patricegautier / unifiZabbix

Zabbix templates to monitor pretty much all Unifi devices
181 stars 36 forks source link

Issue using SSH Passwords #86

Open jdeta opened 1 year ago

jdeta commented 1 year ago

Hello, I'm experiencing issues using passwords to connect from Zabbix to my UDM Pro using your templates.

I've supplied a path to a text file containing the ssh user's password in the {$UNIFI_SSHPASS_PASSWORD_PATH} macro as specified in your docs. After I add the host, no data is coming in when I filter my latest data by the UDM Pro host. I'm seeing a few possibly relevant errors.

Under the 'sensor' item, I see Authentication by public key failed. SSHKeyLocation option is not set

My understanding from your doc is the script will not try to use ssh keys to connect if I specified the above macro. However, I've tried creating empty macros for {$UNIFI_SSH_PRIV_KEY_PATH}, {$UNIFI_PRIV_KEY}, and {$UNIFI_PUB_KEY} but the error persists. Is there some type of value I should place in these macros so they are ignored and a password is used?

For the 'mca-dump' item under latest data, I see Preprocessing failed for: { "at":"00:02:22", "r":"Error remote invoking mca-dump-short: Could not create directory /var/lib...

In the mcaDumpShort.err logs, I see the following Error remote invoking mca-dump-short: Could not create directory /var/lib/zabbix/.ssh (No such file or directory).Failed to add the host to the list of known hosts (/var/lib/zabbix/.ssh/known_hosts).Welcome to UbiOSBy logging in, accessing, or using the Ubiquiti product, youacknowledge that you have read and understood the UbiquitiLicense Agreement and agree to be bound by its terms.myuser@udmp: Permission denied (publickey,password)

After creating a known_hosts file and changing the zabbix user to be its owner, the above error changes to Welcome to UbiOSBy logging in, accessing, or using the Ubiquiti product, youacknowledge that you have read and understood the UbiquitiLicense Agreement and agree to be bound by its terms.myuser@udmp: Permission denied (publickey,password)

I do see an entry in the known_hosts file was added.

Some things I've tried are running sudo -u zabbix /usr/lib/zabbix/externalscripts/mca-dump-short.sh -d <my_udmp_ip> -u myuser -t UDMP I am prompted for myuser's ssh password, and I receive json data back with some info in it.

I've also tried (after installing sshpass) running sshpass -f /path/to/password.txt ssh -o HostKeyAlgorithms=+ssh-rsa myuser@udmp And I'm able to ssh to my UDMP without entering a password.

So, it almost seems like the template is not recognizing that I'd like to use passwords instead of keys.

I'm using Zabbix Server 6.2.6, and UniFi OS UDM Pro 1.12.38

P.S. Thanks for putting these templates together! I'm excited to hopefully get this working :)

patricegautier commented 1 year ago

mm this all looks copacetic, your understanding is correct.

What happens on invoking:

sudo -u zabbix /usr/lib/zabbix/externalscripts/mca-dump-short.sh -d -u myuser -t UDMP -p /path/to/password.txt -v

jdeta commented 1 year ago

Apologies for the delayed response. The results of running the above command are:

parse error: Invalid numeric literal at line 1, column 8
{ "at":"00:40:42", "r":"validationError: .network_table? != null", "device":"UDMP.IP", "mcaDumpError":"Error" }

But if I exclude the -v I once again receive json data with info from my UDMP.

jdeta commented 1 year ago

From some initial digging, it looks like that error is related to jq.

The version I'm using is j- q-1.6

json data from my UDM Pro was also logged in mcaDumpShort.err

I tried piping the json output to a json file and test parsing it with jq jq empty testdata.json and it is successful.

patricegautier commented 1 year ago

So what it's complaining about is that the JSON does not contain information needed for by the monitoring zabbix template..

Can you post an example of the JSON you are getting back? Please make sure to take a gander and cross out any info you don't want out there.. Also what model of UDM is this, running which firmware?

jdeta commented 1 year ago

It's a UDM Pro, running 2.5.17

Here is a scrubbed json output example.txt

patricegautier commented 1 year ago

That JSON looks good.. are you still getting the same error on running?

sudo -u zabbix /usr/lib/zabbix/externalscripts/mca-dump-short.sh -d -u myuser -t UDMP -p /path/to/password.txt -v

jdeta commented 1 year ago

Yep :(

parse error: Invalid numeric literal at line 1, column 8
{ "at":"18:26:48", "r":"validationError: .network_table? != null", "device":"UDM_IP", "mcaDumpError":"Error" }
schelle85 commented 6 months ago

I had the same issue on Ubuntu 22.04. with -v

{ "at":"15:43:22", "r":"jq --indent 0 del (.port_table[]?.mac_table) returned status 4; parse error: Invalid numeric literal at line 1, column 8", "device":"IP", "mcaDumpError":"Error" }

exclude the -v I once again receive json data with info from my device!

If you pipe it with | jq you got no issue (without -v)

any ideas?

Thanks

Addendum: There is an additional error in .err with the discovery:

Sat May 4 15:40:31 UTC 2024 UNKNOWN { “at”: “15:40:31”, “r”: “Remote pb: ssh: Could not resolve hostname unknown: Name or service not known", ‘device’: ‘UNKNOWN’, ‘mcaDumpError’: ‘Error’ }\n ssh: Could not resolve hostname unknown: Name or service not known Sat May 4 15:40:31 UTC 2024 UNKNOWN retrievePortNamesInto failed with code 1 Full command was mca-dump-short.sh -d UNKNOWN -u iuBvE -i -t SWITCH_DISCOVERY -p /etc/zabbix/zabbix_ssh_unifi.txt -o 5 -b

The IP of the switch is entered as the host in Zabbix.

patricegautier commented 6 months ago

I think the discovery issue is separate -- let's create a new issue for that one. Does it reoccur?

On the first issue, I just committed an updated version of mca-dump-short. can you update and try the command again with:

sudo -u zabbix /usr/lib/zabbix/externalscripts/mca-dump-short.sh -d -u myuser -t UDMP -p /path/to/password.txt -v -x > /tmp/mcadump.log

and send the resulting file /tmp/mcadump.log?