Issue using SSH Passwords

[jdeta]

Hello, I'm experiencing issues using passwords to connect from Zabbix to my UDM Pro using your templates.

I've supplied a path to a text file containing the ssh user's password in the {$UNIFI_SSHPASS_PASSWORD_PATH} macro as specified in your docs. After I add the host, no data is coming in when I filter my latest data by the UDM Pro host. I'm seeing a few possibly relevant errors.

Under the 'sensor' item, I see
Authentication by public key failed. SSHKeyLocation option is not set

My understanding from your doc is the script will not try to use ssh keys to connect if I specified the above macro. However, I've tried creating empty macros for {$UNIFI_SSH_PRIV_KEY_PATH}, {$UNIFI_PRIV_KEY}, and {$UNIFI_PUB_KEY} but the error persists. Is there some type of value I should place in these macros so they are ignored and a password is used?

For the 'mca-dump' item under latest data, I see
Preprocessing failed for: { "at":"00:02:22", "r":"Error remote invoking mca-dump-short: Could not create directory /var/lib...

In the mcaDumpShort.err logs, I see the following
Error remote invoking mca-dump-short: Could not create directory /var/lib/zabbix/.ssh (No such file or directory).Failed to add the host to the list of known hosts (/var/lib/zabbix/.ssh/known_hosts).Welcome to UbiOSBy logging in, accessing, or using the Ubiquiti product, youacknowledge that you have read and understood the UbiquitiLicense Agreement and agree to be bound by its terms.myuser@udmp: Permission denied (publickey,password)

After creating a known_hosts file and changing the zabbix user to be its owner, the above error changes to
Welcome to UbiOSBy logging in, accessing, or using the Ubiquiti product, youacknowledge that you have read and understood the UbiquitiLicense Agreement and agree to be bound by its terms.myuser@udmp: Permission denied (publickey,password)

I do see an entry in the known_hosts file was added.

Some things I've tried are running
sudo -u zabbix /usr/lib/zabbix/externalscripts/mca-dump-short.sh -d <my_udmp_ip> -u myuser -t UDMP
I am prompted for myuser's ssh password, and I receive json data back with some info in it.

I've also tried (after installing sshpass) running
sshpass -f /path/to/password.txt ssh -o HostKeyAlgorithms=+ssh-rsa myuser@udmp
And I'm able to ssh to my UDMP without entering a password.

So, it almost seems like the template is not recognizing that I'd like to use passwords instead of keys.

I'm using Zabbix Server 6.2.6, and UniFi OS UDM Pro 1.12.38

P.S. Thanks for putting these templates together! I'm excited to hopefully get this working :)

[patricegautier]

mm this all looks copacetic, your understanding is correct.

What happens on invoking:

sudo -u zabbix /usr/lib/zabbix/externalscripts/mca-dump-short.sh -d <my_udmp_ip> -u myuser -t UDMP -p /path/to/password.txt -v

[jdeta]

Apologies for the delayed response. The results of running the above command are:

parse error: Invalid numeric literal at line 1, column 8
{ "at":"00:40:42", "r":"validationError: .network_table? != null", "device":"UDMP.IP", "mcaDumpError":"Error" }

But if I exclude the -v I once again receive json data with info from my UDMP.

[jdeta]

From some initial digging, it looks like that error is related to jq.

The version I'm using is
j- q-1.6

json data from my UDM Pro was also logged in mcaDumpShort.err

I tried piping the json output to a json file and test parsing it with jq jq empty testdata.json and it is successful.

[patricegautier]

So what it's complaining about is that the JSON does not contain information needed for by the monitoring zabbix template..

Can you post an example of the JSON you are getting back? Please make sure to take a gander and cross out any info you don't want out there.. Also what model of UDM is this, running which firmware?

[jdeta]

It's a UDM Pro, running 2.5.17

Here is a scrubbed json output
example.txt

[patricegautier]

That JSON looks good.. are you still getting the same error on running?

sudo -u zabbix /usr/lib/zabbix/externalscripts/mca-dump-short.sh -d <my_udmp_ip> -u myuser -t UDMP -p /path/to/password.txt -v

[jdeta]

Yep :(

parse error: Invalid numeric literal at line 1, column 8
{ "at":"18:26:48", "r":"validationError: .network_table? != null", "device":"UDM_IP", "mcaDumpError":"Error" }

[schelle85]

I had the same issue on Ubuntu 22.04. with -v

{ "at":"15:43:22", "r":"jq --indent 0 del (.port_table[]?.mac_table) returned status 4; parse error: Invalid numeric literal at line 1, column 8", "device":"IP", "mcaDumpError":"Error" }

exclude the -v I once again receive json data with info from my device!

If you pipe it with | jq you got no issue (without -v)

any ideas?

Thanks

Addendum:
There is an additional error in .err with the discovery:

Sat May 4 15:40:31 UTC 2024 UNKNOWN
{ “at”: “15:40:31”, “r”: “Remote pb: ssh: Could not resolve hostname unknown: Name or service not known", ‘device’: ‘UNKNOWN’, ‘mcaDumpError’: ‘Error’ }\n ssh: Could not resolve hostname unknown: Name or service not known
Sat May 4 15:40:31 UTC 2024 UNKNOWN
retrievePortNamesInto failed with code 1
Full command was mca-dump-short.sh -d UNKNOWN -u iuBvE -i -t SWITCH_DISCOVERY -p /etc/zabbix/zabbix_ssh_unifi.txt -o 5 -b

The IP of the switch is entered as the host in Zabbix.

[patricegautier]

I think the discovery issue is separate -- let's create a new issue for that one. Does it reoccur?

On the first issue, I just committed an updated version of mca-dump-short. can you update and try the command again with:

sudo -u zabbix /usr/lib/zabbix/externalscripts/mca-dump-short.sh -d <my_udmp_ip> -u myuser -t UDMP -p /path/to/password.txt -v -x > /tmp/mcadump.log

and send the resulting file /tmp/mcadump.log?