ssh proxy connection problem

AndriyChernov commented 6 months ago

I have Ubuntu 22.04 with ruby 3.0.2p107 and oxidized 0.29.1

config:
source:
  default: csv
  csv:
    file: "/home/oxidized/.config/oxidized/router.db"
    delimiter: !ruby/regexp /:/
    map:
      name: 0
      model: 1
      ip: 2
      username: 4
      password: 5
      group: 7
    vars_map:
      ssh_proxy: 8
    vars:
      auth_methods: [ "publickey", "password" ]
      ssh_keys: "/home/oxidized/.ssh/id_rsa"

source:

sw.fiber:routeros:10.70.0.10:22:host-user:host-password:switch:Group1:proxy-user@proxy-ip

My device and ssh proxy is Mikrotik ROS 6.49.8. ssh forwarding is enabled.

When I try to connect via proxy I have next message in log:

/var/lib/gems/3.0.0/gems/oxidized-0.29.1/lib/oxidized/input/ssh.rb:27:in connect : Passing nil, or [nil] to Net::SSH.start is deprecated for keys: proxy

Without ssh-proxy I have a successful connection to all devices.

robertcheramy commented 6 months ago

(I've edited the issue so it is more readable)

romainsi commented 5 months ago

Hello,

Your mapping doesn't seem to be correct, I don't think it works if you leave a mapping empty. You need to add the ssh_port mapping on index 3, add mapping for index 6 (switch), also in your source there seems to be one element too many 'Group1'.

Also, I'm not sure you can pass the desired proxy user as an argument (proxy-user@proxy-ip), I haven't tested it ... It seems to me that it uses the Oxidized user with Docker (and the user that launches the service in a direct installation).

Here's the example I used, which seems to work (unless the equipment behind the proxy is also a Mikrotik cf : #3114 ) :

Generate SSH key with Oxidized user : sudo -u oxidized ssh-keygen -b 4096 -t rsa (you can add passphrase or not) If you use docker, mount new volume for .ssh (for persistence) : In docker-compose add : volumes: - ./oxidized/.ssh:/home/oxidized/.ssh/ and : docker exec -it <container_name/id> bash su oxidized ssh-keygen -b 4096 -t rsa
Upload id_rsa.pub in Mikrotik router file (the ssh proxy) and create a new user 'oxidized', (/System/Users) the user's password doesn't matter.
Import SSH Keys (/System/Users/SSH Keys) and link it to the new user 'oxidized' with the first field : name. ! SSH Forwarding must be enable !
Create a classic ssh user on the device behind the proxy (here user is 'switch_user' and password 'switch_pass'

Config file example :

config:
source:
default: csv
csv:
file: "/home/oxidized/.config/oxidized/router.db"
delimiter: !ruby/regexp /:/
map:
  name: 0
  model: 1
  ip: 2
  ssh_port: 3
  username: 4
  password: 5
  group: 6
vars_map:
  ssh_proxy: 7
  auth_method: 8
vars:
  auth_methods: [ "publickey", "password" ]
  ssh_keys: "/home/oxidized/.ssh/id_rsa"

router.db (source) :

#name:model:ip:ssh_port:username:password:group:ssh_proxy:auth_method
sw.fiber:routeros:10.70.0.10:22:<switch_user>:<switch_pass>:switch:<proxy_ip>:publickey

I hope I've made myself clear, and that this may help you and others.

ytti / oxidized

ssh proxy connection problem #3098