Closed AndriyChernov closed 1 month ago
(I've edited the issue so it is more readable)
Hello,
Your mapping doesn't seem to be correct, I don't think it works if you leave a mapping empty. You need to add the ssh_port mapping on index 3, add mapping for index 6 (switch), also in your source there seems to be one element too many 'Group1'.
Also, I'm not sure you can pass the desired proxy user as an argument (proxy-user@proxy-ip), I haven't tested it ... It seems to me that it uses the Oxidized user with Docker (and the user that launches the service in a direct installation).
Here's the example I used, which seems to work (unless the equipment behind the proxy is also a Mikrotik cf : #3114 ) :
Generate SSH key with Oxidized user :
sudo -u oxidized ssh-keygen -b 4096 -t rsa
(you can add passphrase or not)
If you use docker, mount new volume for .ssh (for persistence) :
In docker-compose add :
volumes:
- ./oxidized/.ssh:/home/oxidized/.ssh/
and :
docker exec -it <container_name/id> bash
su oxidized
ssh-keygen -b 4096 -t rsa
Upload id_rsa.pub in Mikrotik router file (the ssh proxy) and create a new user 'oxidized', (/System/Users) the user's password doesn't matter.
Import SSH Keys (/System/Users/SSH Keys) and link it to the new user 'oxidized' with the first field : name. ! SSH Forwarding must be enable !
Create a classic ssh user on the device behind the proxy (here user is 'switch_user' and password 'switch_pass'
Config file example :
config:
source:
default: csv
csv:
file: "/home/oxidized/.config/oxidized/router.db"
delimiter: !ruby/regexp /:/
map:
name: 0
model: 1
ip: 2
ssh_port: 3
username: 4
password: 5
group: 6
vars_map:
ssh_proxy: 7
auth_method: 8
vars:
auth_methods: [ "publickey", "password" ]
ssh_keys: "/home/oxidized/.ssh/id_rsa"
router.db (source) :
#name:model:ip:ssh_port:username:password:group:ssh_proxy:auth_method
sw.fiber:routeros:10.70.0.10:22:<switch_user>:<switch_pass>:switch:<proxy_ip>:publickey
I hope I've made myself clear, and that this may help you and others.
I have Ubuntu 22.04 with ruby 3.0.2p107 and oxidized 0.29.1
source:
My device and ssh proxy is Mikrotik ROS 6.49.8. ssh forwarding is enabled.
When I try to connect via proxy I have next message in log:
/var/lib/gems/3.0.0/gems/oxidized-0.29.1/lib/oxidized/input/ssh.rb:27:in connect : Passing nil, or [nil] to Net::SSH.start is deprecated for keys: proxy
Without ssh-proxy I have a successful connection to all devices.