I’ve had LibreNMS running on a Raspberry Pi for several years now, and it’s been pretty great.
However, four days ago on October 7 at about 00:30 it started trying to ssh into one of my machines every six hours. I assume this is something to do with (re)discovery, because that also happens every six hours, but it seems kind of weird.
Does anyone know what’s going on here?
Do you have the vminfo module enabled?
I don’t think so. The machine it’s trying to ssh into is a small Qotom x86 box running OpenWrt on bare metal. No VMs involved.
I assumed so, but the only module I know of that uses SSH is the vminfo module. Can you check if it is enabled?
Not sure how to do that. Is there an easy way?
Yep, go to the device, click settings, then modules and look for vminfo.
Yeah, looks like it’s enabled under “Discovery Modules”?
(It’s “off” under “Poller Modules”.)
I don’t know if something has changed there recently. I’ve never looked at that page before
So should I turn that off and see if the SSH login attempts stop? Is there any reason I’d want to keep that enabled?
Something to do with this patch perhaps?
committed 12:49AM - 06 Oct 23 UTC
* Vmware vminfo
Remove legacy file and migrate to OS discovery
* tighter
… * ios_stp-vlans working correctly now
* Make vmwVmGuestOS nullable
* Discover os info too
* VM Info module
* Apply fixes from StyleCI
* Fix log severity
* Fix log severity (more)
* VM Info module
* Poll with ESXi too because it is lightweight
add test data
* poller data now too
---------
Co-authored-by: StyleCI Bot <[email protected] >
Aha, I think I found the bug:
if (! Config::get('enable_libvirt')) {
echo 'not configured';
}
It checks if libvirt is enabled, but never cancels discovery if it is not. I’ll send fix.
Cool. I’ll take a look at my logs tomorrow after my LibreNMS instance picks up the change.
In any case I’m just glad to have this explained - the unexpected SSH activity worried me initially! Thanks for the lightning fast response
si458
12 October 2023 16:14
12
i was just about to ask this as i discovered this today!
the librenms kept trying to ssh on every 6 hour discovery!
glad it wasnt just me that spotted this!
Seems to be fixed today. The last suspicious ssh activity in my logs was at 18:36 yesterday. Nothing since then. Thanks again
system
Closed
20 October 2023 06:15
14
This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.