On Debian OS.

what are the error messages when they fail ?
could it be that the requests are simply timing out ?

The following is a log of zabbix server when they can't read or became "not supported"

1393:20130310:044525.342 item [172.17.0.21:ssh.run[TSU,172.17.0.21,22]] became not supported: Cannot read data from SSH server
1394:20130310:044530.367 item [172.17.0.21:ssh.run[XLU,172.17.0.21,22]] became not supported: Cannot read data from SSH server
1394:20130310:045025.901 item [172.17.0.21:ssh.run[TSU,172.17.0.21,22]] became supported
1394:20130310:045025.902 item [172.17.0.21:ssh.run[XLS,172.17.0.21,22]] became not supported: Cannot read data from SSH server
1396:20130310:045030.943 item [172.17.0.21:ssh.run[TSS,172.17.0.21,22]] became not supported: Cannot establish SSH session: Unable to exchange encryption keys
1396:20130310:045030.943 item [172.17.0.21:ssh.run[ISU,172.17.0.21,22]] became not supported: Cannot read data from SSH server
1396:20130310:045030.943 item [172.17.0.21:ssh.run[TSQ,172.17.0.21,22]] became supported
1394:20130310:045035.951 item [172.17.0.21:ssh.run[TSQ,172.17.0.21,22]] became not supported: Cannot establish generic session channel
1393:20130310:050027.281 item [172.17.0.21:ssh.run[ISS,172.17.0.21,22]] became not supported: Cannot establish generic session channel
1393:20130310:050027.281 item [172.17.0.21:ssh.run[TSU,172.17.0.21,22]] became not supported: Cannot establish generic session channel
1395:20130310:050032.289 item [172.17.0.21:ssh.run[TSQ,172.17.0.21,22]] became supported
1393:20130310:050042.324 item [172.17.0.21:ssh.run[TSQ,172.17.0.21,22]] became not supported: Cannot request a shell
1393:20130310:051028.578 item [172.17.0.21:ssh.run[TSU,172.17.0.21,22]] became supported
1393:20130310:051028.579 item [172.17.0.21:ssh.run[XLS,172.17.0.21,22]] became supported
1393:20130310:051028.579 item [172.17.0.21:ssh.run[XLU,172.17.0.21,22]] became supported
1396:20130310:051033.585 item [172.17.0.21:ssh.run[TSQ,172.17.0.21,22]] became supported
1393:20130310:051329.070 item [172.17.0.21:ssh.run[TSQ,172.17.0.21,22]] became not supported: Cannot connect to SSH server: cannot connect to [[172.17.0.21]:22]: [4] Interrupted system call

Thanks for Your Response...

Looks like a performance issue.
Increasing a bit default Timeout for server can help. Usually establishing SSH session is not so fast, it can take up to 2 seconds. That's why we have ZBXNEXT-888.

You can check this under server DebugLevel=4.

it is also highly likely that the target device is overloaded. how many ssh items are configured against it ? what's the average interval ?

Oleksiy: performance issue of zabbix server of target device ? I've set the default timeout for server on the value of 30. Please give your advice, what would I have to put a value on timeout server?

Richlv: I use a 6 "SSH items" that runs every 15 minutes and 11 that run once every 5 seconds

Tinus, his is a bug tracker. You may ask support on forum, IRC etc.

5 seconds interval - I'd say it's not very good idea for SSH checks.

Feel free to reopen issue if you are sure there is a bug and then provide info how to reproduce it.
CLOSED

I use ssh check to login to a router then execute ping conmand.
I get the same problem.

zabbix version 3.0.4

[root@prltev043 /]# cat /etc/ssh/sshd_config

1. $OpenBSD: sshd_config,v 1.80 2008/07/02 02:24:18 djm Exp $

1. This is the sshd server system-wide configuration file. See
2. sshd_config(5) for more information.

1. This sshd was compiled with PATH=/usr/local/bin:/bin:/usr/bin

1. The strategy used for options in the default sshd_config shipped with
2. OpenSSH is to specify options with their default value where
3. possible, but leave them commented. Uncommented options change a
4. default value.

#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::

1. Disable legacy (protocol version 1) support in the server for new
2. installations. In future the default will change to require explicit
3. activation of protocol 1
   Protocol 2

1. HostKey for protocol version 1
   #HostKey /etc/ssh/ssh_host_key
2. HostKeys for protocol version 2
   #HostKey /etc/ssh/ssh_host_rsa_key
   #HostKey /etc/ssh/ssh_host_dsa_key

1. Lifetime and size of ephemeral version 1 server key
   #KeyRegenerationInterval 1h
   #ServerKeyBits 1024

1. Logging
2. obsoletes QuietMode and FascistLogging
   #SyslogFacility AUTH
   SyslogFacility AUTHPRIV
   #LogLevel INFO

1. Authentication:

#LoginGraceTime 2m
#PermitRootLogin yes
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10

#RSAAuthentication yes
#PubkeyAuthentication yes
#AuthorizedKeysFile .ssh/authorized_keys
#AuthorizedKeysCommand none
#AuthorizedKeysCommandRunAs nobody

1. For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
   #RhostsRSAAuthentication no
2. similar for protocol version 2
   #HostbasedAuthentication no
3. Change to yes if you don't trust ~/.ssh/known_hosts for
4. RhostsRSAAuthentication and HostbasedAuthentication
   #IgnoreUserKnownHosts no
5. Don't read the user's ~/.rhosts and ~/.shosts files
   #IgnoreRhosts yes

1. To disable tunneled clear text passwords, change to no here!
   #PasswordAuthentication yes
   #PermitEmptyPasswords no
   PasswordAuthentication yes

1. Change to no to disable s/key passwords
   #ChallengeResponseAuthentication yes
   ChallengeResponseAuthentication no

1. Kerberos options
   #KerberosAuthentication no
   #KerberosOrLocalPasswd yes
   #KerberosTicketCleanup yes
   #KerberosGetAFSToken no
   #KerberosUseKuserok yes

1. GSSAPI options
   #GSSAPIAuthentication no
   GSSAPIAuthentication yes
   #GSSAPICleanupCredentials yes
   GSSAPICleanupCredentials yes
   #GSSAPIStrictAcceptorCheck yes
   #GSSAPIKeyExchange no

1. Set this to 'yes' to enable PAM authentication, account processing,
2. and session processing. If this is enabled, PAM authentication will
3. be allowed through the ChallengeResponseAuthentication and
4. PasswordAuthentication. Depending on your PAM configuration,
5. PAM authentication via ChallengeResponseAuthentication may bypass
6. the setting of "PermitRootLogin without-password".
7. If you just want the PAM account and session checks to run without
8. PAM authentication, then enable this but set PasswordAuthentication
9. and ChallengeResponseAuthentication to 'no'.
   #UsePAM no
   UsePAM yes

1. Accept locale-related environment variables
   AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
   AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
   AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
   AcceptEnv XMODIFIERS

#AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
#X11Forwarding no
X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
#UsePrivilegeSeparation yes
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#ShowPatchLevel no
#UseDNS yes
#PidFile /var/run/sshd.pid
#MaxStartups 10:30:100
#PermitTunnel no
#ChrootDirectory none

1. no default banner path
   #Banner none

1. override default of no subsystems
   Subsystem sftp /usr/libexec/openssh/sftp-server

1. Example of overriding settings on a per-user basis
   #Match User anoncvs
2. X11Forwarding no
3. AllowTcpForwarding no
4. ForceCommand cvs server
   PermitRootLogin without-password
   UseDNS no
   PubkeyAuthentication yes
   AuthorizedKeysFile .ssh/authorized_keys
   You have new mail in /var/spool/mail/root