patricegautier / unifiZabbix

Zabbix templates to monitor pretty much all Unifi devices
183 stars 36 forks source link

Cannot SSH-COPY-ID to unifi device. #115

Open lslamp opened 7 months ago

lslamp commented 7 months ago

I have tried to follow your instructions It might be that I am misunderstanding the where and what to copy. Please clarify if I am doing something incorrectly. On my zabbix server, in my users home directory, I ran all the necessary commands.

sudo mkdir ~/.ssh/zabbix && sudo chown zabbix ~/.ssh/zabbix && cd ~/.ssh/zabbix sudo -u zabbix ssh-keygen -P "" -t rsa -m pem -f zb_id_rsa

This is the results. As you can see the files are owned by zabbix. username@zabbix:~$ ls -ltr .ssh/zabbix/ total 8 -rw-r--r-- 1 zabbix zabbix 567 Apr 26 12:16 zb_id_rsa.pub -rw------- 1 zabbix zabbix 2455 Apr 26 12:16 zb_id_rsa username@zabbix:~$ sudo -u zabbix ssh-copy-id -i /home/username/.ssh/zabbix/zb_id_rsa 192.168.1.1

/usr/bin/ssh-copy-id: ERROR: failed to open ID file '/home/username/.ssh/zabbix/zb_id_rsa.pub': Permission denied

I have also added the public key into the unifi controller. This was no issue.

Is it possible that I should do the ssh-copy-id to the unifi server and not to my gateway?

I also tried your script that you created.

username@zabbix:~$ ./updatePublicKey.sh -i /home/username/.ssh/zabbix/zb_id_rsa -u zabbix -R -4 -n user@192.168.1.1

Host 192.168.1.1 found: line 12

/home/username/.ssh/known_hosts updated. Original contents retained as /home/username/.ssh/known_hosts.old Warning: Identity file /home/username/.ssh/zabbix/zb_id_rsa not accessible: Permission denied. Need to update public key for user@192.168.1.1 Password: Password: username@zabbix:~$

Thanks for your input with what I am doing wrong. Lawrence

patricegautier commented 7 months ago

Clearly a permission issue..

How about the permissions on the directory /home/username/.ssh/zabbix/ ?

Also what user are you when you run those commands?

lslamp commented 7 months ago

Dear @patricegautier

I am pretty sure that the username is not important because I am using sudo to run the commands. (as advised on the notes.)

I do not want to publish my username on an open forum. below is the answer to your question.

username@zabbix:~$ ls -ltra total 136 drwxr-xr-x 4 root root 4096 Jun 26 2022 .. -rwxr-xr-x 1 username username 2898 Apr 25 19:23 updatePublicKey.sh drwxr-xr-x 15 username username 4096 Apr 25 19:30 . drwx------ 3 username username 4096 Apr 30 14:46 .ssh username@zabbix:~$ ls -ltr .ssh/ -rw------- 1 username username 1147 Apr 22 12:18 authorized_keys -rw-r--r-- 1 username username 3404 Apr 25 21:21 known_hosts.old drwxr-xr-x 2 zabbix zabbix 4096 Apr 26 12:16 zabbix -rw-r--r-- 1 username username 3182 Apr 30 14:45 known_hosts username@zabbix:~$ ls -ltr .ssh/zabbix/ total 8 -rw-r--r-- 1 zabbix zabbix 567 Apr 26 12:16 zb_id_rsa.pub -rw------- 1 zabbix zabbix 2455 Apr 26 12:16 zb_id_rsa username@zabbix:~$

Is it possible that the .ssh/zabbix directory should be placed in a different location. My zabbix user is a system user and as such does not have a home directory and cannot login.

Thanks Lawrence

patricegautier commented 6 months ago

I don’t see anything obviously wrong.. Try:

sudo -u zabbix ssh-copy-id -x -i /home/username/.ssh/zabbix/zb_id_rsa 192.168.1.1

That might yield a clue..

-P

On May 1, 2024, at 11:19 PM, lslamp @.***> wrote:

I am pretty sure that the username is not important because I am using sudo to run the commands. (as advised on the notes.)

I do not want to publish my username on an open forum. below is the answer to your question.

@.:$ ls -ltra total 136 drwxr-xr-x 4 root root 4096 Jun 26 2022 .. -rwxr-xr-x 1 username username 2898 Apr 25 19:23 updatePublicKey.sh drwxr-xr-x 15 username username 4096 Apr 25 19:30 . drwx------ 3 username username 4096 Apr 30 14:46 .ssh @.:$ ls -ltr .ssh/ -rw------- 1 username username 1147 Apr 22 12:18 authorized_keys -rw-r--r-- 1 username username 3404 Apr 25 21:21 known_hosts.old drwxr-xr-x 2 zabbix zabbix 4096 Apr 26 12:16 zabbix -rw-r--r-- 1 username username 3182 Apr 30 14:45 known_hosts @.:$ ls -ltr .ssh/zabbix/ total 8 -rw-r--r-- 1 zabbix zabbix 567 Apr 26 12:16 zb_id_rsa.pub -rw------- 1 zabbix zabbix 2455 Apr 26 12:16 zb_id_rsa @.:$

— Reply to this email directly, view it on GitHub https://github.com/patricegautier/unifiZabbix/issues/115#issuecomment-2089673218, or unsubscribe https://github.com/notifications/unsubscribe-auth/AJFHTJ3G354P2XOE2PFJ5NTZAHLGHAVCNFSM6AAAAABHAGF7XGVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDAOBZGY3TGMRRHA. You are receiving this because you commented.