Ad Widget

**Atsushi** · 08-01-2016, 12:01

Can you log in using the ssh command from prompt to that host?

**Zetter** · 08-01-2016, 12:38

Absolutely, I can login to that server both my computer and zabbix server via SSH.

**Zetter** · 08-01-2016, 13:36

Also this is my log file,

#tail -f /var/log/zabbix/zabbix_server.log | grep ssh
5958:20160108:132930.689 In substitute_key_macros() data:'ssh.run[ssh2,x.x.x.x,22,utf-8]'
5958:20160108:132930.689 End of substitute_key_macros():SUCCEED data:'ssh.run[ssh2,x.x.x.x,22,utf-8]'
5958:20160108:132930.689 In get_value() key:'ssh.run[ssh2,x.x.x.x,22,utf-8]'
5958:20160108:132930.689 In ssh_run()
5958:20160108:132930.690 End of ssh_run():NOTSUPPORTED
5958:20160108:132930.690 Item [Streaming:ssh.run[ssh2,x.x.x.x,22,utf-8]] error: Cannot connect to SSH server: cannot connect to [[x.x.x.x]:22]: [13] Permission denied
5981:20160108:132932.401 item "Streaming:ssh.run[ssh2,x.x.x.x,22,utf-8]" became not supported: Cannot connect to SSH server: cannot connect to [[x.x.x.x]:22]: [13] Permission denied

**Zetter** · 11-01-2016, 16:12

Still I've same problem :/

Any suggestion about this?

**Atsushi** · 12-01-2016, 03:39

Can you login with user and password that you set the item?
Can you execute that command by that user?

**Zetter** · 12-01-2016, 11:33

Originally posted by Atsushi

Can you login with user and password that you set the item?
Can you execute that command by that user?

Yes I can login to server with user and password which is used in the item. Also I can execute command with that user.

Actually, I'm pretty sure Zabbix couldn't connect to my server because when I created account, I'm getting error like "Cannot connect to SSH server: cannot connect to [[x.x.x.x]:22]: [13] Permission denied".

Thank you,

**Atsushi** · 12-01-2016, 11:52

Do you use SELinux?
If you use SELinux, please check audit log.

ex. RHEL or CentOS
/var/log/audit/audit.log

**Zetter** · 12-01-2016, 13:09

Originally posted by Atsushi

Do you use SELinux?
If you use SELinux, please check audit log.

ex. RHEL or CentOS
/var/log/audit/audit.log

Hi Atsushi,

I use RHEL and checked my audit.log but I'm not sure this is normal or not. Does it tell anything to you?

Thank you so much for your helps!

type=AVC msg=audit(1452576139.223:97083): avc: denied { name_connect } for pid=5975 comm="zabbix_server" dest=22 scontext=unconfined_u:system_r:zabbix_t:s0 tcontext
=system_u

bject_r:ssh_port_t:s0 tclass=tcp_socket
type=SYSCALL msg=audit(1452576139.223:97083): arch=c000003e syscall=42 success=no exit=-13 a0=7 a1=d040c0 a2=10 a3=40 items=0 ppid=5947 pid=5975 auid=0 uid=496 gid=491
euid=496 suid=496 fsuid=496 egid=491 sgid=491 fsgid=491 tty=(none) ses=13 comm="zabbix_server" exe="/usr/sbin/zabbix_server_mysql" subj=unconfined_u:system_r:zabbix_t
:s0 key=(null)
type=AVC msg=audit(1452576139.226:97084): avc: denied { name_connect } for pid=5975 comm="zabbix_server" dest=23 scontext=unconfined_u:system_r:zabbix_t:s0 tcontext
=system_u

bject_r:telnetd_port_t:s0 tclass=tcp_socket
type=SYSCALL msg=audit(1452576139.226:97084): arch=c000003e syscall=42 success=no exit=-13 a0=7 a1=d040c0 a2=10 a3=40 items=0 ppid=5947 pid=5975 auid=0 uid=496 gid=491
euid=496 suid=496 fsuid=496 egid=491 sgid=491 fsgid=491 tty=(none) ses=13 comm="zabbix_server" exe="/usr/sbin/zabbix_server_mysql" subj=unconfined_u:system_r:zabbix_t
:s0 key=(null)

**Atsushi** · 13-01-2016, 05:56

There are log message that the connection was denied by SELinux.

Code:

type=AVC msg=audit(1452576139.223:97083): avc: denied { name_connect } for pid=5975 comm="zabbix_server" dest=22 scontext=unconfined_u:system_r:zabbix_t:s0 tcontext=system_u:object_r:ssh_port_t:s0 tclass=tcp_socket

It has refused that zabbix_server tries to connect with SSH port number(22) of TCP socket.

Please change the settings of SELinux policy.

ex. CentOS 7.2 + MariaDB 5.5.44 + Zabbix 2.4.7

Code:

# getsebool -a|grep zabbix
httpd_can_connect_zabbix --> off
zabbix_can_network --> off
# setsebool -P httpd_can_connect_zabbix on
# setsebool -P zabbix_can_network on
#

**Zetter** · 13-01-2016, 09:19

Solved!

Originally posted by Atsushi

There are log message that the connection was denied by SELinux.

Code:

type=AVC msg=audit(1452576139.223:97083): avc: denied { name_connect } for pid=5975 comm="zabbix_server" dest=22 scontext=unconfined_u:system_r:zabbix_t:s0 tcontext=system_u:object_r:ssh_port_t:s0 tclass=tcp_socket

It has refused that zabbix_server tries to connect with SSH port number(22) of TCP socket.

Please change the settings of SELinux policy.

ex. CentOS 7.2 + MariaDB 5.5.44 + Zabbix 2.4.7

Code:

# getsebool -a|grep zabbix
httpd_can_connect_zabbix --> off
zabbix_can_network --> off
# setsebool -P httpd_can_connect_zabbix on
# setsebool -P zabbix_can_network on
#

Yesss, it works! I don't know how to thanks to you! Thank you so so much..

Ad Widget

SSH Connection Permission Error

SSH Connection Permission Error

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment