routerconfigs on cacti 1.1.17 ssh login fails

General discussion about Plugins for Cacti

Moderators: Developers, Moderators

Axel90
Cacti User
Posts: 139
Joined: Fri Feb 10, 2017 12:41 pm

routerconfigs on cacti 1.1.17 ssh login fails

Post by Axel90 »

Hey guys,
I have routerconfigs installed on ubuntu 17.04 and cacti 1.1.17

However, the ssh login fails when I perform a backup:

2017/07/24 10:57:03 - ERROR PHP WARNING in Plugin 'routerconfigs': ssh2_auth_password(): Authentication failed for using password in file: /usr/share/cacti/site/plugins/routerconfigs/functions.php on line: 666
07/24/2017 10:57:03 AM - ROUTERCONFIGS: x.x.x.x-> ERROR: SSH login failed

Did anyone get that working?

It's no problem to connect from cacti to the switch via ssh manually.
smiles
Cacti User
Posts: 79
Joined: Mon Sep 10, 2012 5:54 pm

Re: routerconfigs on cacti 1.1.17 ssh login fails

Post by smiles »

It's working for me using SSH, but I have preshared keys set up.

What does the console debug output look like on that device? (click on the router debug icon for that host on the devices page)
Axel90
Cacti User
Posts: 139
Joined: Fri Feb 10, 2017 12:41 pm

Re: routerconfigs on cacti 1.1.17 ssh login fails

Post by Axel90 »

What do you mean with preshared keys?

The debug output is empty..
smiles
Cacti User
Posts: 79
Joined: Mon Sep 10, 2012 5:54 pm

Re: routerconfigs on cacti 1.1.17 ssh login fails

Post by smiles »

You can set up preshared SSH keys between your linux box that Cacti runs on and the switch/router you are connecting to, eliminating the need for username/password authentication.

What switch/router make and model are you connecting to?
Axel90
Cacti User
Posts: 139
Joined: Fri Feb 10, 2017 12:41 pm

Re: routerconfigs on cacti 1.1.17 ssh login fails

Post by Axel90 »

Do you mean public key authentication?

my switches are Cisco 3850.

Do you think that's a problem?
smiles
Cacti User
Posts: 79
Joined: Mon Sep 10, 2012 5:54 pm

Re: routerconfigs on cacti 1.1.17 ssh login fails

Post by smiles »

No I have Cisco IOS-XR, IOS-XE, and IOS using SSH without issue. I also just successfully tested it on a 3850 using SSH and Telnet both.
User avatar
Pucho
Cacti User
Posts: 185
Joined: Wed Jul 20, 2016 8:00 pm

Re: routerconfigs on cacti 1.1.17 ssh login fails

Post by Pucho »

I think smiles is running a different version of the code.

I downloaded the code from https://github.com/Cacti/plugin_routerconfigs the develop branch and I just compared functions.php to the one on smiles fork and there are a couple of differences.

Code: Select all

This branch is 1 commit ahead, 20 commits behind Cacti:master.
I wonder if you've just forked that before they reworked it as a 1.x compatible plugin. Just by looking at functions.php you can see

Code: Select all

Copyright (C) 2007 The Cacti Group   
Smiles, can you please attach the version you're actually running? I'd like to compare the files and see what we can find.

I'm on the same page as Axel90.

Cheers,
Cacti - 1.2.15
Poller Type - Spine
Weathermap 0.98a
Server Info - Linux 3.10.0 - Centos 7
Web Server - Apache/2.4.6 PHP 5.4.16
MySQL - 5.5 ;RRDTool - 1.4.8 ;SNMP - 5.7.2
Religion - Anti forum pets
User avatar
Pucho
Cacti User
Posts: 185
Joined: Wed Jul 20, 2016 8:00 pm

Re: routerconfigs on cacti 1.1.17 ssh login fails

Post by Pucho »

I've just tested it with this piece of code from cacti's box and it worked. I wonder if there is something wrong with encode/decode function.

Code: Select all

<?php
$connection = ssh2_connect('shell.example.com', 22);

if (ssh2_auth_password($connection, 'username', 'secret')) {
  echo "Authentication Successful!\n";
} else {
  die('Authentication Failed...');
}
?>
Cacti - 1.2.15
Poller Type - Spine
Weathermap 0.98a
Server Info - Linux 3.10.0 - Centos 7
Web Server - Apache/2.4.6 PHP 5.4.16
MySQL - 5.5 ;RRDTool - 1.4.8 ;SNMP - 5.7.2
Religion - Anti forum pets
User avatar
Pucho
Cacti User
Posts: 185
Joined: Wed Jul 20, 2016 8:00 pm

Re: routerconfigs on cacti 1.1.17 ssh login fails

Post by Pucho »

Well, definitely there is a problem with the authentication form, is messing things up.

I've tested each code with what's actually saved in plugin_routerconfigs_accounts table and the password is there but also a whole lot of crap as part of the same 'string'.

So you could test these two codes replacing the string that's on your database:

select * from plugin_routerconfigs_accounts;

http://php.net/manual/en/function.base64-decode.php
http://php.net/manual/en/function.base64-encode.php
Cacti - 1.2.15
Poller Type - Spine
Weathermap 0.98a
Server Info - Linux 3.10.0 - Centos 7
Web Server - Apache/2.4.6 PHP 5.4.16
MySQL - 5.5 ;RRDTool - 1.4.8 ;SNMP - 5.7.2
Religion - Anti forum pets
Axel90
Cacti User
Posts: 139
Joined: Fri Feb 10, 2017 12:41 pm

Re: routerconfigs on cacti 1.1.17 ssh login fails

Post by Axel90 »

Hey Pucho,

your connect test works for me, too.

for testing I configured a simple account on my switch:

Username: alex
password: alex

When I encode 'alex' with base64_encode, I get: YWxleA==

However,
select * from plugin_routerconfigs_accounts;
looks like that:
mysql.JPG
mysql.JPG (24.89 KiB) Viewed 5441 times
But I think that long string is OK, because the encode function in the functions.php adds random characters.

When I decode that string from the database with base64_decode, I get:

a:3:{i:429979416;i:1181494000;s:8:"password";s:4:"alex";i:1185589088;i:63423676;}

There appears "password" and "alex"

I just tested the routerconfigs decoding manually, that works!
I get 'alex' at the end.


Btw, is my devicetype correct?
Attachments
mysql2.JPG
mysql2.JPG (54.08 KiB) Viewed 5439 times
User avatar
Pucho
Cacti User
Posts: 185
Joined: Wed Jul 20, 2016 8:00 pm

Re: routerconfigs on cacti 1.1.17 ssh login fails

Post by Pucho »

I'll dig a little bit more, but something it's not quite working when it comes to auth part of it.

btw, regarding your question

Edit your setup.php

Line 179 aprox

Is this

Code: Select all

(id, name, username, password, copytftp, version, confirm, forceconfirm)
Should be this

Code: Select all

(id, name, username, password, copytftp, version, confirm, forceconfirm, checkendinconfig)
That'll create the 2 device types that are missing on your setup, Cisco IOS and Cisco CatOS.

You should have got an error when you installed routerconfigs that couldn't create these two because count didn't match. So re-install it and that's it.

I ran an ssh debug on one of my cisco devices

Code: Select all

2597158: Sep  4 2017 10:57:36.712 nzst: %SEC_LOGIN-4-LOGIN_FAILED: Login failed [user: ] [Source: xxx.yy.zzz.120] [localport: 22] [Reason: Login Authentication Failed] at 10:57:36 nzst Mon Sep 4 2017
I should see something like this. I tried login in with a username "wrong_user"

Code: Select all

2598374: Sep  4 2017 11:03:44.163 nzst: %SEC_LOGIN-4-LOGIN_FAILED: Login failed [user: wrong_user] [Source: xxx.yy.zzz.120] [localport: 22] [Reason: Login Authentication Failed] at 11:03:44 nzst Mon Sep 4 2017
It's not sending the username.
Cacti - 1.2.15
Poller Type - Spine
Weathermap 0.98a
Server Info - Linux 3.10.0 - Centos 7
Web Server - Apache/2.4.6 PHP 5.4.16
MySQL - 5.5 ;RRDTool - 1.4.8 ;SNMP - 5.7.2
Religion - Anti forum pets
User avatar
Pucho
Cacti User
Posts: 185
Joined: Wed Jul 20, 2016 8:00 pm

Re: routerconfigs on cacti 1.1.17 ssh login fails

Post by Pucho »

I think problem is around

Code: Select all

function plugin_routerconfigs_retrieve_account ($device)

Code: Select all

	$info = db_fetch_row_prepared('SELECT *
		FROM plugin_routerconfigs_accounts AS pra
		INNER JOIN plugin_routerconfigs_devices AS prd
		ON pra.id=prd.account
		WHERE prd.id = ?',
		array($device));
This query returns 2 colums with 'username' and the latest one is NULL, which I think belongs to the last username that has saved the configuration and since in this case this is the first time I'm trying to backup the config, that field is empty.

Comparing the old query
New query

Code: Select all

SELECT *
 FROM plugin_routerconfigs_accounts AS pra
 INNER JOIN plugin_routerconfigs_devices AS prd
 ON pra.id=prd.account
 WHERE prd.id = 1;
Old Query

Code: Select all

SELECT plugin_routerconfigs_accounts.* FROM plugin_routerconfigs_accounts,plugin_routerconfigs_devices WHERE plugin_routerconfigs_accounts.id = plugin_routerconfigs_devices.account AND plugin_routerconfigs_devices.id = 1;
By replacing the query I can now get the debug info for the device and backup the config.

Still struggling with selinux but..
Cacti - 1.2.15
Poller Type - Spine
Weathermap 0.98a
Server Info - Linux 3.10.0 - Centos 7
Web Server - Apache/2.4.6 PHP 5.4.16
MySQL - 5.5 ;RRDTool - 1.4.8 ;SNMP - 5.7.2
Religion - Anti forum pets
User avatar
Osiris
Cacti Guru User
Posts: 1424
Joined: Mon Jan 05, 2015 10:10 am

Re: routerconfigs on cacti 1.1.17 ssh login fails

Post by Osiris »

When you figure this out, make sure you do a pull request.
Before history, there was a paradise, now dust.
smiles
Cacti User
Posts: 79
Joined: Mon Sep 10, 2012 5:54 pm

Re: routerconfigs on cacti 1.1.17 ssh login fails

Post by smiles »

Pucho wrote:I think smiles is running a different version of the code.


Smiles, can you please attach the version you're actually running? I'd like to compare the files and see what we can find.

I'm actually running a heavily modified version of routerconfigs, it won't line up with the github repo at all. When cigamit first released this plugin as 1.0 compatible, I ran into a bunch of issues with it and had to work through them to get it to actually back up my configs. In the process, I also added the devtypes functionality because at that point in time, there was no way to do this without manually modifying the database. I uploaded all of my changes to him (can be seen in closed issue #6), and he wound up incorporating some of it into commit a82e8a9.
User avatar
Pucho
Cacti User
Posts: 185
Joined: Wed Jul 20, 2016 8:00 pm

Re: routerconfigs on cacti 1.1.17 ssh login fails

Post by Pucho »

Osiris wrote:When you figure this out, make sure you do a pull request.
Feel free to help =)
Cacti - 1.2.15
Poller Type - Spine
Weathermap 0.98a
Server Info - Linux 3.10.0 - Centos 7
Web Server - Apache/2.4.6 PHP 5.4.16
MySQL - 5.5 ;RRDTool - 1.4.8 ;SNMP - 5.7.2
Religion - Anti forum pets
Post Reply

Who is online

Users browsing this forum: No registered users and 1 guest