routerconfigs on cacti 1.1.17 ssh login fails
Moderators: Developers, Moderators
routerconfigs on cacti 1.1.17 ssh login fails
Hey guys,
I have routerconfigs installed on ubuntu 17.04 and cacti 1.1.17
However, the ssh login fails when I perform a backup:
2017/07/24 10:57:03 - ERROR PHP WARNING in Plugin 'routerconfigs': ssh2_auth_password(): Authentication failed for using password in file: /usr/share/cacti/site/plugins/routerconfigs/functions.php on line: 666
07/24/2017 10:57:03 AM - ROUTERCONFIGS: x.x.x.x-> ERROR: SSH login failed
Did anyone get that working?
It's no problem to connect from cacti to the switch via ssh manually.
I have routerconfigs installed on ubuntu 17.04 and cacti 1.1.17
However, the ssh login fails when I perform a backup:
2017/07/24 10:57:03 - ERROR PHP WARNING in Plugin 'routerconfigs': ssh2_auth_password(): Authentication failed for using password in file: /usr/share/cacti/site/plugins/routerconfigs/functions.php on line: 666
07/24/2017 10:57:03 AM - ROUTERCONFIGS: x.x.x.x-> ERROR: SSH login failed
Did anyone get that working?
It's no problem to connect from cacti to the switch via ssh manually.
Re: routerconfigs on cacti 1.1.17 ssh login fails
It's working for me using SSH, but I have preshared keys set up.
What does the console debug output look like on that device? (click on the router debug icon for that host on the devices page)
What does the console debug output look like on that device? (click on the router debug icon for that host on the devices page)
Re: routerconfigs on cacti 1.1.17 ssh login fails
What do you mean with preshared keys?
The debug output is empty..
The debug output is empty..
Re: routerconfigs on cacti 1.1.17 ssh login fails
You can set up preshared SSH keys between your linux box that Cacti runs on and the switch/router you are connecting to, eliminating the need for username/password authentication.
What switch/router make and model are you connecting to?
What switch/router make and model are you connecting to?
Re: routerconfigs on cacti 1.1.17 ssh login fails
Do you mean public key authentication?
my switches are Cisco 3850.
Do you think that's a problem?
my switches are Cisco 3850.
Do you think that's a problem?
Re: routerconfigs on cacti 1.1.17 ssh login fails
No I have Cisco IOS-XR, IOS-XE, and IOS using SSH without issue. I also just successfully tested it on a 3850 using SSH and Telnet both.
Re: routerconfigs on cacti 1.1.17 ssh login fails
I think smiles is running a different version of the code.
I downloaded the code from https://github.com/Cacti/plugin_routerconfigs the develop branch and I just compared functions.php to the one on smiles fork and there are a couple of differences.
I wonder if you've just forked that before they reworked it as a 1.x compatible plugin. Just by looking at functions.php you can see
Smiles, can you please attach the version you're actually running? I'd like to compare the files and see what we can find.
I'm on the same page as Axel90.
Cheers,
I downloaded the code from https://github.com/Cacti/plugin_routerconfigs the develop branch and I just compared functions.php to the one on smiles fork and there are a couple of differences.
Code: Select all
This branch is 1 commit ahead, 20 commits behind Cacti:master.
Code: Select all
Copyright (C) 2007 The Cacti Group
I'm on the same page as Axel90.
Cheers,
Cacti - 1.2.15
Poller Type - Spine
Weathermap 0.98a
Server Info - Linux 3.10.0 - Centos 7
Web Server - Apache/2.4.6 PHP 5.4.16
MySQL - 5.5 ;RRDTool - 1.4.8 ;SNMP - 5.7.2
Religion - Anti forum pets
Poller Type - Spine
Weathermap 0.98a
Server Info - Linux 3.10.0 - Centos 7
Web Server - Apache/2.4.6 PHP 5.4.16
MySQL - 5.5 ;RRDTool - 1.4.8 ;SNMP - 5.7.2
Religion - Anti forum pets
Re: routerconfigs on cacti 1.1.17 ssh login fails
I've just tested it with this piece of code from cacti's box and it worked. I wonder if there is something wrong with encode/decode function.
Code: Select all
<?php
$connection = ssh2_connect('shell.example.com', 22);
if (ssh2_auth_password($connection, 'username', 'secret')) {
echo "Authentication Successful!\n";
} else {
die('Authentication Failed...');
}
?>
Cacti - 1.2.15
Poller Type - Spine
Weathermap 0.98a
Server Info - Linux 3.10.0 - Centos 7
Web Server - Apache/2.4.6 PHP 5.4.16
MySQL - 5.5 ;RRDTool - 1.4.8 ;SNMP - 5.7.2
Religion - Anti forum pets
Poller Type - Spine
Weathermap 0.98a
Server Info - Linux 3.10.0 - Centos 7
Web Server - Apache/2.4.6 PHP 5.4.16
MySQL - 5.5 ;RRDTool - 1.4.8 ;SNMP - 5.7.2
Religion - Anti forum pets
Re: routerconfigs on cacti 1.1.17 ssh login fails
Well, definitely there is a problem with the authentication form, is messing things up.
I've tested each code with what's actually saved in plugin_routerconfigs_accounts table and the password is there but also a whole lot of crap as part of the same 'string'.
So you could test these two codes replacing the string that's on your database:
select * from plugin_routerconfigs_accounts;
http://php.net/manual/en/function.base64-decode.php
http://php.net/manual/en/function.base64-encode.php
I've tested each code with what's actually saved in plugin_routerconfigs_accounts table and the password is there but also a whole lot of crap as part of the same 'string'.
So you could test these two codes replacing the string that's on your database:
select * from plugin_routerconfigs_accounts;
http://php.net/manual/en/function.base64-decode.php
http://php.net/manual/en/function.base64-encode.php
Cacti - 1.2.15
Poller Type - Spine
Weathermap 0.98a
Server Info - Linux 3.10.0 - Centos 7
Web Server - Apache/2.4.6 PHP 5.4.16
MySQL - 5.5 ;RRDTool - 1.4.8 ;SNMP - 5.7.2
Religion - Anti forum pets
Poller Type - Spine
Weathermap 0.98a
Server Info - Linux 3.10.0 - Centos 7
Web Server - Apache/2.4.6 PHP 5.4.16
MySQL - 5.5 ;RRDTool - 1.4.8 ;SNMP - 5.7.2
Religion - Anti forum pets
Re: routerconfigs on cacti 1.1.17 ssh login fails
Hey Pucho,
your connect test works for me, too.
for testing I configured a simple account on my switch:
Username: alex
password: alex
When I encode 'alex' with base64_encode, I get: YWxleA==
However,
select * from plugin_routerconfigs_accounts;
looks like that: But I think that long string is OK, because the encode function in the functions.php adds random characters.
When I decode that string from the database with base64_decode, I get:
a:3:{i:429979416;i:1181494000;s:8:"password";s:4:"alex";i:1185589088;i:63423676;}
There appears "password" and "alex"
I just tested the routerconfigs decoding manually, that works!
I get 'alex' at the end.
Btw, is my devicetype correct?
your connect test works for me, too.
for testing I configured a simple account on my switch:
Username: alex
password: alex
When I encode 'alex' with base64_encode, I get: YWxleA==
However,
select * from plugin_routerconfigs_accounts;
looks like that: But I think that long string is OK, because the encode function in the functions.php adds random characters.
When I decode that string from the database with base64_decode, I get:
a:3:{i:429979416;i:1181494000;s:8:"password";s:4:"alex";i:1185589088;i:63423676;}
There appears "password" and "alex"
I just tested the routerconfigs decoding manually, that works!
I get 'alex' at the end.
Btw, is my devicetype correct?
- Attachments
-
- mysql2.JPG (54.08 KiB) Viewed 5439 times
Re: routerconfigs on cacti 1.1.17 ssh login fails
I'll dig a little bit more, but something it's not quite working when it comes to auth part of it.
btw, regarding your question
Edit your setup.php
Line 179 aprox
Is this
Should be this
That'll create the 2 device types that are missing on your setup, Cisco IOS and Cisco CatOS.
You should have got an error when you installed routerconfigs that couldn't create these two because count didn't match. So re-install it and that's it.
I ran an ssh debug on one of my cisco devices
I should see something like this. I tried login in with a username "wrong_user"
It's not sending the username.
btw, regarding your question
Edit your setup.php
Line 179 aprox
Is this
Code: Select all
(id, name, username, password, copytftp, version, confirm, forceconfirm)
Code: Select all
(id, name, username, password, copytftp, version, confirm, forceconfirm, checkendinconfig)
You should have got an error when you installed routerconfigs that couldn't create these two because count didn't match. So re-install it and that's it.
I ran an ssh debug on one of my cisco devices
Code: Select all
2597158: Sep 4 2017 10:57:36.712 nzst: %SEC_LOGIN-4-LOGIN_FAILED: Login failed [user: ] [Source: xxx.yy.zzz.120] [localport: 22] [Reason: Login Authentication Failed] at 10:57:36 nzst Mon Sep 4 2017
Code: Select all
2598374: Sep 4 2017 11:03:44.163 nzst: %SEC_LOGIN-4-LOGIN_FAILED: Login failed [user: wrong_user] [Source: xxx.yy.zzz.120] [localport: 22] [Reason: Login Authentication Failed] at 11:03:44 nzst Mon Sep 4 2017
Cacti - 1.2.15
Poller Type - Spine
Weathermap 0.98a
Server Info - Linux 3.10.0 - Centos 7
Web Server - Apache/2.4.6 PHP 5.4.16
MySQL - 5.5 ;RRDTool - 1.4.8 ;SNMP - 5.7.2
Religion - Anti forum pets
Poller Type - Spine
Weathermap 0.98a
Server Info - Linux 3.10.0 - Centos 7
Web Server - Apache/2.4.6 PHP 5.4.16
MySQL - 5.5 ;RRDTool - 1.4.8 ;SNMP - 5.7.2
Religion - Anti forum pets
Re: routerconfigs on cacti 1.1.17 ssh login fails
I think problem is around
This query returns 2 colums with 'username' and the latest one is NULL, which I think belongs to the last username that has saved the configuration and since in this case this is the first time I'm trying to backup the config, that field is empty.
Comparing the old query
New query
Old Query
By replacing the query I can now get the debug info for the device and backup the config.
Still struggling with selinux but..
Code: Select all
function plugin_routerconfigs_retrieve_account ($device)
Code: Select all
$info = db_fetch_row_prepared('SELECT *
FROM plugin_routerconfigs_accounts AS pra
INNER JOIN plugin_routerconfigs_devices AS prd
ON pra.id=prd.account
WHERE prd.id = ?',
array($device));
Comparing the old query
New query
Code: Select all
SELECT *
FROM plugin_routerconfigs_accounts AS pra
INNER JOIN plugin_routerconfigs_devices AS prd
ON pra.id=prd.account
WHERE prd.id = 1;
Code: Select all
SELECT plugin_routerconfigs_accounts.* FROM plugin_routerconfigs_accounts,plugin_routerconfigs_devices WHERE plugin_routerconfigs_accounts.id = plugin_routerconfigs_devices.account AND plugin_routerconfigs_devices.id = 1;
Still struggling with selinux but..
Cacti - 1.2.15
Poller Type - Spine
Weathermap 0.98a
Server Info - Linux 3.10.0 - Centos 7
Web Server - Apache/2.4.6 PHP 5.4.16
MySQL - 5.5 ;RRDTool - 1.4.8 ;SNMP - 5.7.2
Religion - Anti forum pets
Poller Type - Spine
Weathermap 0.98a
Server Info - Linux 3.10.0 - Centos 7
Web Server - Apache/2.4.6 PHP 5.4.16
MySQL - 5.5 ;RRDTool - 1.4.8 ;SNMP - 5.7.2
Religion - Anti forum pets
Re: routerconfigs on cacti 1.1.17 ssh login fails
When you figure this out, make sure you do a pull request.
Before history, there was a paradise, now dust.
Re: routerconfigs on cacti 1.1.17 ssh login fails
Pucho wrote:I think smiles is running a different version of the code.
Smiles, can you please attach the version you're actually running? I'd like to compare the files and see what we can find.
I'm actually running a heavily modified version of routerconfigs, it won't line up with the github repo at all. When cigamit first released this plugin as 1.0 compatible, I ran into a bunch of issues with it and had to work through them to get it to actually back up my configs. In the process, I also added the devtypes functionality because at that point in time, there was no way to do this without manually modifying the database. I uploaded all of my changes to him (can be seen in closed issue #6), and he wound up incorporating some of it into commit a82e8a9.
Re: routerconfigs on cacti 1.1.17 ssh login fails
Feel free to help =)Osiris wrote:When you figure this out, make sure you do a pull request.
Cacti - 1.2.15
Poller Type - Spine
Weathermap 0.98a
Server Info - Linux 3.10.0 - Centos 7
Web Server - Apache/2.4.6 PHP 5.4.16
MySQL - 5.5 ;RRDTool - 1.4.8 ;SNMP - 5.7.2
Religion - Anti forum pets
Poller Type - Spine
Weathermap 0.98a
Server Info - Linux 3.10.0 - Centos 7
Web Server - Apache/2.4.6 PHP 5.4.16
MySQL - 5.5 ;RRDTool - 1.4.8 ;SNMP - 5.7.2
Religion - Anti forum pets
Who is online
Users browsing this forum: No registered users and 1 guest