SSH and Denyhosts updated for v6.1


Recommended Posts

I'm trying to change the port from 22 to 2222 and was wondering why I cannot? It always defaults back to 22. I've deleted the plugin and reinstalled.

/etc/ssh/sshd_config

appears to be empty...

 

EDIT: Never mind, delete /boot/config/ssh/* and rebooted

Edited by joelones
Link to comment
  • 1 month later...
  • 2 months later...

I started a new thread for this, but was asked to post here: 

 

 

Can someone explain to me what "Available options for SSH Users" is in the settings -> SSH tab?

Its just a list of users and I cant work out what, if anything, I'm supposed to use it for?!

I've checked the Wiki user manual, there is no section for settings -> SSH

 

 

Link to comment

By default, it's just the root user that can log in via ssh, with the ssh plugin you can allow other users to login via ssh as well. You can also block root access if you wish. For security, it would be best to block root access and just give normal users access. That's what the user list is for, so you can configure ssh access on a user level.

Link to comment
  • 1 month later...

Hi

Fails to install on unRaid 6.5.3 for me.

 

plugin: installing: https://raw.githubusercontent.com/docgyver/unraid-v6-plugins/master/ssh.plg
plugin: downloading https://raw.githubusercontent.com/docgyver/unraid-v6-plugins/master/ssh.plg
plugin: downloading: https://raw.githubusercontent.com/docgyver/unraid-v6-plugins/master/ssh.plg ... done
plugin: run failed: /bin/bash retval: 1

 

Link to comment
  • 1 month later...
On 8/1/2018 at 11:12 PM, deadnote said:

Hi

Fails to install on unRaid 6.5.3 for me.

 


plugin: installing: https://raw.githubusercontent.com/docgyver/unraid-v6-plugins/master/ssh.plg
plugin: downloading https://raw.githubusercontent.com/docgyver/unraid-v6-plugins/master/ssh.plg
plugin: downloading: https://raw.githubusercontent.com/docgyver/unraid-v6-plugins/master/ssh.plg ... done
plugin: run failed: /bin/bash retval: 1

 

installed fine for me however i cannot login with my user accounts and root gets disabled by default and on a fresh boot

Link to comment

Whenever I try to SSH into my Unraid with the Root account, I get a permission denied error. I have permit root login on yes, but i just can't login. A different User works fine with it though. I tried removing the Password and allow empty password, I set up a password. Nothing changes, i just can't get it work

Link to comment
  • 10 months later...
  • 2 weeks later...

Sorry you are having issues with the DenyHosts plugin. It is true that a failed login to root can cause even a local ban. I've thought about adding a "whitelist" for all private IP addresses to the default config but "the tyranny of the default" would put this in place for folks who might not want it.

I will look at the Readme.md and see if I can make potential impacts more clear and maybe as an option have an optional whitelist file that people can put in place.

Thanks for the feedback.

Link to comment
  • 1 month later...
On 7/13/2019 at 6:35 PM, Barafu said:

There is a big problem with this plugin's logic. User installs it, enables ssh, tries to login as root and gets banned. The only solution for those who do not want to delve into particulars of SSH is to delete /boot/config/ssh and reboot. 

I agree, this plugin has a tendency to mess up your sshd_config entirely in no time. I would not recommend using it. Just one reboot and you'll know why; It locked me out many times, not because of the banning, but because it ruined ssh config. Had to go manually fix it with KVM access to the unRAID server. And then, looking at sshd_config showed all kinds of double entries.

It's better to populate the go script with copy commands and just create and maintain your own ssh config.

Link to comment
  • 1 month later...

I can’t install this plugin, I am getting the same error as 

 

plugin: installing: https://raw.githubusercontent.com/docgyver/unraid-v6-plugins/master/ssh.plg
plugin: downloading https://raw.githubusercontent.com/docgyver/unraid-v6-plugins/master/ssh.plg
plugin: downloading: https://raw.githubusercontent.com/docgyver/unraid-v6-plugins/master/ssh.plg ... done
plugin: run failed: /bin/bash retval: 1

I am on the latest release of 6.7.2

Link to comment
On 11/2/2019 at 9:49 PM, Ustrombase said:

I can’t install this plugin, I am getting the same error as 

 


plugin: installing: https://raw.githubusercontent.com/docgyver/unraid-v6-plugins/master/ssh.plg
plugin: downloading https://raw.githubusercontent.com/docgyver/unraid-v6-plugins/master/ssh.plg
plugin: downloading: https://raw.githubusercontent.com/docgyver/unraid-v6-plugins/master/ssh.plg ... done
plugin: run failed: /bin/bash retval: 1

I am on the latest release of 6.7.2

Anyone experiencing this issue?

Link to comment

I'm running 6.6.7 headless and this plugin has effectively hoarked my ability to ssh into my box.  I've deleted the plugin and will try to get access back by tethering a monitor and keyboard to the thing but if there is any "quick start" to getting this fixed I'd appreciate a pointer to it.

 

Thanks

Link to comment
2 hours ago, kcgodwins said:

I'm running 6.6.7 headless and this plugin has effectively hoarked my ability to ssh into my box.  I've deleted the plugin and will try to get access back by tethering a monitor and keyboard to the thing but if there is any "quick start" to getting this fixed I'd appreciate a pointer to it.

 

Thanks

Delete the SSH folder on the flash drive (/config/ssh) and reboot.  Merely uninstalling and a reboot isn't good enough.

Link to comment
35 minutes ago, Squid said:

Delete the SSH folder on the flash drive (/config/ssh) and reboot.  Merely uninstalling and a reboot isn't good enough.

I was going through those motions as I got your reply; thank you for the info.  It was nice having verification I'm on the right path.

 

Now I'm back in.  Now it's time to shut her down and perform some hardware upgrades (going from 16GB to 32GB memory and adding 2 SSDs for cache (I currently have no cache).

 

Thanks again.

Mike

Link to comment
12 hours ago, kcgodwins said:

I was going through those motions as I got your reply; thank you for the info.  It was nice having verification I'm on the right path.

 

Now I'm back in.  Now it's time to shut her down and perform some hardware upgrades (going from 16GB to 32GB memory and adding 2 SSDs for cache (I currently have no cache).

 

Thanks again.

Mike

Deleting the /boot/config/ssh folder is an extreme but easy to accomplish fix. I get that you fixed your issue already so this followup is for the next guy and includes a request:

  • I would be surprised if you have copies of /boot/config/ssh/sshd_config both before and after plugin install state but if you do I could use those to figure out how things were messed up and fix/improve the plugin.

As a guess I expect it is related to the PermitRootLogin setting located in /boot/config/ssh/sshd_config. The plugin defaults to setting this option to "no". Merely installing the plugin makes that change and afterwards you have to login as another user. That file "belongs" to unRaid not the plugin so removing the plugin does not reverse that change.

Removing the whole /boot/config/ssh folder deletes that config file along with server certs and such. unRaid automatically creates it again if it is missing at boot time.

 

As I write this, I am leaning toward changing this behavior which would avoid this particular risk. Unfortunately the "easy" thing is to change the default to "yes" with the risk that I'm reversing the setting for someone. The "proper" (and more time consuming) thing would be to check the current setting and retain that while highlighting in the interface that the "no" setting is recommended.

 

I'm not sure if a plugin uninstall can be interactive or not. If it can then I will look into making the "delete /boot/config/ssh" an interactive choice.

 

Let's assume that I am right about how ssh broke. If so then a couple of approaches to a fix which avoid the need for a physical console.

  1. Abandon the Plugin Options
    1. Telnet:  PermitRootLogin is an ssh setting thus telnet will not be affected.
      1. Enable Telnet: Settings -> System Settings -> Management Access -> Use Telnet: Yes
        This assumes you turned it off. You _did_ turn it off right? :)
      2. Telnet to the server logging in as root
      3. Edit /boot/config/ssh/sshd_config and change PRL setting to "yes"
        Remember this assume PRL is the issue.
      4. (Alt) Remove the /boot/config/ssh folder
      5. Use Web UI to reboot
        A reboot forces the new setting to be picked up or (Alt) the ssh folder to be recreated.
      6. Recommended: after reboot disable telnet
    2. Create User: only root is blocked, not other users so this allows you to ssh in as a different user
      1. Settings -> User Preferences -> Users -> Add User
      2. Ssh in as the new user
      3. Use sudo or "su -" to fix the config file or remove the ssh folder as described above
      4. Use Web UI to reboot
      5. Cleanup: remove the created user if it is no longer desired
  2. Keep the plugin Options
    1. [re]Install the plugin
    2. Change the PermitRootLogin setting to yes
    3. Click Done

I can't emphasize enough that the edit sshd_config option only fixes the problem if indeed the PermitRootLogin setting is the issue. If this doesn't fix your issue then please get me a copy of your broken sshd_config or, even better, both that and the before I will look into what the plugin is doing.

Link to comment

Finished updating the rc.ssh:write_config() function to read the live copy of sshd_config before updating the plugin config in /boot/config/plugins/ssh.cfg.

I was hoping I could leverage the values in unRaid's persisted (/boot/config/ssh/sshd_config) configuration but it would make the UI code more convoluted than necessary.

With two copies of the settings the only "failure mode" I can think of is someone updating the ssh.cfg manually then rebooting with the intent those settings would be used. I think in that case the reboot will tell the plugin to exit which will then read from live and persist to ssh.cfg overwriting those changes.

 

The benefit of the change is that now the plugin installation will respect previously tweaked settings in the /boot/config/ssh/sshd_config (unRaid's) config file. Those of you who change Port", "PermitRootLogin", "GatewayPorts", etc. will not have to manually fix those if you change them before installing the plugin.

 

 

Link to comment
  • 3 weeks later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.