-
Incident report
-
Resolution: Fixed
-
Blocker
-
None
First of all - I'm almost sure it's a new libssh2's bug (which will be reported to libssh2 devs).
But it observed because of not very good behavior of the zabbix frontend and zabbix server.
Zabbix frontend allows to create an "SSH agent" item with empty values of: User name, Public key file, Private key file.
But these values cannot be empty anyhow. Frontend should disallow to save such items!
*NOTE*: "Key passphrase" should be allowed to be empty!
Btw, SSH command operation in actions do not allow to save operation if one of three mentioned fields is empty, and that's great !
That was frontend related part.
Next is server's part.
To perform SSH checks, a path to a folder, where public and private keys are storing, must be defined in server configuration parameter "SSHKeyLocation"
I know that to connect to a remote server by ssh client (not the libssh2 library) I need just a private key.
So in the frontend I'm trying to leave the field "Public key file" empty.
(Note: public key actually is stored in the private one and can be extracted,
Even in the libssh2 a function "_libssh2_pub_priv_keyfile" -> "Computing public key from private key file" if it is not passed to a "libssh2_userauth_publickey_fromfile_ex" function.
And when server starting process this ssh item - a poller hangs ! and consumes 100% of cpu/core.
A strace command shows constant tries to read a directory with crazy speed:
- strace -p 18694
read(10, 0x7fdc565fa000, 4096) = -1 EISDIR (Is a directory)
read(10, 0x7fdc565fa000, 4096) = -1 EISDIR (Is a directory)
read(10, 0x7fdc565fa000, 4096) = -1 EISDIR (Is a directory)
read(10, 0x7fdc565fa000, 4096) = -1 EISDIR (Is a directory)
...
I'm attaching two outputs of "ltrace -tt -n2 -s 80 -T -S -p <PID>"
ltrace_12507_empty_pub_key_ssh2-141ssl.out - with the empty *public* key in zabbix configuration
where we can see that problem occurs in the libssh2 namely.
When the key file field is empty - zabbix_server pass only path to folder (/home/zabbix/.ssh/) to the libssh2's "libssh2_userauth_publickey_fromfile_ex" function and it hangs as I explained above !
Moreover, I have reproduced this bug without zabbix_server (libssh2 has many code examples which can be used).
Actually it's bad zabbix_server behavior as well, but if frontend will be fixed as described above - it will be suitable solution, IMO
ltrace_12741_empty_priv_key_ssh2-141ssl.out - with the empty *private* key in zabbix configuration
we can see than libssh2's function "file_read_privatekey" doesn't affect by this problem when the private key file it's only a path to a folder.
I used latest release 1.4.1 of libssh2 (from April 4, 2012) compiled from sources.
I suppose the problem in a libssh2's function "file_read_publickey"
lines:
/* Read Public Key */
fd = fopen(pubkeyfile, "r");
if (!fd)
while (!feof(fd) && (c = fgetc(fd)) != '\r' && c != '\n')
pubkey_len++;
That's all for now, later I'll add some comments bellow.