Kaseya Community

Checks and scripts using SSH not working

This question is answered

Hi all,

I'm trying to setup checks using SSH and Actions using SSH commands, but I'm getting unspecified failures in KNM and no successful logins.  My authentication details are correct (setting incorrect details give me an authentication error) and I can see reverse DNS mapping checks in the target's messages log, but no sshd message indicating it's logged in.

I've also tried setting options in init.cfg: SSH2_TRACELEVEL=0 however this doesn't appear to do anything.

Does anyone have this working?

Andrew

 

Verified Answer
  • KNM sends SSH_MSG_USERAUTH_REQUEST requesting to authenticate using the "password" method (the only one we support right now) , which your server seem to refuse because it returns a  SSH_MSG_USERAUTH_FAILURE  later on.

    This may explain why your server isnt logging any login attempt, it never got so far.

    Make sure that PasswordAuthentication is enabled in sshd_config on the monitored host

All Replies
  • The SSH monitor / action has been working great for the past 8 years and our SSH Client/Server is one of the most compliant in the industry. We rarely encounter issues, but when we do its mostly with very old versions of SSHD that do not adhere to the SSH standard completely.

    Some questions:

    SSH2_TRACELEVEL=0 turns of SSH logging, you should set it to 1 or 2

    What version of the SSHD are you running and what OS is it on the monitor machine ?

    What build number of KNM are you running ?

     

     



    [edited by: RA at 12:49 AM (GMT -8) on 1-13-2012] Clarified the state of the SSH monitor/action.
  • Sorry I mistyped, I was trying a trace level of 4, trying now I see 1 works and produces output in debug_log.txt.  I have tested against Openssh 4.2p1 and 5.1p1 (opensuse 11.1).  Build is Kaseya Network Monitor 4.0 (Build 6541)

    I'm trying a simple command of "echo 4" and a monitor test of greater than 1.  The Status shows no "return value" and an error "command failed to execute".

    Here's the log; I see Authentication failure is reported, yet sshd on the target doesn't report anything.

                                      ------------ EXEC START ------------

    [2012/01/13 20:24:16] - (4760) 202414.010 State: DISCONNECTED -> CONNECTING

    [2012/01/13 20:24:16] - (4760) 202414.010 State: CONNECTING -> HANDSHAKE

    [2012/01/13 20:24:16] - (4760) 202414.010 TRACE 78ab74c9: Sending version: 5353482D322E302D312E3838207373686C6

                                      9623A204B4E4D53534845786563436C69656E740D0A

    [2012/01/13 20:24:16] - (4760) 202414.010 TRACE 78ab74c9: Sending SSH_MSG_KEXINIT (676 bytes, seq nr 0)

    [2012/01/13 20:24:16] - (4760) 202414.213 TRACE 78ab74cc: Received SSH_MSG_KEXINIT (769 bytes, seq nr 0)

    [2012/01/13 20:24:16] - (4760) 202414.213 TRACE 78ab74d0: Will act on first key exchange method packet

    [2012/01/13 20:24:16] - (4760) 202414.213 TRACE 78ab74c9: Sending SSH_MSG_KEX_30 (261 bytes, seq nr 1)

    [2012/01/13 20:24:16] - (4760) 202414.275 TRACE 78ab74cc: Received SSH_MSG_KEX_31 (561 bytes, seq nr 1)

    [2012/01/13 20:24:16] - (4760) 202414.291 TRACE 78ab74c9: Sending SSH_MSG_NEWKEYS (1 bytes, seq nr 2)

    [2012/01/13 20:24:16] - (4760) 202414.291 TRACE 78ab74c9: Sending SSH_MSG_SERVICE_REQUEST (17 bytes, seq nr 3)

    [2012/01/13 20:24:16] - (4760) 202414.291 TRACE 78ab74cc: Received SSH_MSG_NEWKEYS (1 bytes, seq nr 2)

    [2012/01/13 20:24:16] - (4760) 202414.291 TRACE 78ab74cc: Received SSH_MSG_SERVICE_ACCEPT (17 bytes, seq nr 3)

    [2012/01/13 20:24:16] - (4760) 202414.291 TRACE 78ab74c9: Sending SSH_MSG_USERAUTH_REQUEST (50 bytes, seq nr

                                      4)

    [2012/01/13 20:24:16] - (4760) 202414.291 TRACE 78ab74c9: Sending SSH_MSG_IGNORE (232 bytes, seq nr 5)

    [2012/01/13 20:24:26] - (4760) 202424.307 TRACE 78ab74cc: Received SSH_MSG_USERAUTH_FAILURE (36 bytes, seq nr

                                      4)

    [2012/01/13 20:24:26] - (4760) 202424.307 TRACE 78ab74c9: Sending SSH_MSG_DISCONNECT (15 bytes, seq nr 6)

    [2012/01/13 20:24:26] - (4760) 202424.307 Session error: Session terminated by exception: Authentication

                                      failed

    [2012/01/13 20:24:26] - (4760) 202424.307 State: HANDSHAKE -> DISCONNECTED

  • KNM sends SSH_MSG_USERAUTH_REQUEST requesting to authenticate using the "password" method (the only one we support right now) , which your server seem to refuse because it returns a  SSH_MSG_USERAUTH_FAILURE  later on.

    This may explain why your server isnt logging any login attempt, it never got so far.

    Make sure that PasswordAuthentication is enabled in sshd_config on the monitored host

  • Thank you, that did the trick.  Looking further, sshd on the target already accepted passwords (for non-root accounts), yet in SSH v2 this maps to keyboard-interactive Challenge/Response (using PAM in my case).  My tests from other Linux hosts and Putty were working fine with the password.  

    The PasswordAuthentication option enables plain text passwords over the SSH tunnel, this is why it's required for KNM.

    Thanks for such a fast response!

    Andrew