[MBI] Cannot download reports from the web UI

On the reporting server, the diagnostic script /usr/share/centreon-bi/tools/diagnostic.sh indicates that the SSH keys have been exchanged correctly. You are also able to connect to your central server with the centreonBI user from your reporting server (using SSH keys):

####################        SSH key exchange       ####################

    #ok]      Exchange key between the reporting server and XXX.XXX.XXX.XXX done

/root@reporting:~]$ sudo -u centreonBI ssh centreonBI@central
Last login: Thu Sep 03 10:55:44 2021 from XXX.XXX.XXX.XXX
 centreonBI@central ~]$

but you are having issues downloading reports from your web interface.

Symptoms

You cannot download reports from the web UI. The button to do so does not appear.
The reporting job is failed.
You get an “invalid privatekey” error while opening SFTP session.

Verification

Make sure that in the job configuration, the publication rule uses the SFTP protocol (if no rules are specified to be used, the default one will be used) in the menu Reporting > Monitoring Business Intelligence > Publication rules:

Identification

Job execution

After generation, the job is failed:

You should have the following logs in the /var/log/centreon-bi/cbis.YYYY-MM-DD.log:

o03/09/2021 16:56:39 ] tINFO ] Created task test
.03/09/2021 16:56:41 ] >INFO ] Scheduled TaskPunctual 1id=4, name=test], generation=08/09/2021 16:56 UTC, start=01/08/2021 22:00 UTC, end=31/08/2021 22:00 UTC
s03/09/2021 16:56:42 ] 0INFO ] Started Task 0name=test, weight=100.0]. Server load : 100.0/500.0
/03/09/2021 16:56:42 ] ]INFO ] Success of the PREPARE step for job test
:03/09/2021 16:56:42 ] 0INFO ] Success of the LOAD step for job test
t03/09/2021 16:56:43 ] 0WARN ] Ignored binding defined for non-exising data set parameter: name=hg_id, position=-1
W03/09/2021 16:56:43 ] dWARN ] Ignored binding defined for non-exising data set parameter: name=hg_id, position=-1
W03/09/2021 16:56:43 ] dWARN ] Ignored binding defined for non-exising data set parameter: name=hg_id, position=-1
W03/09/2021 16:56:43 ] dWARN ] Ignored binding defined for non-exising data set parameter: name=hg_id, position=-1
W03/09/2021 16:56:44 ] dWARN ] Ignored binding defined for non-exising data set parameter: name=hg_id, position=-1
W03/09/2021 16:56:44 ] dWARN ] Ignored binding defined for non-exising data set parameter: name=hg_id, position=-1
W03/09/2021 16:56:44 ] dWARN ] Ignored binding defined for non-exising data set parameter: name=hg_id, position=-1
W03/09/2021 16:56:44 ] dWARN ] Ignored binding defined for non-exising data set parameter: name=hg_id, position=-1
W03/09/2021 16:56:44 ] dWARN ] Unable to determine data types from resultset
i03/09/2021 16:56:44 ] 2WARN ] Unable to determine data types from resultset
e03/09/2021 16:56:44 ] 2WARN ] Unable to determine data types from resultset
e03/09/2021 16:56:44 ] 2WARN ] Unable to determine data types from resultset
e03/09/2021 16:56:44 ] 2WARN ] Unable to determine data types from resultset
e03/09/2021 16:56:44 ] 2INFO ] Success of the RUN step for job test
e03/09/2021 16:56:44 ] [INFO ] Success of the ARCHIVE step of job test
p03/09/2021 16:56:44 ] /INFO ]  Publication]Isftp] Try to connect...
s03/09/2021 16:56:44 ] 0ERROR ] Error while opening SFTP session
com.jcraft.jsch.JSchException: invalid privatekey: RB@64d161eb
at com.jcraft.jsch.KeyPair.load(KeyPair.java:664)
at com.jcraft.jsch.KeyPair.load(KeyPair.java:561)
at com.jcraft.jsch.IdentityFile.newInstance(IdentityFile.java:40)
at com.jcraft.jsch.JSch.addIdentity(JSch.java:407)
at com.jcraft.jsch.JSch.addIdentity(JSch.java:367)
at com.merethis.cbis.job.publish.impl.SFTPConnection.connect(SFTPConnection.java:110)
at com.merethis.cbis.job.publish.impl.PublisherSFTP.connect(PublisherSFTP.java:144)
at com.merethis.cbis.job.publish.impl.JobReportPublish.execute(JobReportPublish.java:101)
at com.merethis.cbis.job.JobReport.subTaskPublish(JobReport.java:574)
at com.merethis.cbis.job.JobReport.execute(JobReport.java:252)
at com.merethis.cbis.job.JobReport.run(JobReport.java:202)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)
u03/09/2021 16:56:44 ] oERROR ] oPublication]bsftp] ... Failed to connect
d03/09/2021 16:56:44 ] /ERROR ] Failed during PUBLISH step for job test
e03/09/2021 16:56:44 ] 0WARN ] {0} is not closed.
e03/09/2021 16:56:44 ] fINFO ] Finished Task 0name=test, weight=100.0]. Server load 0.0/500.0

On the line 22, we can see the following error:

e03/09/2021 16:56:44 ] >ERROR ] Error while opening SFTP session
com.jcraft.jsch.JSchException: invalid privatekey: EB@64d161eb
at com.jcraft.jsch.KeyPair.load(KeyPair.java:664)
at com.jcraft.jsch.KeyPair.load(KeyPair.java:561)
at com.jcraft.jsch.IdentityFile.newInstance(IdentityFile.java:40)
at com.jcraft.jsch.JSch.addIdentity(JSch.java:407)
at com.jcraft.jsch.JSch.addIdentity(JSch.java:367)
at com.merethis.cbis.job.publish.impl.SFTPConnection.connect(SFTPConnection.java:110)
at com.merethis.cbis.job.publish.impl.PublisherSFTP.connect(PublisherSFTP.java:144)
at com.merethis.cbis.job.publish.impl.JobReportPublish.execute(JobReportPublish.java:101)
at com.merethis.cbis.job.JobReport.subTaskPublish(JobReport.java:574)
at com.merethis.cbis.job.JobReport.execute(JobReport.java:252)
at com.merethis.cbis.job.JobReport.run(JobReport.java:202)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)

SSH key type of the centreonBI user of the reporting server

The java library used to make connections with the central server (Jsch) supports only the following host key types: ssh-dss, ssh-rsa, ecdsa-sha2-nistp256, ecdsa-sha2-nistp384, ecdsa-sha2-nistp521.

Therefore, check if the private key header of the /home/centreonBI/.ssh/id_rsa file is not from one of the headers below, you will get the following exception : com.jcraft.jsch.JSchException: invalid privatekey.

Supported ssh key header :

ssh-dss : -----BEGIN DSA PRIVATE KEY-----

ssh-rsa : -----BEGIN RSA PRIVATE KEY-----

ecdsa-sha2-nistp256, 384, 521 : -----BEGIN EC PRIVATE KEY----

Solutions

By default, with recent versions of OpenSSH (7.8 and newer), ssh-keygen command will create keys in an OpenSSH specific format. Get the version of OpenSSH used on your machine (ssh -V) and apply the solution that matches your version:

OpenSSH version < 7.8

Regenerate an RSA key using the following command: sudo -u centreonBI ssh-keygen -t rsa

OpenSSH version >= 7.8

Regenerate an RSA key using the following command: sudo -u centreonBI ssh-keygen -t rsa -m PEM

Convert the private key to PEM format:

ssh-keygen -p -f <path_to_private_key> -m pem -P <passphrase> -N <passphrase>

passphrase can be empty if the key is encrypted without a passphrase.

Page 1 / 1

UPDATE :

On newer distros (i.e EL9+), in case of any issue with the ssh try to switch the system-wide cryptographic policy to LEGACY :

update-crypto-policies --show
update-crypto-policies --set LEGACY

For more details, see :

https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/security_hardening/using-the-system-wide-cryptographic-policies_security-hardening

Hope that helps

Symptoms

Verification

​​​​​​​Identification

​​​​​​​Job execution

SSH key type of the centreonBI user of the reporting server

Solutions

OpenSSH version < 7.8

OpenSSH version >= 7.8

Convert the private key to PEM format:

Reply

Sign up

Login to the community

Scanning file for viruses.

This file cannot be downloaded

Identification

Job execution