oxidized icon indicating copy to clipboard operation
oxidized copied to clipboard
verified publisher icon ytti

How to use SSH-proxy. It does not work for me

Open xosepe opened this issue 9 months ago • 1 comments

Hi! I have Oxidized v0.27 working quite well on CentOS 7 (OpenSSH_7.4p1, 26 Jan 2017)

I can see the use of SSH proxy in this doc: https://github.com/ytti/oxidized/blob/master/docs/Configuration.md#ssh-proxy-command

Howver, I don't know how to fill the router.db file to make it work. If I enable "debug" in config file, this is the error I'm seeing:

Mar 15 17:50:32 oxidserver oxidized[80455]: D, [2025-03-15T17:50:32.967251 #80455] DEBUG -- : lib/oxidized/job.rb: Starting fetching process for CiscoSW01 at 2025-03-15 16:50:32 UTC
Mar 15 17:50:32 oxidserver oxidized[80455]: D, [2025-03-15T17:50:32.967357 #80455] DEBUG -- : lib/oxidized/input/ssh.rb: Connecting to CiscoSW01
Mar 15 17:50:32 oxidserver oxidized[80455]: D, [2025-03-15T17:50:32.967471 #80455] DEBUG -- : AUTH METHODS::["none", "publickey", "password"]
Mar 15 17:50:32 oxidserver oxidized[80455]: W, [2025-03-15T17:50:32.971984 #80455]  WARN -- : 10.1.1.1 raised Net::SSH::Proxy::ConnectError (rescued RuntimeError) with msg "No such file or directory - ssh: ssh -o StrictHostKeyChecking=no 10.6.1.1 -W 10.1.1.1:22"
Mar 15 17:50:32 oxidserver oxidized[80455]: D, [2025-03-15T17:50:32.972028 #80455] DEBUG -- : lib/oxidized/node.rb: Oxidized::SSH failed for CiscoSW01

==============

This my config file:

    map:
      name: 0
      model: 1
      ip: 2
      group: 3
      username: 4
      password: 5
    vars_map:
      ssh_port: 6
      enable: 7
      ssh_proxy: 8

This is my router.db entry:

CiscoSW01:ios:10.1.1.1:user:password:22:password:10.6.1.1

I don't know if I should include the user@ in the "ssh_proxy" field like this:

CiscoSW01:ios:10.1.1.1:user:password:22:password:[email protected]

Does anyone have SSH-proxy working fine?

Thank you!

PS: of course, the proxy is working fine (auth keys) from CLI with the option -J:

$ ssh -J 10.6.1.1 [email protected]@10.1.1.1
Password:
CCCCC
Unauthorized access not allowed
CiscoSW01#

I'm going to try now with option -W. This command connects to the SSH-proxy correctly: $ ssh 10.6.1.1

But then, this happens with option -W:

$ ssh 10.6.1.1 -W [email protected]@10.1.1.1:22
channel 0: open failed: connect failed: Name or service not known
stdio forwarding failed

xosepe avatar Mar 15 '25 23:03 xosepe

This issue is stale because it has been open 90 days with no activity.

github-actions[bot] avatar Jun 14 '25 02:06 github-actions[bot]

You have configured group: 3 but your router.db has username` in position 3.

robertcheramy avatar Dec 03 '25 13:12 robertcheramy