Cacti (home)ForumsDocumentation
Cacti: offical forums and support
It is currently Mon Dec 17, 2018 6:07 am

All times are UTC - 5 hours




Post new topic Reply to topic  [ 28 posts ]  Go to page 1, 2  Next
Author Message
 Post subject: routerconfigs on cacti 1.1.17 ssh login fails
PostPosted: Tue Aug 29, 2017 5:37 am 
Offline
Cacti User

Joined: Fri Feb 10, 2017 12:41 pm
Posts: 114
Hey guys,
I have routerconfigs installed on ubuntu 17.04 and cacti 1.1.17

However, the ssh login fails when I perform a backup:

2017/07/24 10:57:03 - ERROR PHP WARNING in Plugin 'routerconfigs': ssh2_auth_password(): Authentication failed for using password in file: /usr/share/cacti/site/plugins/routerconfigs/functions.php on line: 666
07/24/2017 10:57:03 AM - ROUTERCONFIGS: x.x.x.x-> ERROR: SSH login failed

Did anyone get that working?

It's no problem to connect from cacti to the switch via ssh manually.


Top
 Profile  
 
 Post subject: Re: routerconfigs on cacti 1.1.17 ssh login fails
PostPosted: Tue Aug 29, 2017 9:28 am 
Offline
Cacti User

Joined: Mon Sep 10, 2012 5:54 pm
Posts: 76
It's working for me using SSH, but I have preshared keys set up.

What does the console debug output look like on that device? (click on the router debug icon for that host on the devices page)


Top
 Profile  
 
 Post subject: Re: routerconfigs on cacti 1.1.17 ssh login fails
PostPosted: Wed Aug 30, 2017 4:48 am 
Offline
Cacti User

Joined: Fri Feb 10, 2017 12:41 pm
Posts: 114
What do you mean with preshared keys?

The debug output is empty..


Top
 Profile  
 
 Post subject: Re: routerconfigs on cacti 1.1.17 ssh login fails
PostPosted: Wed Aug 30, 2017 3:43 pm 
Offline
Cacti User

Joined: Mon Sep 10, 2012 5:54 pm
Posts: 76
You can set up preshared SSH keys between your linux box that Cacti runs on and the switch/router you are connecting to, eliminating the need for username/password authentication.

What switch/router make and model are you connecting to?


Top
 Profile  
 
 Post subject: Re: routerconfigs on cacti 1.1.17 ssh login fails
PostPosted: Thu Aug 31, 2017 2:57 am 
Offline
Cacti User

Joined: Fri Feb 10, 2017 12:41 pm
Posts: 114
Do you mean public key authentication?

my switches are Cisco 3850.

Do you think that's a problem?


Top
 Profile  
 
 Post subject: Re: routerconfigs on cacti 1.1.17 ssh login fails
PostPosted: Thu Aug 31, 2017 12:45 pm 
Offline
Cacti User

Joined: Mon Sep 10, 2012 5:54 pm
Posts: 76
No I have Cisco IOS-XR, IOS-XE, and IOS using SSH without issue. I also just successfully tested it on a 3850 using SSH and Telnet both.


Top
 Profile  
 
 Post subject: Re: routerconfigs on cacti 1.1.17 ssh login fails
PostPosted: Thu Aug 31, 2017 4:02 pm 
Offline
Cacti User
User avatar

Joined: Wed Jul 20, 2016 8:00 pm
Posts: 177
I think smiles is running a different version of the code.

I downloaded the code from https://github.com/Cacti/plugin_routerconfigs the develop branch and I just compared functions.php to the one on smiles fork and there are a couple of differences.
Code:
This branch is 1 commit ahead, 20 commits behind Cacti:master.


I wonder if you've just forked that before they reworked it as a 1.x compatible plugin. Just by looking at functions.php you can see
Code:
Copyright (C) 2007 The Cacti Group   


Smiles, can you please attach the version you're actually running? I'd like to compare the files and see what we can find.

I'm on the same page as Axel90.

Cheers,

_________________
Cacti - 1.1.37
Poller Type - Spine
Weathermap 0.98a
Server Info - Linux 3.10.0 - Centos 7
Web Server - Apache/2.4.6 PHP 5.4.16
MySQL - 5.5 ;RRDTool - 1.4.8 ;SNMP - 5.7.2
Religion - Anti forum pets
Code:
SYSTEM STATS: Time:17.7383 Method:spine Processes:1 Threads:10 Hosts:279 HostsPerProcess:279 DataSources:7309 RRDsProcessed:3718

Code:
WEATHERMAP STATS: Weathermap 0.98 run complete - Thu, 16 Nov 17 08:42:56 +1300: 39 maps were run in 23.22 seconds with 0 warnings.


Top
 Profile  
 
 Post subject: Re: routerconfigs on cacti 1.1.17 ssh login fails
PostPosted: Thu Aug 31, 2017 6:35 pm 
Offline
Cacti User
User avatar

Joined: Wed Jul 20, 2016 8:00 pm
Posts: 177
I've just tested it with this piece of code from cacti's box and it worked. I wonder if there is something wrong with encode/decode function.

Code:
<?php
$connection = ssh2_connect('shell.example.com', 22);

if (ssh2_auth_password($connection, 'username', 'secret')) {
  echo "Authentication Successful!\n";
} else {
  die('Authentication Failed...');
}
?>

_________________
Cacti - 1.1.37
Poller Type - Spine
Weathermap 0.98a
Server Info - Linux 3.10.0 - Centos 7
Web Server - Apache/2.4.6 PHP 5.4.16
MySQL - 5.5 ;RRDTool - 1.4.8 ;SNMP - 5.7.2
Religion - Anti forum pets
Code:
SYSTEM STATS: Time:17.7383 Method:spine Processes:1 Threads:10 Hosts:279 HostsPerProcess:279 DataSources:7309 RRDsProcessed:3718

Code:
WEATHERMAP STATS: Weathermap 0.98 run complete - Thu, 16 Nov 17 08:42:56 +1300: 39 maps were run in 23.22 seconds with 0 warnings.


Top
 Profile  
 
 Post subject: Re: routerconfigs on cacti 1.1.17 ssh login fails
PostPosted: Thu Aug 31, 2017 6:59 pm 
Offline
Cacti User
User avatar

Joined: Wed Jul 20, 2016 8:00 pm
Posts: 177
Well, definitely there is a problem with the authentication form, is messing things up.

I've tested each code with what's actually saved in plugin_routerconfigs_accounts table and the password is there but also a whole lot of crap as part of the same 'string'.

So you could test these two codes replacing the string that's on your database:

select * from plugin_routerconfigs_accounts;

http://php.net/manual/en/function.base64-decode.php
http://php.net/manual/en/function.base64-encode.php

_________________
Cacti - 1.1.37
Poller Type - Spine
Weathermap 0.98a
Server Info - Linux 3.10.0 - Centos 7
Web Server - Apache/2.4.6 PHP 5.4.16
MySQL - 5.5 ;RRDTool - 1.4.8 ;SNMP - 5.7.2
Religion - Anti forum pets
Code:
SYSTEM STATS: Time:17.7383 Method:spine Processes:1 Threads:10 Hosts:279 HostsPerProcess:279 DataSources:7309 RRDsProcessed:3718

Code:
WEATHERMAP STATS: Weathermap 0.98 run complete - Thu, 16 Nov 17 08:42:56 +1300: 39 maps were run in 23.22 seconds with 0 warnings.


Top
 Profile  
 
 Post subject: Re: routerconfigs on cacti 1.1.17 ssh login fails
PostPosted: Fri Sep 01, 2017 3:34 am 
Offline
Cacti User

Joined: Fri Feb 10, 2017 12:41 pm
Posts: 114
Hey Pucho,

your connect test works for me, too.

for testing I configured a simple account on my switch:

Username: alex
password: alex

When I encode 'alex' with base64_encode, I get: YWxleA==

However,
select * from plugin_routerconfigs_accounts;
looks like that:
Attachment:
mysql.JPG
mysql.JPG [ 24.89 KiB | Viewed 1037 times ]

But I think that long string is OK, because the encode function in the functions.php adds random characters.

When I decode that string from the database with base64_decode, I get:

a:3:{i:429979416;i:1181494000;s:8:"password";s:4:"alex";i:1185589088;i:63423676;}

There appears "password" and "alex"

I just tested the routerconfigs decoding manually, that works!
I get 'alex' at the end.


Btw, is my devicetype correct?


Attachments:
mysql2.JPG
mysql2.JPG [ 54.08 KiB | Viewed 1035 times ]
Top
 Profile  
 
 Post subject: Re: routerconfigs on cacti 1.1.17 ssh login fails
PostPosted: Sun Sep 03, 2017 5:39 pm 
Offline
Cacti User
User avatar

Joined: Wed Jul 20, 2016 8:00 pm
Posts: 177
I'll dig a little bit more, but something it's not quite working when it comes to auth part of it.

btw, regarding your question

Edit your setup.php

Line 179 aprox

Is this
Code:
(id, name, username, password, copytftp, version, confirm, forceconfirm)

Should be this
Code:
(id, name, username, password, copytftp, version, confirm, forceconfirm, checkendinconfig)


That'll create the 2 device types that are missing on your setup, Cisco IOS and Cisco CatOS.

You should have got an error when you installed routerconfigs that couldn't create these two because count didn't match. So re-install it and that's it.

I ran an ssh debug on one of my cisco devices

Code:
2597158: Sep  4 2017 10:57:36.712 nzst: %SEC_LOGIN-4-LOGIN_FAILED: Login failed [user: ] [Source: xxx.yy.zzz.120] [localport: 22] [Reason: Login Authentication Failed] at 10:57:36 nzst Mon Sep 4 2017


I should see something like this. I tried login in with a username "wrong_user"
Code:
2598374: Sep  4 2017 11:03:44.163 nzst: %SEC_LOGIN-4-LOGIN_FAILED: Login failed [user: wrong_user] [Source: xxx.yy.zzz.120] [localport: 22] [Reason: Login Authentication Failed] at 11:03:44 nzst Mon Sep 4 2017


It's not sending the username.

_________________
Cacti - 1.1.37
Poller Type - Spine
Weathermap 0.98a
Server Info - Linux 3.10.0 - Centos 7
Web Server - Apache/2.4.6 PHP 5.4.16
MySQL - 5.5 ;RRDTool - 1.4.8 ;SNMP - 5.7.2
Religion - Anti forum pets
Code:
SYSTEM STATS: Time:17.7383 Method:spine Processes:1 Threads:10 Hosts:279 HostsPerProcess:279 DataSources:7309 RRDsProcessed:3718

Code:
WEATHERMAP STATS: Weathermap 0.98 run complete - Thu, 16 Nov 17 08:42:56 +1300: 39 maps were run in 23.22 seconds with 0 warnings.


Top
 Profile  
 
 Post subject: Re: routerconfigs on cacti 1.1.17 ssh login fails
PostPosted: Sun Sep 03, 2017 8:45 pm 
Offline
Cacti User
User avatar

Joined: Wed Jul 20, 2016 8:00 pm
Posts: 177
I think problem is around

Code:
function plugin_routerconfigs_retrieve_account ($device)


Code:
   $info = db_fetch_row_prepared('SELECT *
      FROM plugin_routerconfigs_accounts AS pra
      INNER JOIN plugin_routerconfigs_devices AS prd
      ON pra.id=prd.account
      WHERE prd.id = ?',
      array($device));


This query returns 2 colums with 'username' and the latest one is NULL, which I think belongs to the last username that has saved the configuration and since in this case this is the first time I'm trying to backup the config, that field is empty.

Comparing the old query
New query
Code:
SELECT *
FROM plugin_routerconfigs_accounts AS pra
INNER JOIN plugin_routerconfigs_devices AS prd
ON pra.id=prd.account
WHERE prd.id = 1;

Old Query
Code:
SELECT plugin_routerconfigs_accounts.* FROM plugin_routerconfigs_accounts,plugin_routerconfigs_devices WHERE plugin_routerconfigs_accounts.id = plugin_routerconfigs_devices.account AND plugin_routerconfigs_devices.id = 1;


By replacing the query I can now get the debug info for the device and backup the config.

Still struggling with selinux but..

_________________
Cacti - 1.1.37
Poller Type - Spine
Weathermap 0.98a
Server Info - Linux 3.10.0 - Centos 7
Web Server - Apache/2.4.6 PHP 5.4.16
MySQL - 5.5 ;RRDTool - 1.4.8 ;SNMP - 5.7.2
Religion - Anti forum pets
Code:
SYSTEM STATS: Time:17.7383 Method:spine Processes:1 Threads:10 Hosts:279 HostsPerProcess:279 DataSources:7309 RRDsProcessed:3718

Code:
WEATHERMAP STATS: Weathermap 0.98 run complete - Thu, 16 Nov 17 08:42:56 +1300: 39 maps were run in 23.22 seconds with 0 warnings.


Top
 Profile  
 
 Post subject: Re: routerconfigs on cacti 1.1.17 ssh login fails
PostPosted: Mon Sep 04, 2017 5:10 pm 
Offline
Cacti Pro User
User avatar

Joined: Mon Jan 05, 2015 10:10 am
Posts: 610
When you figure this out, make sure you do a pull request.

_________________
Before history, there was a paradise, now dust.


Top
 Profile  
 
 Post subject: Re: routerconfigs on cacti 1.1.17 ssh login fails
PostPosted: Tue Sep 05, 2017 3:24 pm 
Offline
Cacti User

Joined: Mon Sep 10, 2012 5:54 pm
Posts: 76
Pucho wrote:
I think smiles is running a different version of the code.


Smiles, can you please attach the version you're actually running? I'd like to compare the files and see what we can find.



I'm actually running a heavily modified version of routerconfigs, it won't line up with the github repo at all. When cigamit first released this plugin as 1.0 compatible, I ran into a bunch of issues with it and had to work through them to get it to actually back up my configs. In the process, I also added the devtypes functionality because at that point in time, there was no way to do this without manually modifying the database. I uploaded all of my changes to him (can be seen in closed issue #6), and he wound up incorporating some of it into commit a82e8a9.


Top
 Profile  
 
 Post subject: Re: routerconfigs on cacti 1.1.17 ssh login fails
PostPosted: Tue Sep 05, 2017 6:05 pm 
Offline
Cacti User
User avatar

Joined: Wed Jul 20, 2016 8:00 pm
Posts: 177
Osiris wrote:
When you figure this out, make sure you do a pull request.


Feel free to help =)

_________________
Cacti - 1.1.37
Poller Type - Spine
Weathermap 0.98a
Server Info - Linux 3.10.0 - Centos 7
Web Server - Apache/2.4.6 PHP 5.4.16
MySQL - 5.5 ;RRDTool - 1.4.8 ;SNMP - 5.7.2
Religion - Anti forum pets
Code:
SYSTEM STATS: Time:17.7383 Method:spine Processes:1 Threads:10 Hosts:279 HostsPerProcess:279 DataSources:7309 RRDsProcessed:3718

Code:
WEATHERMAP STATS: Weathermap 0.98 run complete - Thu, 16 Nov 17 08:42:56 +1300: 39 maps were run in 23.22 seconds with 0 warnings.


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 28 posts ]  Go to page 1, 2  Next

All times are UTC - 5 hours


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  

Protected by Anti-Spam ACP Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group