Oxidized not using specified IP and credentials for SSH

Daniel_van_Ginneken · 5 December 2023 16:37

Hello,

I’m having an issue with Oxidized where it’s not using the group IP and credentials when trying to establish an SSH connection. Instead, it’s trying to log in with the default username and without an IP address.

Here’s the relevant part of my Oxidized configuration:

---
resolve_dns: false
interval: 3600
use_syslog: false
debug: false
threads: 30
use_max_threads: false
timeout: 20
retries: 3
prompt: !ruby/regexp /^([\w.@-]+[#>]\s?)$/
next_adds_job: false
vars: {}

group_map:
  default: defaultgrp

models: {}
pid: "/home/oxidized/.config/oxidized/pid"

crash:
  directory: "/home/oxidized/.config/oxidized/crashes"
  hostnames: false

stats:
  history_size: 10

input:
  default: ssh
  debug: false
  ssh:
    auth_methods: [ "password", "keyboard-interactive" ]
    secure: false
    keys: false
  ftp:
    passive: true
  utf8_encoded: true

rest: 192.168.20.151:8888
log: "/home/oxidized/.config/oxidized/log"

output:
  default: git
  git:
    user: Oxidized
    email: [email protected]
    repo: "/home/oxidized/.config/oxidized/configs.git"

source:
  default: http
  debug: false
  insecure: true
  secure: false
  scheme: http
  http:
    url: http://192.168.20.151/api/v0/oxidized
    insecure: true
    secure: false
  map:
    name: hostname
    model: os
    groups: group
    ip: ip
  headers:
    X-Auth-Token: '6843bb25c953f75aa8d0a0b7e61b013d'

groups:
  defaultgrp:  #default group specified in Librenms, used as fallback
    username: defaultuser
    password: defaultpass
    model: ios
  cisco-ios:   #group that all the cisco routers are gonna be in for backups
    username: oxidizeduser
    password: hidden.for@reason
    model: ios

model_map:
  juniper: junos
  cisco: ios
  microtik: routeros

I can reach LibreNMS. Here’s the response from the LibreNMS API:

[
    {
        "hostname": "192.168.1.153",
        "os": "ios",
        "ip": "192.168.1.153",
        "group": "cisco-ios"
    }
]

When Oxidized tries to establish an SSH connection, I get the following error in the logs:

I, [2023-11-26T19:04:48.782834 #951]  INFO -- : Oxidized starting, running as pid 951
I, [2023-11-26T19:04:48.891116 #951]  INFO -- : lib/oxidized/nodes.rb: Loading nodes
I, [2023-11-26T19:04:49.818590 #951]  INFO -- : lib/oxidized/nodes.rb: Loaded 1 nodes
W, [2023-11-26T19:04:53.823978 #951]  WARN -- :  raised Net::SSH::AuthenticationFailed with msg "Authentication failed for user username@"
W, [2023-11-26T19:04:54.162565 #951]  WARN -- : / status no_connection, retry attempt 1
W, [2023-11-26T19:04:56.823432 #951]  WARN -- :  raised Net::SSH::AuthenticationFailed with msg "Authentication failed for user username@"
W, [2023-11-26T19:04:57.165709 #951]  WARN -- : / status no_connection, retry attempt 2
W, [2023-11-26T19:04:59.827404 #951]  WARN -- :  raised Net::SSH::AuthenticationFailed with msg "Authentication failed for user username@"
W, [2023-11-26T19:05:00.169843 #951]  WARN -- : / status no_connection, retry attempt 3
W, [2023-11-26T19:05:02.836023 #951]  WARN -- :  raised Net::SSH::AuthenticationFailed with msg "Authentication failed for user username@"
W, [2023-11-26T19:05:03.173508 #951]  WARN -- : / status no_connection, retries exhausted, giving up

As you can see, Oxidized is trying to log in with the username username and without an IP address.

Any help would be greatly appreciated. Good documentation on the integration with LibreNMS is hard to find.
Thank you!

dentech · 6 December 2023 09:14

A possible problem is that the group_map option in the Oxidized configuration file is not correct. It should map the group name from the LibreNMS API to the group name in the Oxidized configuration file. For example, if the LibreNMS API returns “group”: “cisco-ios”, then the group_map should have an entry like “cisco-ios”: “cisco-ios”.

group_map:
  defaultgrp: defaultgrp
  cisco-ios: cisco-ios

Make sure to adjust your group_map entries accordingly based on the group names returned by the LibreNMS API. This should help Oxidized use the correct credentials and IP addresses during SSH connections.

Killo_RIchards · 7 December 2023 17:39

Daniel,

An issue that I’ve encountered (more than once) on Linux machines is editing the wrong configuration file. I’m not sure if this is because I’m not a l33t Linux h4x0r and have spent too much time in Windoze land –
But I have seen situations where certain applications, they create configuration files in different places. You may have one in /etc, you may have one in /home/oxidized you may have one elsewhere and I have no qualms about admitting that I’ve spent hours hacking on a file before expecting changes and it’s not even the file that the application is using.

What I would recommend is – cp your config file to .bak. Delete the file and try starting the service and monitor if it comes up. If it comes up, you’re not modifying the correct file that the application is referencing. I hope this is helpful.