patricegautier/unifiZabbix

Connecting to udm disables ssh keypairs

RemcoVroman opened this issue · 7 comments

Hi Patrice,

Thanks for all the great work you already have done !

Unifi has chosen not to implement ssh keypairs for the udmp (god knows why....). So for the udmp I have to use user root and corresponding password.

When I put in a password location, I see all other unifi stuff become unsupported. This will be the result of wrong syntax in the password file.

So, two questions:

1: What is the correct syntaxt for the content in the password file ?
2: Is it possible to use passwords only for the udmp and leave all other devices on ssh key-pairs ?

Best regards,
Remco

Unifi has chosen not to implement ssh keypairs for the udmp (god knows why....). So for the udmp I have to use user root and corresponding password.

I am pretty sure that's not right.. I have at least 2 of those working with key pairs.. What's the symptom?

388983:20230215:214946.220 sending configuration data to proxy "FN-PRX001" at "92.66.104.1", datalen 96256, bytes 12082 with compression ratio 8.0
388966:20230215:215027.748 error reason for "FN-FW005:mca-dump-short.sh["-d","{HOST.CONN}", "-u", "root", "-i", "{$UNIFI_SSH_PRIV_KEY_PATH}", "-t", "UDMP", "-p", "{$UNIFI_SSHPASS_PASSWORD_PATH}", "-o", "{$UNIFI_CHECK_TIMEOUT}","-b"]" changed: Preprocessing failed for: { "at":"21:51:10", "r":"Remote pb: Welcome to UbiOSBy logging in, accessing, or using the Ubiquit...

  1. Failed: Error

This is the log entry from the zabbix-server log. So it uses root to login into the udmp. My thought wat to refence {$UNIFI_SSHPASS_PASSWORD_PATH} to a file with the password in it.

Directly after I apply the password file, these log entry's appear:
388969:20230215:215527.904 item "FN-SW002:mca-dump-short.sh["-d","{HOST.CONN}", "-u", "{$UNIFI_USER}", "-i", "{$UNIFI_SSH_PRIV_KEY_PATH}", "-t", "SWITCH", "-p", "{$UNIFI_SSHPASS_PASSWORD_PATH}", "-U", "{$UNIFI_VERBOSE_SSH}", "-o", "{$UNIFI_CHECK_TIMEOUT}","-b"]" became not supported: Preprocessing failed for: { "at":"21:55:27", "r":"timeout (127)", "device":"192.168.1.51", "mcaDumpError":"Error" }

  1. Failed: Error
    388969:20230215:215544.911 item "FN-AP0012:mca-dump-short.sh["-d","{HOST.CONN}", "-P", "{$UNIFI_SSH_PORT}", "-u", "{$UNIFI_USER}", "-i", "{$UNIFI_SSH_PRIV_KEY_PATH}", "-t", "AP", "-p", "{$UNIFI_SSHPASS_PASSWORD_PATH}", "-o", "{$UNIFI_CHECK_TIMEOUT}","-b"]" became not supported: Preprocessing failed for: { "at":"21:55:44", "r":"timeout (127)", "device":"192.168.1.150", "mcaDumpError":"Error" }
  2. Failed: Error
    388966:20230215:215551.914 item "FN-SW007:mca-dump-short.sh["-d","{HOST.CONN}", "-u", "{$UNIFI_USER}", "-i", "{$UNIFI_SSH_PRIV_KEY_PATH}", "-t", "SWITCH", "-p", "{$UNIFI_SSHPASS_PASSWORD_PATH}", "-U", "{$UNIFI_VERBOSE_SSH}", "-o", "{$UNIFI_CHECK_TIMEOUT}","-b"]" became not supported: Preprocessing failed for: { "at":"21:55:51", "r":"timeout (127)", "device":"192.168.1.50", "mcaDumpError":"Error" }
  3. Failed: Error
    388967:20230215:215552.915 item "FN-SW007:mca-dump-short.sh["-d","{HOST.CONN}", "-u", "{$UNIFI_USER}", "-i", "{$UNIFI_SSH_PRIV_KEY_PATH}", "-t", "SWITCH_FEATURE_DISCOVERY", "-p", "{$UNIFI_SSHPASS_PASSWORD_PATH}", "-o", "{$UNIFI_CHECK_TIMEOUT}","-b"]" became not supported: Preprocessing failed for: { "at":"21:55:52", "r":"timeout (127)", "device":"192.168.1.50", "mcaDumpError":"Error" }
  4. Failed: Error
    388969:20230215:215553.916 error reason for "FN-SW007:mca-dump-short.sh["-d","{HOST.CONN}", "-u", "{$UNIFI_USER}", "-i", "{$UNIFI_SSH_PRIV_KEY_PATH}", "-t", "SWITCH_DISCOVERY", "-p", "{$UNIFI_SSHPASS_PASSWORD_PATH}", "-o", "{$UNIFI_CHECK_TIMEOUT}","-b"]" changed: Preprocessing failed for: { "at":"21:55:53", "r":"timeout (127)", "device":"192.168.1.50", "mcaDumpError":"Error" }
  5. Failed: Error
    388968:20230215:215556.917 item "FN-AP0013:mca-dump-short.sh["-d","{HOST.CONN}", "-P", "{$UNIFI_SSH_PORT}", "-u", "{$UNIFI_USER}", "-i", "{$UNIFI_SSH_PRIV_KEY_PATH}", "-t", "AP", "-p", "{$UNIFI_SSHPASS_PASSWORD_PATH}", "-o", "{$UNIFI_CHECK_TIMEOUT}","-b"]" became not supported: Preprocessing failed for: { "at":"21:55:56", "r":"timeout (127)", "device":"192.168.1.151", "mcaDumpError":"Error" }
  6. Failed: Error

That log is full with these lines:
Wed 15 Feb 22:12:10 CET 2023 192.168.201.1
{ "at":"22:12:10", "r":"Remote pb: Welcome to UbiOSBy logging in, accessing, or using the Ubiquiti product, youacknowledge that you have read and understood the UbiquitiLicense Agreement and agree to be bound by its terms.root@192.168.201.1: Permission denied (publickey,password).", "device":"192.168.201.1", "mcaDumpError":"Error" }\n

Wed 15 Feb 22:12:11 CET 2023 192.168.201.1
\n

Wed 15 Feb 22:13:10 CET 2023 192.168.201.1
{ "at":"22:13:10", "r":"Remote pb: Welcome to UbiOSBy logging in, accessing, or using the Ubiquiti product, youacknowledge that you have read and understood the UbiquitiLicense Agreement and agree to be bound by its terms.root@192.168.201.1: Permission denied (publickey,password).", "device":"192.168.201.1", "mcaDumpError":"Error" }\n

Wed 15 Feb 22:13:11 CET 2023 192.168.201.1

sudo -u zabbix /usr/lib/zabbix/externalscripts/mca-dump-short.sh -d 192.168.201.1 -u root -i /home/zabbix/.ssh/ssh_pwd -t UDMP
This command does not use the password file, but when I give the password manualy then it works

I just copied manualy the key into the udmp, accouding to youre manual. That seems to be te missing step for me, because now it gives:

388969:20230215:223728.353 item "FN-FW005:mca-dump-short.sh["-d","{HOST.CONN}", "-u", "root", "-i", "{$UNIFI_SSH_PRIV_KEY_PATH}", "-t", "UDMP", "-p", "{$UNIFI_SSHPASS_PASSWORD_PATH}", "-o", "{$UNIFI_CHECK_TIMEOUT}","-b"]" became supported

now no password file is needed. Sorry for my mistake