Hi,
I created some group overrides for oxidized, and they seem to work fine and get returned correctly to oxidized:
Here’s the override:
Here’s the output of the api:
[root@server / ] # curl -s -H 'X-Auth-Token: 123' http://x.x.x.x/api/v0/oxidized | grep -A5 10.50.2.6
"hostname": "10.50.2.6",
"os": "iosxr",
"ip": null,
"group": "cisco-xyz"
},
I got that group in my oxidized config like so:
groups:
cisco-unspecified:
username: noc-backup
password: pass1
cisco-xyz:
username: asadmin
paswword: pass2
and I also got the default user and pass in oxidized with
username: noc-backup
password: pass1
When running oxidized, the right username (in this case “asadmin”) is being used, but somehow it’s still using the default password:
D, [2022-06-13T14:18:18.005471 #2150528] DEBUG -- : resolving DNS for 10.50.2.6...
D, [2022-06-13T14:18:18.005480 #2150528] DEBUG -- : IPADDR
D, [2022-06-13T14:18:18.005514 #2150528] DEBUG -- : node.rb: resolving node key 'model', with passed global value of '' and node value 'iosxr'
D, [2022-06-13T14:18:18.005526 #2150528] DEBUG -- : node.rb: setting node key 'model' to value 'ios' from global
D, [2022-06-13T14:18:18.005541 #2150528] DEBUG -- : node.rb: returning node key 'model' with value 'iosxr'
D, [2022-06-13T14:18:18.005555 #2150528] DEBUG -- : node.rb: resolving node key 'input', with passed global value of 'ssh, telnet' and node value ''
D, [2022-06-13T14:18:18.005593 #2150528] DEBUG -- : node.rb: returning node key 'input' with value 'ssh, telnet'
D, [2022-06-13T14:18:18.005622 #2150528] DEBUG -- : node.rb: resolving node key 'output', with passed global value of 'git' and node value ''
D, [2022-06-13T14:18:18.005644 #2150528] DEBUG -- : node.rb: returning node key 'output' with value 'git'
D, [2022-06-13T14:18:18.005659 #2150528] DEBUG -- : node.rb: resolving node key 'username', with passed global value of '' and node value ''
D, [2022-06-13T14:18:18.005677 #2150528] DEBUG -- : node.rb: setting node key 'username' to value 'noc-backup' from global
D, [2022-06-13T14:18:18.005699 #2150528] DEBUG -- : node.rb: setting node key 'username' to value 'asadmin' from group
D, [2022-06-13T14:18:18.005711 #2150528] DEBUG -- : node.rb: returning node key 'username' with value 'asadmin'
D, [2022-06-13T14:18:18.005721 #2150528] DEBUG -- : node.rb: resolving node key 'password', with passed global value of '' and node value ''
D, [2022-06-13T14:18:18.005740 #2150528] DEBUG -- : node.rb: setting node key 'password' to value 'pass1' from global
D, [2022-06-13T14:18:18.005754 #2150528] DEBUG -- : node.rb: returning node key 'password' with value 'pass1'
it looks like oxidized is using the correct username, but doesn’t care about the password provided as seen in this log also: (there seem to be some lines related to another device, doesn’t matter tho as the only important line is that oxidized is using the correct username for the device 10.50.2.6)
D, [2022-06-13T14:19:43.754024 #2150528] DEBUG -- : lib/oxidized/input/ssh.rb: Connecting to 10.50.2.6
D, [2022-06-13T14:19:43.754364 #2150528] DEBUG -- : AUTH METHODS::["none", "publickey", "password"]
D, [2022-06-13T14:19:43.754439 #2150528] DEBUG -- : AUTH METHODS::["none", "publickey", "password"]
D, [2022-06-13T14:19:43.756646 #2150528] DEBUG -- net.ssh.transport.session[adc]: establishing connection to 10.50.2.6:22
D, [2022-06-13T14:19:43.758792 #2150528] DEBUG -- net.ssh.transport.session[ac8]: connection established
I, [2022-06-13T14:19:43.758900 #2150528] INFO -- net.ssh.transport.server_version[af0]: negotiating protocol version
D, [2022-06-13T14:19:43.758918 #2150528] DEBUG -- net.ssh.transport.server_version[af0]: local is `SSH-2.0-Ruby/Net::SSH_5.2.0 x86_64-linux'
D, [2022-06-13T14:19:43.761266 #2150528] DEBUG -- net.ssh.transport.session[adc]: connection established
I, [2022-06-13T14:19:43.761408 #2150528] INFO -- net.ssh.transport.server_version[b04]: negotiating protocol version
D, [2022-06-13T14:19:43.761432 #2150528] DEBUG -- net.ssh.transport.server_version[b04]: local is `SSH-2.0-Ruby/Net::SSH_5.2.0 x86_64-linux'
D, [2022-06-13T14:19:43.800332 #2150528] DEBUG -- net.ssh.transport.server_version[af0]: remote is `SSH-2.0-OpenSSH_3.7.1p2'
I, [2022-06-13T14:19:43.800718 #2150528] INFO -- net.ssh.transport.algorithms[b18]: sending KEXINIT
D, [2022-06-13T14:19:43.800896 #2150528] DEBUG -- socket[b2c]: queueing packet nr 0 type 20 len 1324
D, [2022-06-13T14:19:43.800983 #2150528] DEBUG -- socket[b2c]: sent 1328 bytes
D, [2022-06-13T14:19:43.804013 #2150528] DEBUG -- socket[b2c]: read 344 bytes
D, [2022-06-13T14:19:43.804264 #2150528] DEBUG -- socket[b2c]: received packet nr 0 type 20 len 340
I, [2022-06-13T14:19:43.804308 #2150528] INFO -- net.ssh.transport.algorithms[b18]: got KEXINIT from server
I, [2022-06-13T14:19:43.804362 #2150528] INFO -- net.ssh.transport.algorithms[b18]: negotiating algorithms
D, [2022-06-13T14:19:43.804456 #2150528] DEBUG -- net.ssh.transport.algorithms[b18]: negotiated:
* kex: diffie-hellman-group-exchange-sha1
* host_key: ssh-rsa
* encryption_server: 3des-cbc
* encryption_client: 3des-cbc
* hmac_client: hmac-sha1
* hmac_server: hmac-sha1
* compression_client: none
* compression_server: none
* language_client:
* language_server:
D, [2022-06-13T14:19:43.804469 #2150528] DEBUG -- net.ssh.transport.algorithms[b18]: exchanging keys
D, [2022-06-13T14:19:43.804647 #2150528] DEBUG -- socket[b2c]: queueing packet nr 1 type 34 len 20
D, [2022-06-13T14:19:43.804685 #2150528] DEBUG -- socket[b2c]: sent 24 bytes
D, [2022-06-13T14:19:43.965803 #2150528] DEBUG -- net.ssh.transport.server_version[b04]: remote is `SSH-2.0-Cisco-2.0'
I, [2022-06-13T14:19:43.966256 #2150528] INFO -- net.ssh.transport.algorithms[b40]: sending KEXINIT
D, [2022-06-13T14:19:43.966463 #2150528] DEBUG -- socket[b54]: queueing packet nr 0 type 20 len 1324
D, [2022-06-13T14:19:43.966575 #2150528] DEBUG -- socket[b54]: sent 1328 bytes
D, [2022-06-13T14:19:43.969590 #2150528] DEBUG -- socket[b54]: read 400 bytes
D, [2022-06-13T14:19:43.969744 #2150528] DEBUG -- socket[b54]: received packet nr 0 type 20 len 396
I, [2022-06-13T14:19:43.969775 #2150528] INFO -- net.ssh.transport.algorithms[b40]: got KEXINIT from server
I, [2022-06-13T14:19:43.969883 #2150528] INFO -- net.ssh.transport.algorithms[b40]: negotiating algorithms
D, [2022-06-13T14:19:43.969988 #2150528] DEBUG -- net.ssh.transport.algorithms[b40]: negotiated:
* kex: ecdh-sha2-nistp521
* host_key: ssh-rsa
* encryption_server: aes256-ctr
* encryption_client: aes256-ctr
* hmac_client: hmac-sha2-512
* hmac_server: hmac-sha2-512
* compression_client: none
* compression_server: none
* language_client:
* language_server:
D, [2022-06-13T14:19:43.970000 #2150528] DEBUG -- net.ssh.transport.algorithms[b40]: exchanging keys
D, [2022-06-13T14:19:43.970580 #2150528] DEBUG -- socket[b54]: queueing packet nr 1 type 30 len 148
D, [2022-06-13T14:19:43.970658 #2150528] DEBUG -- socket[b54]: sent 152 bytes
D, [2022-06-13T14:19:43.989153 #2150528] DEBUG -- socket[b2c]: read 152 bytes
D, [2022-06-13T14:19:43.989320 #2150528] DEBUG -- socket[b2c]: received packet nr 1 type 31 len 148
D, [2022-06-13T14:19:43.990829 #2150528] DEBUG -- socket[b2c]: queueing packet nr 2 type 32 len 140
D, [2022-06-13T14:19:43.990965 #2150528] DEBUG -- socket[b2c]: sent 144 bytes
D, [2022-06-13T14:19:43.995282 #2150528] DEBUG -- socket[b54]: read 720 bytes
D, [2022-06-13T14:19:43.995446 #2150528] DEBUG -- socket[b54]: received packet nr 1 type 31 len 716
D, [2022-06-13T14:19:43.996692 #2150528] DEBUG -- socket[b54]: queueing packet nr 2 type 21 len 20
D, [2022-06-13T14:19:43.996807 #2150528] DEBUG -- socket[b54]: sent 24 bytes
D, [2022-06-13T14:19:44.000992 #2150528] DEBUG -- socket[b54]: read 16 bytes
D, [2022-06-13T14:19:44.001127 #2150528] DEBUG -- socket[b54]: received packet nr 2 type 21 len 12
D, [2022-06-13T14:19:44.001541 #2150528] DEBUG -- net.ssh.authentication.session[b68]: beginning authentication of `asadmin'
D, [2022-06-13T14:19:44.001727 #2150528] DEBUG -- socket[b54]: queueing packet nr 3 type 5 len 28
D, [2022-06-13T14:19:44.001805 #2150528] DEBUG -- socket[b54]: sent 96 bytes
D, [2022-06-13T14:19:44.006244 #2150528] DEBUG -- socket[b54]: read 96 bytes
D, [2022-06-13T14:19:44.006471 #2150528] DEBUG -- socket[b54]: received packet nr 3 type 6 len 28
D, [2022-06-13T14:19:44.006617 #2150528] DEBUG -- net.ssh.authentication.session[b68]: trying none
D, [2022-06-13T14:19:44.006768 #2150528] DEBUG -- socket[b54]: queueing packet nr 4 type 50 len 60
D, [2022-06-13T14:19:44.006827 #2150528] DEBUG -- socket[b54]: sent 128 bytes
D, [2022-06-13T14:19:44.015788 #2150528] DEBUG -- socket[b54]: read 112 bytes
D, [2022-06-13T14:19:44.016019 #2150528] DEBUG -- socket[b54]: received packet nr 4 type 51 len 44
D, [2022-06-13T14:19:44.016105 #2150528] DEBUG -- net.ssh.authentication.session[b68]: allowed methods: keyboard-interactive,password
D, [2022-06-13T14:19:44.016152 #2150528] DEBUG -- net.ssh.authentication.methods.none[b7c]: none failed
D, [2022-06-13T14:19:44.016200 #2150528] DEBUG -- net.ssh.authentication.session[b68]: trying password
D, [2022-06-13T14:19:44.016389 #2150528] DEBUG -- socket[b54]: queueing packet nr 5 type 50 len 76
D, [2022-06-13T14:19:44.016444 #2150528] DEBUG -- socket[b54]: sent 144 bytes
D, [2022-06-13T14:19:44.035972 #2150528] DEBUG -- socket[b54]: read 96 bytes
D, [2022-06-13T14:19:44.036180 #2150528] DEBUG -- socket[b54]: received packet nr 5 type 51 len 28
D, [2022-06-13T14:19:44.036241 #2150528] DEBUG -- net.ssh.authentication.session[b68]: allowed methods: password
D, [2022-06-13T14:19:44.036306 #2150528] DEBUG -- net.ssh.authentication.methods.password[b90]: password failed
E, [2022-06-13T14:19:44.036341 #2150528] ERROR -- net.ssh.authentication.session[b68]: all authorization methods failed (tried none, password)
W, [2022-06-13T14:19:44.036451 #2150528] WARN -- : 10.50.2.6 raised Net::SSH::AuthenticationFailed with msg "Authentication failed for user [email protected]"
D, [2022-06-13T14:19:44.036474 #2150528] DEBUG -- : lib/oxidized/node.rb: Oxidized::SSH failed for 10.50.2.6
Do I understand something wrong? Are there any errors in my config?
Glad to provide more info if needed.
Thanks,