Skip to main content

Hello there,

 

I'm currently in the process of migrating from CentOS 7 with Centreon 21.10 to Debian Bullseye with version 23.04, following the migration guide provided here: Centreon Migration Guide.

I've encountered an issue with Gorgone, where it seems to be ignoring the ssh_port configuration and attempting to connect to the pollers using the default SSH port (22/tcp). Here's a summary of the problem and the steps I've taken:

Problem Description:

  • The configuration is the same as what was working on the old server.
  • The SSH port for the pollers is correctly set up and recognized by Gorgone.
  • When I check the NODES, I can see that the ssh_port for the pollers is correctly configured.
2023-08-19 16:55:46 - DEBUG -  core] Message received -  REGISTERNODES]  ]  ] {"nodes"::{"address":"server3.company.com","ssh_username":"centreon","ssh_port":222,"type":"push_ssh","id":"2"},{"id":"3","type":"push_ssh","ssh_port":2255,"address":"server4.company.com","ssh_username":"centreon"},{"type":"push_ssh","ssh_port":22,"id":"4","address":"192.168.10.200","ssh_username":"centreon"},{"address":"server1.company.com","ssh_username":"centreon","id":"5","ssh_port":22,"type":"push_ssh"},{"type":"push_ssh","ssh_port":222,"id":"6","address":"server5.company.com","ssh_username":"centreon"},{"id":"15","ssh_port":22,"type":"push_ssh","ssh_username":"centreon","address":"server2.company.com"}]}

However, after a few seconds, Gorgone only connects to the servers using the default SSH port (22/tcp), and all the others that are using different ports experience timeouts.

 

2023-08-19 07:26:01 - INFO - -sshclient] Client authenticated successfully to 'ssh://192.168.10.200:22'
2023-08-19 07:26:08 - INFO - -sshclient] Client authenticated successfully to 'ssh://server1.company.com:22'
2023-08-19 07:26:10 - INFO - -sshclient] Client authenticated successfully to 'ssh://server2.company.com:22'
2023-08-19 07:26:19 - ERROR - -sshclient] Connect method: connect failed: Timeout connecting to server3.company.com
2023-08-19 07:27:00 - ERROR - -sshclient] Connect method: connect failed: Timeout connecting to server4.company.com

 

Steps Taken:

  1. The new server is using the same IP as the old one, so there are no network problems.
  2. Manual SSH connections from the Gorgone account to the remote pollers work without any issues.

Temporary Workaround: After hours of troubleshooting, I tried creating an SSH config file for the Gorgone user as a workaround, and it worked. Here's the content of the .ssh/config file:

 

cat /var/lib/centreon-gorgone/.ssh/config
Host *
	IdentityFile /var/lib/centreon-gorgone/.ssh/id_rsa

Host server4.company.com
	Port 2255

Host server3.company.com
	Port 222

Host server5.company.com
	Port 222

 

With this config file in place, Gorgone correctly connects to the pollers using the specified SSH ports. Here the ouput:

2023-08-19 15:57:01 - INFO - Fsshclient] Client authenticated successfully to 'ssh://192.168.10.200:22'
2023-08-19 15:57:02 - INFO - Fsshclient] Client authenticated successfully to 'ssh://server1.company.com:22'
2023-08-19 15:57:03 - INFO - Fsshclient] Client authenticated successfully to 'ssh://server2.company.com:22'
2023-08-19 16:02:42 - INFO - Fsshclient] Client authenticated successfully to 'ssh://server5.company.com:222'
2023-08-19 16:40:02 - INFO - Fsshclient] Client authenticated successfully to 'ssh://server4.company.com:2255'
2023-08-19 16:40:03 - INFO - Fsshclient] Client authenticated successfully to 'ssh://server3.company.com:222'

 

Additional Information:

All packages are up to date, including libssh-session-perl and centreon-gorgone.

$ dpkg -l | egrep '(libssh-session-perl|gorgone)'
ii  centreon-gorgone                                          23.04.5-bullseye                                                           amd64        Centreon Gorgone.
ii  libssh-session-perl                                       0.8-1                                                                      amd64        Support for the SSH protocol via libssh.

 

Any insights or solutions to this problem. I'm puzzled as to why Gorgone is not correctly recognizing the SSH ports without the SSH config file.

I'm afraid I don't quite understand your problem.
Indeed, SSH communications are in the process of being depreciated. (presence of back door)
I suggest you look at the documentation on the ZMQ (Gorgone) protocol: https://docs.centreon.com/docs/developer/developer-gorgone-client-server-communication/

Hello,

I apologize if my previous message wasn't clear enough. Let me provide a simplified explanation for you:

Centreon cannot connect to pollers using SSH ports other than 22/TCP, even when the configuration is correct (with the SSH address and port). The only way to make it work with different SSH ports is by manually creating a file (.ssh/config) that duplicates the already configured information of the poller set up via the Centreon web interface.

I hope this clarifies the situation. Please feel free to let me know if further simplification is needed.

 

PS: I hope Centreon do not discontinue support for the SSH protocol. Will be very complicate to explain/ask to some CISO/companies to allow traffic via other protocol different from SSH and at the end one will need to create a hack/tunnel to connect your ZMQ over SSH in this kind of situations.

Hi,

 

any clue why centreon are ignoring the SSH port configuration ?

 

@supervhs it’s working for me. are you available for a session ? you can send me an email to qgarnier@centreon.com

yes.. Im avaliable.. just send a email for you few seconds ago.

 

thanks

The problem comes from the following configuration in file /etc/ssh/ssh_config:

Host *
   Port 22

The libssh overrides the ssh gorgone configuration with the ssh system files. So the custom port is overrided by your ssh system files. 

I only see that option in libssh to change the process (i could handle the other way. set the ssh host, read the ssh system files and at least override with options like port/user):

SSH_OPTIONS_PROCESS_CONFIG Set it to false to disable automatic processing of per-user and system-wide OpenSSH configuration files. LibSSH automatically uses these configuration files unless you provide it with this option or with different file (bool).

 

Hello there and thanks again for your help.

 

I don’t believe that is a good idea (disable the SSH_OPTIONS_PROCESS_CONFIG), because there can be several configurations by default that should be applied to all the ssh clients (ciphers, security and others) by default.

 

I was looking by the internet and some other projects have a similar issue:

https://github.com/curl/curl/issues/4972

There, it suggest to call the ssh_options_parse_config() first and then apply ours (centreon) configurations to override it.

 

What you think ?

Reply


Terms & ConditionsCookie settings