New Question
 
 
PRTG Network Monitor

Intuitive to Use.
Easy to manage.

200.000 administrators have chosen PRTG to monitor their network. Find out how you can reduce cost, increase QoS and ease planning, as well.

Free PRTG
Download >>

 

What is this?

This knowledgebase contains questions and answers about PRTG Network Monitor and network monitoring in general. You are invited to get involved by asking and answering questions!

Learn more

 

Top Tags


View all Tags


SSH and SFTP Sensors in Unknown Status

Votes:

0

Your Vote:

Up

Down

My SSH and SFTP sensors are in an "Unknown" status and are not able to connect. What is causing this issue?

fail2ban linux prtg sftp ssh ubuntu

Created on Apr 24, 2018 4:46:31 PM by  Greg Ross [Paessler Support]

Last change on Apr 27, 2018 9:38:43 AM by  Brandy Mauff [Paessler Support]



1 Reply

Accepted Answer

Votes:

0

Your Vote:

Up

Down

This article applies to PRTG Network Monitor 18 or later

SSH and SFTP Sensors in Unknown Status Due To Fail2ban

While trying to set up SSH sensors on an Ubuntu server, we encountered the following issues. The SSH sensors in question went from Up to Unknown to Warning and then Down status after four scanning intervals. After troubleshooting this extensively, by adding and removing sensors and changing the authentication options, we discovered that PRTG was on the fail2ban list.

Fail2ban

What is fail2ban? It is an intrusion prevention software framework for protecting systems from brute force attacks. When installed, this will protect the SSH service on your Linux OS but can be easily forgotten when troubleshooting SSH sensors inside of PRTG.

In this example we were using Ubuntu Server 16.04 LTS running SSH/SCP Server with fail2ban and mysecureshell installed and configured. We configured the device using the default credentials for SSH/WBEM systems. When attempting to use SSH-based sensors, the fail2ban configuration may detect PRTG sensors as unusual behavior and prevent the sensors from connecting.

Note: In the following examples, 172.16.1.20 is the local IP for the PRTG monitoring server. Please change this to the IP address of your server.

Here's an excerpt from /var/log/fail2ban.log after creating the device and sensor:

  2018-04-06 16:05:31,930 fail2ban.filter        [1271]: INFO    [sshd] Found 172.16.1.20
  2018-04-06 16:05:34,046 fail2ban.filter        [1271]: INFO    [sshd] Found 172.16.1.20
  2018-04-06 16:05:42,968 fail2ban.filter        [1271]: INFO    [sshd] Found 172.16.1.20
  2018-04-06 16:05:43,332 fail2ban.actions        [1271]: NOTICE  [sshd] Ban 172.16.1.20

Solution: Whitelist IP Addresses

Fail2ban allows for whitelisting IP addresses. Follow these steps to whitelist your IP address:

  • Using a text editor, open /etc/fail2ban/jail.conf and look for this section:
  # "ignoreip" can be an IP address, a CIDR mask or a DNS host. Fail2ban will not
  # ban a host which matches an address in this list. Several addresses can be
  # defined using space separator.
  ignoreip = 127.0.0.1/8
  • Add your server's IP address to the 'ignoreip' line, for example ignoreip = 127.0.0.1/8 172.16.1.20
  • Save and close the file.
  • Restart the fail2ban services using the following command - service fail2ban restart
  • Refresh the sensor. You should see the IP for your server being ignored by fail2ban.
  2018-04-06 17:00:50,624 fail2ban.filter        [24886]: INFO    [sshd] Ignore 172.16.1.20 by ip
  2018-04-06 17:01:32,169 fail2ban.filter        [24886]: INFO    [sshd] Ignore 172.16.1.20 by ip
  2018-04-06 17:01:32,170 fail2ban.filter        [24886]: INFO    [sshd] Ignore 172.16.1.20 by ip
  2018-04-06 17:01:32,175 fail2ban.filter        [24886]: INFO    [sshd] Ignore 172.16.1.20 by ip

Created on Apr 27, 2018 9:39:37 AM by  Brandy Mauff [Paessler Support]

Last change on May 11, 2018 12:59:20 PM by  Brandy Mauff [Paessler Support]



Please log in or register to enter your reply.


Disclaimer: The information in the Paessler Knowledge Base comes without warranty of any kind. Use at your own risk. Before applying any instructions please exercise proper system administrator housekeeping. You must make sure that a proper backup of all your data is available.