docgyver Posted June 19, 2017 Author Share Posted June 19, 2017 I am still running 6.2.4 because my last jump broke my Owncloud (now NextCloud) docker image. I haven't read the readme on what changes from 6.2 to 6.3 but I'd be surprised if it breaks the plugin. Do you have the files in the right folder on /boot? SSH files on my machine are like the following (with noise files removed). Note the dot (.) in .../user/.ssh/... $find /boot/config/plugins/ssh ! -type d /boot/config/plugins/ssh/ssh.cfg /boot/config/plugins/ssh/root/.ssh/authorized_keys /boot/config/plugins/ssh/otheruser/.ssh/authorized_keys Quote Link to comment
weirdcrap Posted August 16, 2017 Share Posted August 16, 2017 On 7/8/2017 at 9:24 AM, zin105 said: Just wanted to report that everything works in 6.4 rc6. (Key based login only, passwords disabled, root login disabled). Only "problem" is that the plugin doesn't have an icon. This and I am now seeing the below error in the syslog: Aug 16 16:10:44 Node sshd[12542]: rexec line 110: Deprecated option UsePrivilegeSeparation Quote Link to comment
lovingHDTV Posted August 25, 2017 Share Posted August 25, 2017 I have a single user defined that I want to provide ssh access too. However, I have to have "allow root" set to yes for it to work even for the non-root user. How can I disallow root ssh access, but still allow my chosen user? My ssh.cfg Quote # ssh configuration SERVICE="enable" PORT="22" USERLIST="wimp" PERMITROOTLOGIN="no" MAXAUTHTRIES="6" PASSWORDAUTHENTICATION="no" PERMITEMPTYPASSWORDS="no" GATEWAYPORTS="no" If I set PERMITROOTLOGIN="yes" then I can log in as user wimp. thanks david Quote Link to comment
docgyver Posted August 26, 2017 Author Share Posted August 26, 2017 Odd. I don't normally use another user but do have a couple defined. I will try to reproduce what you are seeing and fix it. Quote Link to comment
isvein Posted September 1, 2017 Share Posted September 1, 2017 Hello How is this plugin suposed to work? No matter what I do, unless I turn SSH off, every user on the server can log in. Or is it not meant to work from the LAN side? Quote Link to comment
docgyver Posted September 4, 2017 Author Share Posted September 4, 2017 Depends on on which plugin you are asking about. The DenyHosts plugin is intended to detect unwanted connections and block the source IP. The SSH plugin is intended to enable persisting various settings. Which of the two are you running? Quote Link to comment
ksignorini Posted September 5, 2017 Share Posted September 5, 2017 (edited) I'm totally confused as well. All I want to do is setup a couple of my users for SFTP access (SSH access). How do I do this? Is there a user manual somewhere? No matter what settings I make, I can only log in as root (provided I've left the "Permit Root Login" setting as "yes"). When I pick my user "joe" in the list and allow password access, when I try to ssh with "joe," as soon as I enter my password, connection to unRAID is closed. The user can't log in. root does not have this problem and can log in just fine. Edited September 5, 2017 by ksignorini Quote Link to comment
strike Posted September 5, 2017 Share Posted September 5, 2017 Been a long time since I've configured this (6.1 days), but if you guys read the info on github and the readme located in the plugin folder I'm sure you'll be able to figure it out. I'm using key based login only and it works like a charm. Github: https://github.com/docgyver/unraid-v6-plugins Readme located on your flashdrive in /boot/config/plugins/ssh Quote Link to comment
ksignorini Posted September 5, 2017 Share Posted September 5, 2017 (edited) 2 minutes ago, strike said: Been a long time since I've configured this (6.1 days), but if you guys read the info on github and the readme located in the plugin folder I'm sure you'll be able to figure it out. I'm using key based login only and it works like a charm. Github: https://github.com/docgyver/unraid-v6-plugins Readme located on your flashdrive in /boot/config/plugins/ssh I got it working. With passwords. But you know what was getting me? I hadn't rebooted my unRAID server. I didn't see anywhere in the readme or github where it was clear that you had to restart unRAID to get this to work. I figured restarting the SSH daemon should be enough. I guess it wasn't. NOTE: You must restart unRAID to get changes made in the plugin settings to stick. At least, I had to. Edited September 5, 2017 by ksignorini Quote Link to comment
isvein Posted September 5, 2017 Share Posted September 5, 2017 On 04/09/2017 at 2:31 AM, docgyver said: Depends on on which plugin you are asking about. The DenyHosts plugin is intended to detect unwanted connections and block the source IP. The SSH plugin is intended to enable persisting various settings. Which of the two are you running? I have both installed, but I was wondering about the SSH plugin. I get a list of the users that is on the server, I can click on them, but what is that for because nothing seems to happen when I do. Quote Link to comment
ksignorini Posted September 5, 2017 Share Posted September 5, 2017 (edited) 5 hours ago, isvein said: I have both installed, but I was wondering about the SSH plugin. I get a list of the users that is on the server, I can click on them, but what is that for because nothing seems to happen when I do. I found the instructions over on docgyver's github page here: https://github.com/docgyver/unraid-v6-plugins/blob/master/README.md. Basically do this: 1. Stop the SSH server (turn "Enable SSH Service" to No and hit Apply.) 2. To allow SSH access for a list of users, multi-select their names in the list and make sure "Password Authentication" is set to Yes. (ctrl-click or cmd-click to select multiple users). This turns password authentication on for all the users you've picked (instead of having to generate keys). 3. Hit Apply again. This should save the settings and restart the ssh daemon but you still won't be able to ssh from those users yet; at least, I couldn't. 4. In order for the settings change to work, you have to reboot unRAID! Yes, reboot! You should now be able to ssh in with the users you picked in the list. At least, now I can on my server. Edited September 5, 2017 by ksignorini Clarity and more information. Quote Link to comment
mattekure Posted November 16, 2017 Share Posted November 16, 2017 (edited) I recently upgraded unraid to the latest release candidate 6.4.0_rc11i. I noticed that every time I open the plugins page, I get the following error in the log. Nov 16 14:17:10 Tower nginx: 2017/11/16 14:17:10 [crit] 20451#20451: *135500 stat() "/usr/local/emhttp/plugins/ssh/ssh.png" failed (13: Permission denied), client: 192.168.1.11, server: 7919ac795bff0d483d3f219c6b4dfeff9abcbeae.unraid.net, request: "GET /plugins/ssh/ssh.png HTTP/2.0", host: "7919ac795bff0d483d3f219c6b4dfeff9abcbeae.unraid.net", referrer: "https://7919ac795bff0d483d3f219c6b4dfeff9abcbeae.unraid.net/Plugins" It doesnt seem to affect the plugin working in any way, but the icon for the plugin doesnt show on the plugin page. Edit: I noticed that the /usr/local/emhttp/plugins/ssh folder has different permissions that all of the other plugin folders there. The ssh folder permissions looks like: drwxrwx--- 4 root root 200 Nov 15 12:27 ssh while all of the others look like: drwxr-xr-x 7 root root 260 Nov 15 12:27 preclear.disk manually changing it stops the error from showing up. Are there security implications to changing the folder permissions? Edited November 16, 2017 by mattekure Quote Link to comment
docgyver Posted November 17, 2017 Author Share Posted November 17, 2017 No significant implications. Group has no need for write access. Giving "other" read and execute is a bit more pemissive but it isn't like what that folder holds can't be known. It's on github I'll see what I need to change to get the permissions right on create. IIRC there was a mask involved. Been too lazy to pick an Icon. Wish there was a standard one. I'll take a look to see if there is one now. Quote Link to comment
mattekure Posted November 17, 2017 Share Posted November 17, 2017 (edited) I also noticed that whenever I log in I get the following error on the log: Tower sshd: rexec line 110: Deprecated option UsePrivilegeSeparation In the settings I have Permit Root Login set to No. the log in is still successful though, so its not affecting anything yet. Edited November 17, 2017 by mattekure Quote Link to comment
JustinAiken Posted December 31, 2017 Share Posted December 31, 2017 On 11/16/2017 at 4:41 PM, mattekure said: I noticed that the /usr/local/emhttp/plugins/ssh folder has different permissions that all of the other plugin folders there. .... manually changing it stops the error from showing up. For anyone wondering how: Do chmod 755 /usr/local/emhttp/plugins/ssh to fix it for your current session. Or add to `/boot/config/go` to make it fixed each time you start: # Fix ssh plugin icon: chmod 755 /usr/local/emhttp/plugins/ssh 1 Quote Link to comment
endiz Posted January 13, 2018 Share Posted January 13, 2018 On 12/31/2017 at 1:36 PM, JustinAiken said: For anyone wondering how: Do chmod 755 /usr/local/emhttp/plugins/ssh to fix it for your current session. Or add to `/boot/config/go` to make it fixed each time you start: # Fix ssh plugin icon: chmod 755 /usr/local/emhttp/plugins/ssh Thanks, this fixed everything after upgrading to 6.4! Quote Link to comment
Darksurf Posted January 16, 2018 Share Posted January 16, 2018 If we can get these merged, it'll fix the wrong perms issue. https://github.com/docgyver/unraid-v6-plugins/pull/1 https://github.com/docgyver/unraid-v6-plugins/pull/2 1 Quote Link to comment
docgyver Posted January 17, 2018 Author Share Posted January 17, 2018 Thanks so much. I opened up the file to change on Monday and hadn't even looked at the browser tab since. I also update the version so that someone checking for update will have a new version number. Maybe someday I'll get some icons in there too. I did find a couple that made sense and were CC license. Quote Link to comment
Darksurf Posted January 18, 2018 Share Posted January 18, 2018 (edited) On 1/17/2018 at 8:36 AM, docgyver said: Thanks so much. I opened up the file to change on Monday and hadn't even looked at the browser tab since. I also update the version so that someone checking for update will have a new version number. Maybe someday I'll get some icons in there too. I did find a couple that made sense and were CC license. Interesting, its still setting the directory as 770?, just performed uninstall and reinstall I even went back and removed cache to make sure it wasn't using an old script. I've updated the plg again with a few lines to automagically change the folder perms after install so no additional script-fu is needed. I noticed other plugins were using this method so I'm trying the same. https://github.com/docgyver/unraid-v6-plugins/pull/3 https://github.com/docgyver/unraid-v6-plugins/pull/4 Edited January 18, 2018 by Darksurf Quote Link to comment
death.hilarious Posted January 22, 2018 Share Posted January 22, 2018 Fails to install after the latest update (2018.01.18) on unRaid 6.4.0 for me. plugin: installing: https://raw.githubusercontent.com/docgyver/unraid-v6-plugins/master/ssh.plg plugin: downloading https://raw.githubusercontent.com/docgyver/unraid-v6-plugins/master/ssh.plg plugin: downloading: https://raw.githubusercontent.com/docgyver/unraid-v6-plugins/master/ssh.plg ... done +============================================================================== | Skipping package putty-0.64-x86_64-1rj (already installed) +============================================================================== plugin: run failed: /bin/bash retval: 1 Quote Link to comment
docgyver Posted January 23, 2018 Author Share Posted January 23, 2018 Yeah me too. Been working on a broken Nextcloud docker from 443 being part of the management interface. Let me see what is wrong with the new code. Quote Link to comment
shaunsund Posted January 23, 2018 Share Posted January 23, 2018 As near as I can tell from the .plg file for 2018.01.18, the install section removes the /usr/local/emhttp/plugins/ssh directory but doesn't recreate it because the error seems to occur in the post-install section where it tries to change the permissions but there aren't any files to change: ls -la /usr/local/emhttp/plugins/ssh /bin/ls: cannot access '/usr/local/emhttp/plugins/ssh': No such file or directory Quote Link to comment
docgyver Posted January 23, 2018 Author Share Posted January 23, 2018 Quite correct Shaun. I didn't check the location of the "Post Install" script in the plg file in relation when I accepted the patch. I moved it to the bottom right above the script which does the "bottonstart" execution kicking off the plugin and things are fine now. If anyone has issues applying the update it may be caused by a rogue /var/log/plugins/ssh.plg file remaining after the failure of 2018.01.18 to load. "Easiest" (i.e. Web UI) fix is a reboot but is not not required if you are comfortable on the command line. Manual fix can be accomplished by running the command "rm /var/log/plugins/ssh.plg" by your preferred method (e.g. ssh and command line, User Scripts plugin...) Follow that in the UI with a check for updates on the plugins page and then update. 2 1 Quote Link to comment
Darksurf Posted January 27, 2018 Share Posted January 27, 2018 Sorry guys, didn't mean to cause you trouble, I evidently caught the flu right not long after that tweak. I had intentions to go back and fix that, but flu hit me pretty hard, I'm at the end of it now. Seems like you guys got it under control! Thanks for the fix and sorry for the trouble. Quote Link to comment
docgyver Posted January 28, 2018 Author Share Posted January 28, 2018 5 hours ago, Darksurf said: Sorry guys, didn't mean to cause you trouble, I evidently caught the flu right not long after that tweak. I had intentions to go back and fix that, but flu hit me pretty hard, I'm at the end of it now. Seems like you guys got it under control! Thanks for the fix and sorry for the trouble. NO worries. I should have looked closer when I did the commit. Thanks for your effort as well. Helps to work together. Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.