fails with public key and password

    Hi,

    zabbix_server (Zabbix) 6.0.0beta1



    On Zabbix server I have created id_rsa and id_rsa.pub in folder /home/zabbix/.ssh

    Changed zabbix_server.conf and restarted zabbix server
    root@srv-zabbix-1:/etc/zabbix# cat zabbix_server.conf | grep SSHKey
    ### Option: SSHKeyLocation
    SSHKeyLocation=/home/zabbix/.ssh


    then I have tested connection from Zabbix server (with user zabbix) to external system using user and password: it works
    then I have tested connection from Zabbix server (with user zabbix) to external system using ssh key: it works


    Now creating a new Item for Host:
    Item type: SSH Agent

    I'm testing connection with user/password or user/public key
    In both cases I get error:

    Password authentication failed: Access denied for 'password'. Authentication that can continue: publickey,password
    Public key try failed: Access denied for 'publickey'. Authentication that can continue: publickey,password

    What could be a root cause?
    Where can I get more detailed logs from this issue? (there is nothing about this issue in /var/log/zabbix)


    2 Photos
    Tags: None
    • sciensys
      Junior Member
      • Feb 2020
      • 20
      #2
      I've got the same issue with version 6.0.5 appliance

      so try using authentication method: password
      it's very strange, but it works.

        Comment

        • sciensys
          Junior Member
          • Feb 2020
          • 20
          #3
          finally solved, for CentOS Compliance version

          to start with you should use only root logins, and only when sure that all works, you could make security tuneups.

          0. ssh server must works and you can login from zabbix console using password
          Code:
          ssh root{ssh_server_ip}
          1. place at ssh server your file contents of id_rsa.pub into: (used following path for ESXi 6.5 ssh server)
          Code:
          /etc/ssh/keys-root/authorized_keys
          if case another user, you need to make permissions:
          Code:
          /etc/ssh/keys-{user}/authorized_keys
chown -R {user} {dir}
chmod 0600 {dir/keyfile}
          restart ssh server
          Code:
          /etc/init.d/ssh restart
          you can debug when will trying to login
          Code:
          cat /var/log/auth.log
          2. make sure, that keys located at: (for other os, find a location when debug testing ssh check in zabbix web GUI)
          Code:
          /var/lib/zabbix/.ssh/
          3. make sure permissions: (zabbix client uses username: 'zabbix' by default, in my case at CentOS Appliance)
          (was try to change location in conf files - and it do not made sense)
          Code:
          chown -R zabbix:root /var/lib/zabbix
chmod -R 700 /var/lib/zabbix
          4. make sure now, that you can use your private key
          Code:
          sudo -u zabbix ssh root@[ssh_server_ip]
          5. make sure now, that you can get value when make ssh checks in zabbix web gui
          you should provide the following:
          Code:
          Host interface: {ssh_server_ip}:{ssh_port}
Authentication method: Public key
User name: root
Publick key file: id_rsa.pub
Private key file: id_rsa
          and now, when press 'Test' you should get respond from ssh server executed scrips, for example at ESXi:
          Code:
          /opt/lsi/storcli/storcli show all j
          p.s I've got modified a template for monitoring LSI RAID controller, installed at server with ESXi 6.5
          and template works!
          Attached Files
          Last edited by sciensys; 03-07-2022, 15:05.

            Comment

            • rvs1
              Junior Member
              • Jul 2022
              • 1
              #4
              Hello sciensys ,

              I´m currently struggling with RAID Monitoring in combination with ESXI & LSI aswell. I´m currently trying to modify this template (https://github.com/mykolq/zabbix_lsi_template) to work without an zabbix agent on the host and it´s giving me a hard time, I´m trying to do it with the SSH Agent. Is there a possibility that you can share your template here?


              Best regards.

                Comment

                Previous template Next
                Working...