docgyver Posted March 8, 2016 Share Posted March 8, 2016 (edited) Hopefully this is the right place for posting new/updated plugins. For a long time I have been used the ssh plugin for installing (and now just persisting settings for) ssh. By shear luck (not sure good or bad) I jumped from v5 straight to v6.1. Due to the security improvements in v6.1 the current copy of the only ssh plugin I was aware of did not work. I saw both in the support thread and github repo that people were asking about updates and so I decided to fix the plugin for myself and post a patch. Since then I learned that the maintainer seems to have either taken a break or been otherwise busy. I'm studiously avoiding naming the person since I don't know if there are political mines that I'm stepping around but will say I am very grateful for his initial work on creating the plugin. Without that effort I am sure I would not have forked the copy and started maintaining it. You can find my version of both the SSH and DenyHosts plugins here. Note the other plugins by the previous author are also there but HAVE NOT BEEN UPDATED IN ANY WAY. Indeed the support files will still be pulled from the original fork's release/download folders even if you grab the .plg file from my repo. I'm not new to unRaid but I am new to developing for it so I welcome constructive feedback and will respond as quickly as my time will allow to any issues people have with the plugins I'm maintaining. Since I think these posts can be edited I will update this list here when and if I update the other items that I forked. Currently maintaining: ssh DenyHosts -edit: Plugins which can now be found as docker containers: Beets, Dropbox, LogitechMediaServer, NZBGet, Pyload DocGyver.. Edited November 7, 2021 by docgyver Refer people to docker containers for deprecated plugins 2 Quote Link to comment
phenomeus Posted March 8, 2016 Share Posted March 8, 2016 big thnx. its working again as expected. keep it up. both plugins tested on 6.1.9 Quote Link to comment
strike Posted March 8, 2016 Share Posted March 8, 2016 Yes, finally! Thanks! Been waiting for this. Installed both plugins and testing them now on 6.1.9. One thing tho, puttygen isn't installed with the ssh plugin like it says in the readme at least it wasn't when I tried. So I ended up using puttygen on my windows install to convert the private key to putty format. I guess i could have installed it in unraid cause the putty-0.64-x86_64-1rj.txz is in included but I didn't know how to so windows was the fastest way to solve it. Edit: Also, Denyhosts doesn't show all the "text options" on the dark theme so I don't what the settings are for, have to switch to white theme to see them. Quote Link to comment
trurl Posted March 8, 2016 Share Posted March 8, 2016 Looks like you have used a version of python that is older and will probably conflict with the python PhAzE is using in his very popular plugins. Quote Link to comment
jonp Posted March 8, 2016 Share Posted March 8, 2016 I'm going to move this to the 6.1 Verified forum, but please send me a PM if anyone discovers an incompatibility that I haven't yet. Quote Link to comment
trurl Posted March 8, 2016 Share Posted March 8, 2016 I'm going to move this to the 6.1 Verified forum, but please send me a PM if anyone discovers an incompatibility that I haven't yet. So did you already test it with the PhAzE plugin mentioned in the link I gave above? I can well remember the bad old days of v5 when syslogs were full of plugins installing one version of something, then another plugin comes in and deletes all that so it can install a different version. Quote Link to comment
jonp Posted March 8, 2016 Share Posted March 8, 2016 I'm going to move this to the 6.1 Verified forum, but please send me a PM if anyone discovers an incompatibility that I haven't yet. So did you already test it with the PhAzE plugin mentioned in the link I gave above? I can well remember the bad old days of v5 when syslogs were full of plugins installing one version of something, then another plugin comes in and deletes all that so it can install a different version. Nope. Don't care about plugin to plugin compat. Just that it works on 6.1. Quote Link to comment
docgyver Posted March 9, 2016 Author Share Posted March 9, 2016 updated to use the 2.7.10 version of Python found in PhAzE repo Quote Link to comment
cscswimmer227 Posted April 5, 2016 Share Posted April 5, 2016 Thank you for upgrading this to v6.1! I'm receiving an error when the deaemon is trying to purge hosts.deny. Do I need to change permissions in my /etc directory to allow DenyHosts to write to the file? The denyhosts.out log is: 2016-04-05 07:57:45,772 - denyhosts : INFO new denied hosts: ['113.183.70.101', '113.190.244.206', '193.201.227.175', '185.110.132.54', '14.182.86.235'] 2016-04-05 07:58:15,802 - denyfileutil: INFO purging entries older than: Tue Mar 22 07:58:15 2016 2016-04-05 07:58:15,803 - denyfileutil: WARNING [Errno 13] Permission denied: '/etc/hosts.deny.purge.bak' 2016-04-05 07:58:15,803 - root : ERROR [Errno 13] Permission denied: '/etc/hosts.deny.purge.tmp' Traceback (most recent call last): File "/usr/lib64/python2.7/site-packages/DenyHosts/deny_hosts.py", line 241, in sleepAndPurge purge_time) File "/usr/lib64/python2.7/site-packages/DenyHosts/denyfileutil.py", line 145, in __init__ purged_hosts = self.create_temp(self.get_data()) File "/usr/lib64/python2.7/site-packages/DenyHosts/denyfileutil.py", line 218, in create_temp raise e IOError: [Errno 13] Permission denied: '/etc/hosts.deny.purge.tmp' Quote Link to comment
docgyver Posted April 5, 2016 Author Share Posted April 5, 2016 I just noticed that myself yesterday. Been going on in my logs for quite some time too. Looks like it only happens on start but you will likely see a permissions issue on sync-hosts more regularly. It looks like I was getting it each time denyhosts detected a new suspicious event. I noticed that denyhosts was running as "sudo -h nobody" and nobody would not have access to /etc files. Yesterday I removed the sudo which broke things then changed it to just sudo without the "-h nobody" it has been running fine. As best I can tell the original author's intent behind using sudo is/was two-fold. I am almost certain he was trying to orphan the daemon. Without the sudo the web page never returns after you click "start". The second possible reason is to lower the privilege of the daemon. If that was the intent it must have been that /etc/hosts.deny (et. al.) had different permissions and/or ownership in the past. For my use I'm ok with the daemon running as root so I've updated the plg file. If you "check for updates" on your plugins you should see the new version now. Quote Link to comment
gundamguy Posted April 6, 2016 Share Posted April 6, 2016 Is this a plugin I need? I don't have the port for SSH forwarded outside my LAN, so like would DenyHosts really do anything for me? I'm asking because I really don't know if it's a good additional measure or a waste given my set up? Quote Link to comment
docgyver Posted April 7, 2016 Author Share Posted April 7, 2016 If you don't open up SSH to the outside via a Port Forward, "DMZ Host Forward", or some other means then your risk is fairly low that you would have attackers. Denyhosts monitoring then becomes, as you imply, one more thing to clean up, monitor, ignore, ... This may come off a bit "tin-foil hat" but one thing to keep in mind is that our IOT (internet of things) devices are notoriously bad about security. At some point they will likely become beach-head or bot-net "infected" devices. If you want to control your light bulbs from your phone you should consider adding them and all other IOT devices to their own network. </tin-foil> Adding the SSH plugin may be something you want to consider if for no other reason it helps with setting up public-key style auth. It sucks to have to type a complicated password for my unraid when I'm on my tablet. :-) hth, doc.. Quote Link to comment
gundamguy Posted April 8, 2016 Share Posted April 8, 2016 If you don't open up SSH to the outside via a Port Forward, "DMZ Host Forward", or some other means then your risk is fairly low that you would have attackers. Denyhosts monitoring then becomes, as you imply, one more thing to clean up, monitor, ignore, ... This may come off a bit "tin-foil hat" but one thing to keep in mind is that our IOT (internet of things) devices are notoriously bad about security. At some point they will likely become beach-head or bot-net "infected" devices. If you want to control your light bulbs from your phone you should consider adding them and all other IOT devices to their own network. </tin-foil> Adding the SSH plugin may be something you want to consider if for no other reason it helps with setting up public-key style auth. It sucks to have to type a complicated password for my unraid when I'm on my tablet. :-) hth, doc.. these are good points, which is why I asked. I'm typically the kind of guy who many would call overly cautious... so this might be a good plugin anyway. Also good point about the SSH plugin. Quote Link to comment
Rukongai Posted April 29, 2016 Share Posted April 29, 2016 I can't get the SSH daemon to start. I've reinstalled it for good measure, same thing. Just says that SSH is not running. When I try and connect via SSH, it tells me connection refused. This is all that pops up in the log when I click start: Apr 29 12:26:49 Tower emhttp: cmd: /usr/local/emhttp/plugins/ssh/scripts/rc.ssh buttonstart I'm on 6.1.9 currently. Is there any log or information I can provide to help figure this out? Or some critical setup step I missed? I've perused the github documentation, and couldn't find anything. Thank you! Quote Link to comment
overbyrn Posted May 7, 2016 Share Posted May 7, 2016 I'm studiously avoiding naming the person since I don't know if there are political mines that I'm stepping around but will say I am very grateful for his initial work on creating the plugin. Without that effort I am sure I would not have forked the copy and started maintaining it. It's okay, you can name the original person. He won't mind I'm glad someone took up the mantle to make the plugins work for later unRAID versions. Good job! Quote Link to comment
wewantrice Posted July 17, 2016 Share Posted July 17, 2016 I can't get the SSH daemon to start. I've reinstalled it for good measure, same thing. Just says that SSH is not running. When I try and connect via SSH, it tells me connection refused. This is all that pops up in the log when I click start: Apr 29 12:26:49 Tower emhttp: cmd: /usr/local/emhttp/plugins/ssh/scripts/rc.ssh buttonstart I'm on 6.1.9 currently. Is there any log or information I can provide to help figure this out? Or some critical setup step I missed? I've perused the github documentation, and couldn't find anything. Thank you! I'm in the same boat on 6.1.9 as well. Unistalled, re-installed and SSH damon won't start. Oddly it was working before. Any solutions? Thanks! Quote Link to comment
Anton Posted September 11, 2016 Share Posted September 11, 2016 Same here. This plugin only adds some settings, ssh can not be started, no error messages, nothing. Seems like it is not maintained any more (since months)? P.S.: Asking questions that only native english speakers tha watch a lot of movies can know is the MOST SILLY verification method I ever seen since the beginning of the internet! Quote Link to comment
drondin Posted September 21, 2016 Share Posted September 21, 2016 Hi everyone! I think I found the error Check your files in /etc/ssh ls -la /etc/ssh You may get something like this: -rw------- 1 root root 246880 Aug 5 09:34 moduli -rw------- 1 root root 1642 Aug 5 09:34 ssh_config -rw------- 1 root root 0 Sep 19 04:18 ssh_host_dsa_key -rw------- 1 root root 0 Sep 19 04:18 ssh_host_dsa_key.pub -rw------- 1 root root 0 Sep 19 04:18 ssh_host_ecdsa_key -rw------- 1 root root 0 Sep 19 04:18 ssh_host_ecdsa_key.pub -rw------- 1 root root 0 Sep 19 04:18 ssh_host_ed25519_key -rw------- 1 root root 0 Sep 19 04:18 ssh_host_ed25519_key.pub -rw------- 1 root root 0 Sep 19 04:18 ssh_host_rsa_key -rw------- 1 root root 0 Sep 19 04:18 ssh_host_rsa_key.pub -rw------- 1 root root 3522 Sep 21 01:41 sshd_config As you can see, the keys have size 0. I deleted all the keys with: rm ssh_host_* Then generated my own with: ssh-keygen -t rsa -b 4096 ssh-keygen -t dsa ssh-keygen -t ecdsa ssh-keygen -t ed25519 Specifying the destination of the file as /etc/ssh/ssh_host_rsa_key /etc/ssh/ssh_host_dsa_key /etc/ssh/ssh_host_ecdsa_key /etc/ssh/ssh_host_ed25519_key Just after this, everything works as expected. I don't know which component has generated this keys so I don't know where to fix it... I am running unRAID v6.2 Regards 1 Quote Link to comment
Anton Posted September 21, 2016 Share Posted September 21, 2016 Instead of generating: Cleaning /boot/config/ssh and /config/ssh and rebooting helps. Uninstalled the plugin as ssh is available without it (if the keys are not 0). Quote Link to comment
drondin Posted September 21, 2016 Share Posted September 21, 2016 Upon reboot the keys disappeared again... will try your method Quote Link to comment
Anton Posted September 21, 2016 Share Posted September 21, 2016 That is perfectly normal. Please look at this post: http://lime-technology.com/forum/index.php?topic=51761.0 The answer from ken-ji describes what happens during boot time and solved exact the same problem for me! So don't panic, it will work Quote Link to comment
hooger Posted October 3, 2016 Share Posted October 3, 2016 Having some trouble trying to get this ssh plugin to install plugin: installing: https://raw.githubusercontent.com/docgyver/unraid-v6-plugins/master/ssh.plg plugin: downloading https://raw.githubusercontent.com/docgyver/unraid-v6-plugins/master/ssh.plg plugin: downloading: https://raw.githubusercontent.com/docgyver/unraid-v6-plugins/master/ssh.plg ... done plugin: run failed: /bin/bash retval: 1 I'm on the latest version of unraid 6.2, I've tried installing it via the Community Apps plugin, and manually. Any ideas? Quote Link to comment
WexfordStyle Posted December 3, 2016 Share Posted December 3, 2016 Does anyone have this working? I am wondering if it is even supported anymore. Since I installed this plugin, I have lost ssh access for all of my users. Quote Link to comment
tr0910 Posted December 15, 2016 Share Posted December 15, 2016 Is anyone successfully running this plugin on 6.2 or 6.3?? Quote Link to comment
strike Posted December 15, 2016 Share Posted December 15, 2016 I have it running on 6.2.4. I installed it on 6.1, have been working since. Be sure to read the readme file, I think the info is on the github page too. What sort of problems do you have? Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.