Check_sftp "Authentication failed"

Steven1 · October 26, 2021, 7:31am

Hi

I’ve been setting up SFTP servers and saw that in Check_MK you can monitor them as well.
I’ve been trying to get that working, but it seems I am bumping into an issue.

When I use the web interface to configure the check, I get connection failed.
When I use the command line I get “authentication failed” => See below but when I then log in manually it works without issues. (RSA fingerprint has been stored)

Anyone an idea on how to proceed with this?

OMD[sitename]:/opt/omd/versions/2.0.0p1.cre/lib/nagios/plugins$ ./check_sftp --verbose --user [username] --secret [password] --port 22 [IP_of_host]
Traceback (most recent call last):
File “./check_sftp”, line 265, in
exitcode, info = main()
File “./check_sftp”, line 203, in main
client = connection(opt_key, opt_host, opt_user, opt_pass, opt_port, opt_timeout)
File “./check_sftp”, line 41, in connection
client.connect(opt_host,
File “/omd/sites/sitename/lib/python3/paramiko/client.py”, line 435, in connect
self._auth(
File “/omd/sites/sitename/lib/python3/paramiko/client.py”, line 764, in _auth
raise saved_exception
File “/omd/sites/sitename/lib/python3/paramiko/client.py”, line 751, in _auth
self._transport.auth_password(username, password)
File “/omd/sites/sitename/lib/python3/paramiko/transport.py”, line 1509, in auth_password
return self.auth_handler.wait_for_response(my_event)
File “/omd/sites/sitename/lib/python3/paramiko/auth_handler.py”, line 250, in wait_for_response
raise e
paramiko.ssh_exception.AuthenticationException: Authentication failed.
OMD[sitename]:/opt/omd/versions/2.0.0p1.cre/lib/nagios/plugins$ ssh username@IP_of_host
username@IP_of_host’s password:
Welcome to Ubuntu 18.04.6 LTS (GNU/Linux 4.15.0-159-generic x86_64)

Documentation: https://help.ubuntu.com
Management: https://landscape.canonical.com
Support: Ubuntu Advantage for Infrastructure | Ubuntu

System information as of Tue Oct 26 09:09:40 CEST 2021

System load: 0.15 Processes: 125
Usage of /: 8.6% of 196.73GB Users logged in: 1
Memory usage: 42% IP address for mgmt: snipped
Swap usage: 0% IP address for public: snipped

Super-optimized for small spaces - read how we shrank the memory
footprint of MicroK8s to make it the smallest full K8s around.

From lightweight to featherweight: MicroK8s memory optimisation | Ubuntu

0 updates can be applied immediately.

New release ‘20.04.3 LTS’ available.
Run ‘do-release-upgrade’ to upgrade to it.

*** System restart required ***
Last login: Tue Jul 20 09:47:33 2021 from snipped
username@ip_of_host:~$ exit

louis · October 26, 2021, 7:59am

Hi,

Looks like you’re trying to login to your sftp server using password authentication. I don’t know if that’s supposed to work, but If I were you, I’d setup pre-shared key authentication from the OMD site user account to the user used on the SFTP server.

Louis.

Steven1 · October 26, 2021, 11:31am

The usage of the command as described in the actual file itself.

USAGE: check_sftp [OPTIONS] HOST

OPTIONS:
–host HOST SFTP server address
–user USER Username for sftp login
–secret SECRET Secret/Password for sftp login
–private-key KEY Private Key for sftp login
–port PORT Alternative port number (default is 22 for the connection)
–get-remote FILE Path to the file which to pull from SFTP server (e.g.
/tmp/testfile.txt)
–get-local PATH Path to store the pulled file locally (e.g. $OMD_ROOT/tmp/)
–put-local FILE Path to the file to push to the sftp server. See above for example
–put-remote PATH Path to save the pushed file (e.g. /tmp/)
–get-timestamp PATH Path to the file for getting the timestamp of this file
–timeout SECONDS Set timeout for connection (default is 10 seconds)
–verbose Output some more detailed information
-h, --help Show this help message and exit

So I believe user/password should work.

Steven1 · October 27, 2021, 9:04am

Hi

After @louis suggestion to generate a key pair and try to login that way, I did and it still doesn’t work. ON Command line that is. I always get back “failed authentication”

Now, I retried with normal user / paswd and entered in in the webinterface of checkMK and now it does seem to work, bizarrely. Why it didn’t work before, I can’t tell, but it seems to have resolved itself now.

Thanks for your suggestions, our monitoring keeps improving this way

louis · October 27, 2021, 11:23am

Well, that is indeed strange. I’m glad that you got it working, but it should have done so from the start.

system · October 27, 2022, 11:23am

This topic was automatically closed 365 days after the last reply. New replies are no longer allowed. Contact an admin if you think this should be re-opened.