You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
i try to get CheckMK monitoring on HomeAssistant working to get services monitored. Following this post on the forums, everything looks good.
I get stucked on accessing HA via SSH by monitoring service.
I added PublicKey authentification and connecting via ssh by terminal (linux) is no problem. Everything works like expected.
Also connecting via the checkmk server via cli is no problem.
But when i connect via the periodic check-service, the host failed with authentication error.
By log i see connection is established, then gets blocked.
Connection from 192.168.172.5 port 53966 on 192.168.172.121 port 22 rdomain ""
Connection closed by 192.168.172.5 port 53966 [preauth]
srclimit_penalise: ipv4: new 192.168.172.5/32 deferred penalty of 1 seconds for penalty: connections without attempting authentication
Connection from 192.168.172.5 port 43494 on 192.168.172.121 port 22 rdomain ""
Connection closed by 192.168.172.5 port 43494 [preauth]
srclimit_penalise: ipv4: new 192.168.172.5/32 deferred penalty of 1 seconds for penalty: connections without attempting authentication
So i think with the parameter PerSourcePenaltyExemptList i could exclude the monitoring host from the PerSourcePenalty mechanism.
PerSourcePenaltyExemptList
Specifies a comma-separated list of addresses to exempt from penalties. This list may contain wildcards and CIDR address/masklen ranges. Note that the mask length provided must be consistent with the address - it is an error to specify a mask length that is too long for the address or one with bits set in this host portion of the address. For example, 192.0.2.0/33 and 192.0.2.0/8, respectively. The default is not to exempt any addresses.
Unfortunatly i am not able to setup individual sshd_conig params, especially PerSourcePenaltyExemptList: 192.168.172.5/32.
So now my question is, how to setup this individual config parameter?
Any changes in /etc/ssh/sshd_config gets lost, after restarting the HA ssh-addon.
Adding PerSourcePenalties: no or any other params in the Addon configuration takes no effect.
My config looks like this: (security data cleaned up)
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
Uh oh!
There was an error while loading. Please reload this page.
-
Hi all,
i try to get CheckMK monitoring on HomeAssistant working to get services monitored. Following this post on the forums, everything looks good.
I get stucked on accessing HA via SSH by monitoring service.
I added PublicKey authentification and connecting via ssh by terminal (linux) is no problem. Everything works like expected.
Also connecting via the checkmk server via cli is no problem.
But when i connect via the periodic check-service, the host failed with authentication error.
By log i see connection is established, then gets blocked.
(monitoring host =
192.168.172.5, HomeAssistant =192.168.172.121)My research brought me to sshd_config #PerSourcePenalties
So i think with the parameter PerSourcePenaltyExemptList i could exclude the monitoring host from the PerSourcePenalty mechanism.
Unfortunatly i am not able to setup individual sshd_conig params, especially
PerSourcePenaltyExemptList: 192.168.172.5/32.So now my question is, how to setup this individual config parameter?
Any changes in
/etc/ssh/sshd_configgets lost, after restarting the HA ssh-addon.Adding
PerSourcePenalties: noor any other params in the Addon configuration takes no effect.My config looks like this: (security data cleaned up)
May anyone explain me a possibility to setup individual sshd_conig params.
Thanks in advance! :-)
Best regards
Bluemeus
Beta Was this translation helpful? Give feedback.
All reactions