1

Hi all,

I have a weird problem. I have recently deployed several CentOS 7 VMs that fail to inventory. Each machine is running sshd (forced protocol 2 from sshd_config) and snmpd. I can ping it, ssh (via putty) to it and run nslookup on it from the Windows server running SW. I enter its IP to scan, it identifies the machine name, but fails to inventory anything about the device.

The device is registered as unknown, with “SSH computer with error”. It does pick up the serial number and MAC address. When I disable SSH or force scan with SNMP, it works, and picks up configuration and software inventory.

I get to Device troubleshooting, enter the SSH credentials directly, and get the following error: " Test failed with unknown error (NotImplementedError). Please visit the Spiceworks Community Support forums for help." The troubleshooter passes all tests (nmap runs, port 22 is open, pings return, nslookup returns, traceroute returns - no problem).

I have the log files, but I will be honest, it doesn’t say very much. I have also run sshd manually with debugging on - it sees the connection and then immediate disconnection.

I am at a loss. Can anyone offer any help, or where I should look next?

3 Spice ups
2

I dont believe Spiceworks supports SSH2 only SSH protocol

If you disable forced 2, does it work?

3

Unfortunately no - same issue.

4

Do you have more than one SSH/rot password stored?

5

I do - I have 5 SSH passwords stored for different machines. The ‘root’ password for several other CentOS 7 VMs work; however, for the 12 or so new ones deployed over the last week, it doesn’t. The username and password are valid, and I can ssh manually to all of them.

Trying now with a different SSH account with root permissions.

6

Hi again,

FYI, this is the latest log snippet from the last attempt (note: at least two of the ssh logins attempted are valid, yet neither seem to connect…).

It also has a section where it receives SNMP data, but never adds it to the SW record:

[REMOVED - DM me if you need to see the log output]

7

I would edit your post and remove the log, you’ve opted to secure SSH2 but posted IPs and details publically, if it helps I have a copy of this to look at, but I wouldn’t leave it on here for everyone, unless you obfuscate it

1 Spice up
8

Thanks Rod, I took your advice and removed the raw output.

I guess I was over-anxious to get this solved. :slight_smile:

9

Why do you have so many SSH accounts, please show me a screenshot of how you have these setup.

vsphere also doesn’t use SSH, there is a specific ESXi option, but this only works for ESXi 6.0 or lower, anything about 6.5 cannot be scanned and having SSH open is a bad idea for ESXi unless you are regularly doing maintenance tasks

10

Hi Rod,

I have several hundred devices that I monitor - Windows, Linux, MacOS, phones, switches, several firewalls, 4 ESX hosts + vsphere, multiple web servers …

The ESX hosts are inventoried and registered - no problem. Most Linux machines have one login for spiceworks - the others are for one-off installations (development server with unique root login, our Netapp has its own login, and several Macs have an ‘admin’ account rather than ‘root’.

I took over an existing system and I have been cleaning it up/normalizing it as I go, but it is a work-in-progress.

Your point on SSH to ESX hosts is noted.

I have a screenshot as requested:

Capture.png
Capture.png800×778 97.6 KB
11

PM me the IP of the machine that is failing please, looking at the log it’s not so obvious

12

For what it’s worth, phones cannot be monitored, at best it can detect they have HTTP or SIP protocol, but it will note limited or no information.

Also let me know which root account should work, I can see the log trying multiples to 1 IP, which I guess is the problem one.

When you’ve manually done SSH from the SW server to the CentOS server are you doing so by name or IP?

13

Hi Rod,

It is the first SSH account listed, and the last one listed - both are valid for this machine. I have been SSH’ing using the name and just tried with the IP. Both are successful.

14

And you are correct about the phones; however, it at least captures the manufacturer, IP address and MAC. From there, I manually add the extension, assigned user, and asset tracking number so that it is in the system. It provides a quick lookup when configuring new extensions and phones on the PBX, and for helpdesk tickets related to phone issues.

15

Can you ping -a IP

Do you get the hostname you expect?

16

Yes - pings no problem and it returns the correct hostname (pinging from the SW server).

17

FYI: the SW server was rebooted last night after applying Win updates (problem existed prior to reboot), and the CentOS 7 VM was provisioned today for testing. I have several other pre-existing VMs as well.

I have another patch to apply tonight and will be restarting the server and SW service at that time - although if it didn’t work last night, I doubt it will be different today.

18

Ok, try something for me.

Disable ALL scan ranges, edit them and disable them.

restart SW

Add just the IP of this one device and scan it - same error?

The log is suggesting it moves on to the next account as it doesn’t like them.

19

Are you building them with a GUI or without?

I am going to spin up some VMs tonight and try them out tomorrow after work.

20

Hi Rod,

Thanks for the suggestion, but I get the same result with all ranges disabled and after restarting the sw service on the server.

I have been using the GUI alone so far. Is there a good resource somewhere for the CLI? I have looked at the YAML files but have hesitated to change anything so far.