We are locking down our SSH access to servers. We create a new zone, add ssh to that zone, add source addresses , and remove ssh from public.
We have 127 hosts monitored by one of proxies. When we enable this SSH settings, three of the 127 hosts are unable to send active checks. The three are all Rocky Linux. Two are Rocky 9, one is Rocky 8. There are other Rocky Linux servers on this proxy that are fine.
A netstat before and after appears to be the same for port 10051. I tried this the other day to do this and it was the same three servers.
If I remove the firewall config, active checks start working again.
It's like the Zabbix Proxy needs ssh, but I put the IP of the proxy in but it did not help.
We have 127 hosts monitored by one of proxies. When we enable this SSH settings, three of the 127 hosts are unable to send active checks. The three are all Rocky Linux. Two are Rocky 9, one is Rocky 8. There are other Rocky Linux servers on this proxy that are fine.
A netstat before and after appears to be the same for port 10051. I tried this the other day to do this and it was the same three servers.
If I remove the firewall config, active checks start working again.
It's like the Zabbix Proxy needs ssh, but I put the IP of the proxy in but it did not help.
Attached Files
Comment