I’ve had LibreNMS running on a Raspberry Pi for several years now, and it’s been pretty great.
However, four days ago on October 7 at about 00:30 it started trying to ssh into one of my machines every six hours. I assume this is something to do with (re)discovery, because that also happens every six hours, but it seems kind of weird.
Does anyone know what’s going on here?
Do you have the vminfo module enabled?
I don’t think so. The machine it’s trying to ssh into is a small Qotom x86 box running OpenWrt on bare metal. No VMs involved.
I assumed so, but the only module I know of that uses SSH is the vminfo module. Can you check if it is enabled?
Not sure how to do that. Is there an easy way?
Yep, go to the device, click settings, then modules and look for vminfo.
Yeah, looks like it’s enabled under “Discovery Modules”?
(It’s “off” under “Poller Modules”.)
I don’t know if something has changed there recently. I’ve never looked at that page before 
So should I turn that off and see if the SSH login attempts stop? Is there any reason I’d want to keep that enabled?
Something to do with this patch perhaps?
Aha, I think I found the bug:
if (! Config::get('enable_libvirt')) {
echo 'not configured';
}
It checks if libvirt is enabled, but never cancels discovery if it is not. I’ll send fix.
This should fix it as soon as it is merged: Stop libvirt ssh attempts by murrant · Pull Request #15438 · librenms/librenms · GitHub
Cool. I’ll take a look at my logs tomorrow after my LibreNMS instance picks up the change.
In any case I’m just glad to have this explained - the unexpected SSH activity worried me initially! Thanks for the lightning fast response 
i was just about to ask this as i discovered this today!
the librenms kept trying to ssh on every 6 hour discovery!
glad it wasnt just me that spotted this!
Seems to be fixed today. The last suspicious ssh activity in my logs was at 18:36 yesterday. Nothing since then. Thanks again
This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.