ssh proxy connection problem

[AndriyChernov]

I have Ubuntu 22.04 with ruby 3.0.2p107 and oxidized 0.29.1

config:
source:
  default: csv
  csv:
    file: "/home/oxidized/.config/oxidized/router.db"
    delimiter: !ruby/regexp /:/
    map:
      name: 0
      model: 1
      ip: 2
      username: 4
      password: 5
      group: 7
    vars_map:
      ssh_proxy: 8
    vars:
      auth_methods: [ "publickey", "password" ]
      ssh_keys: "/home/oxidized/.ssh/id_rsa"

source:

sw.fiber:routeros:10.70.0.10:22:host-user:host-password:switch:Group1:proxy-user@proxy-ip

My device and ssh proxy is Mikrotik ROS 6.49.8. ssh forwarding is enabled.

When I try to connect via proxy I have next message in log:

/var/lib/gems/3.0.0/gems/oxidized-0.29.1/lib/oxidized/input/ssh.rb:27:in connect : Passing nil, or [nil] to Net::SSH.start is deprecated for keys: proxy

Without ssh-proxy I have a successful connection to all devices.

[robertcheramy]

(I've edited the issue so it is more readable)

[romainsi]

Hello,

Your mapping doesn't seem to be correct, I don't think it works if you leave a mapping empty.
You need to add the ssh_port mapping on index 3, add mapping for index 6 (switch), also in your source there seems to be one element too many 'Group1'.

Also, I'm not sure you can pass the desired proxy user as an argument (proxy-user@proxy-ip), I haven't tested it ... It seems to me that it uses the Oxidized user with Docker (and the user that launches the service in a direct installation).

Here's the example I used, which seems to work (unless the equipment behind the proxy is also a Mikrotik cf : #3114 ) :

• Generate SSH key with Oxidized user :
  sudo -u oxidized ssh-keygen -b 4096 -t rsa (you can add passphrase or not)
  If you use docker, mount new volume for .ssh (for persistence) :
  In docker-compose add :
  volumes:
- ./oxidized/.ssh:/home/oxidized/.ssh/
  and :
  docker exec -it <container_name/id> bash
su oxidized
ssh-keygen -b 4096 -t rsa

• Upload id_rsa.pub in Mikrotik router file (the ssh proxy) and create a new user 'oxidized', (/System/Users) the user's password doesn't matter.

• Import SSH Keys (/System/Users/SSH Keys) and link it to the new user 'oxidized' with the first field : name.
  ! SSH Forwarding must be enable !

• Create a classic ssh user on the device behind the proxy (here user is 'switch_user' and password 'switch_pass'

• Config file example :

config:
source:
  default: csv
  csv:
    file: "/home/oxidized/.config/oxidized/router.db"
    delimiter: !ruby/regexp /:/
    map:
      name: 0
      model: 1
      ip: 2
      ssh_port: 3
      username: 4
      password: 5
      group: 6
    vars_map:
      ssh_proxy: 7
      auth_method: 8
    vars:
      auth_methods: [ "publickey", "password" ]
      ssh_keys: "/home/oxidized/.ssh/id_rsa"

• router.db (source) :

#name:model:ip:ssh_port:username:password:group:ssh_proxy:auth_method
sw.fiber:routeros:10.70.0.10:22:<switch_user>:<switch_pass>:switch:<proxy_ip>:publickey

I hope I've made myself clear, and that this may help you and others.