SSH and Denyhosts updated for v6.1


Recommended Posts

6 minutes ago, bonienl said:

Try the following.

1. Uninstall the SSH plugin, if not already done

2. Delete (or rename) the folder /config/ssh on your USB device

3. Reboot your server. This will create automatically a new set of ssh keys

1. Done, then reinstalled. Now uninstalled again.

2. Done

3. Will do as soon as the preclear finishes. 

 

Thanks, will report back. I'm at 78% of the post-read on a 4TB drive reading at 200MB/s, so it should be fairly soon.

Link to comment
On 1/5/2020 at 4:14 PM, Derek_ said:

I installed this plugin and have had a small play. After a reboot, i get the error on the device monitor (not web interface):


chmod: cannot access '/user/local/emhttp/plugins/denyhosts/icons': No such file or directory.

I SSH'd in and saw that the directory does not exist.

 

Upon entering the webGUI, DenyHosts was not started. I started it via the GUI and it says it's started but ??

 

Through this exercise, it doesn't appear to alert unRAID that it hasn't successfully started - can that please added? Or is that a consequence of this error?

 

Upon subsequent reboots, i still get the error on the server's screen, but the service does seem to load properly. Perhaps the error and the service are not directly related, but still would be a good (low priority) thing to not have the error.

Link to comment
  • 2 weeks later...

Plugin (i'm guessing) seems to duplicate a couple of lines in the sshd_config file in /boot/config/ssh

 

Quote

# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication no
PermitEmptyPasswords no
# limetech - permit empty passwords
PermitEmptyPasswords no

and here..

Quote

PermitRootLogin no
# limetech - permit root login
PermitRootLogin no

 

 

Edited by Derek_
Link to comment
  • 1 month later...
On 11/8/2019 at 1:56 PM, Squid said:

After your original post, I tried it and it installed for me no problems.  I would delete everything on the flash drive (/config/plugins) related to the plugin (the folder, the .plg etc) and try again.

Hi I tried this already but i keep getting the same error. Do you think i can just download the plg file manually? Would this work?

Link to comment
On 8/2/2018 at 12:12 AM, deadnote said:

Hi

Fails to install on unRaid 6.5.3 for me.

 


plugin: installing: https://raw.githubusercontent.com/docgyver/unraid-v6-plugins/master/ssh.plg
plugin: downloading https://raw.githubusercontent.com/docgyver/unraid-v6-plugins/master/ssh.plg
plugin: downloading: https://raw.githubusercontent.com/docgyver/unraid-v6-plugins/master/ssh.plg ... done
plugin: run failed: /bin/bash retval: 1

 

I get this same error, how did you fix yours?

Link to comment
19 minutes ago, Ustrombase said:

I get this same error, how did you fix yours?

Sorry, i don't have any pearls of wisdom. Although have you tried the "Cleanup AppData" plugin? It might help.

 

Any particular reason you're still on unRAID 6.5.3? We're up to 6.8.2.

Link to comment
5 minutes ago, Derek_ said:

Sorry, i don't have any pearls of wisdom. Although have you tried the "Cleanup AppData" plugin? It might help.

 

Any particular reason you're still on unRAID 6.5.3? We're up to 6.8.2.

No i'm actually on the latest one now. I am still figuring out how to use that plugin.

Link to comment
1 minute ago, Ustrombase said:

No i'm actually on the latest one now. I am still figuring out how to use that plugin.

I think it's just a matter of going to Settings > Cleanup AppData and it will look for orphaned plugins and you'll get an option to delete.

Link to comment
1 minute ago, Derek_ said:

I think it's just a matter of going to Settings > Cleanup AppData and it will look for orphaned plugins and you'll get an option to delete.

ok just did it but it didn't find any folders. IT found some old docker folders that I deleted now via the plugin :(

Link to comment

Just doing some searching on your problem and it seems it might be related to a corruption which could be caused by different things. From what i could see (example threads linked):

 

1. Make sure you're using USB2

 

2. It's possible your USB drive has a problem. Run Checkdisk on it.

 

3. RAM full?

 

4. Something in the package (unlikely, as it hasn't been updated for a while).

https://github.com/dorgan/Unraid-networkstats/issues/12

 

Edited by Derek_
Link to comment
13 hours ago, Ustrombase said:

Yea I’m on 6.8.3 I believe is the latest one. Just updated last night and tried installing again. 

I gather it didn't work? Same problem? Did you have a read of the posts i linked?

 

If you can install other plugins though, then i don't know what the problem could be.

 

That's all i have i'm afraid. Good luck.

Link to comment
On 3/7/2020 at 9:38 PM, Derek_ said:

I gather it didn't work? Same problem? Did you have a read of the posts i linked?

 

If you can install other plugins though, then i don't know what the problem could be.

 

That's all i have i'm afraid. Good luck.

Thanks. I’ll have to resort to seeing if others have had the same issue and if they have fixed it. 
 

i don’t know what this must mean. 

 

plugin: run failed: /bin/bash retval: 1

Link to comment
  • 1 month later...
2 hours ago, dprus said:

I'm also having the same issue.

I was able to figure out the issue by downloading the plugin locally and using the commandline "installplg" to try and install it. This allowed me to easily edit the script and add logging (it badly needs logging). I found out it was failing to download putty. Some observations:

  • It tries to download Putty 0.64. That's a very old version of Putty. So instead of trying to make this work I went ahead and installed the latest Putty 0.73 package instead:
# Slackbuilds doesn't send the full Letsencrypt certificate chain and wget doesn't know how to handle this. So we'll help it...
wget https://letsencrypt.org/certs/letsencryptauthorityx3.pem.txt -O /tmp/letsencryptauthorityx3.pem
wget --ca-certificate=/tmp/letsencryptauthorityx3.pem https://slack.conraid.net/repository/slackware64-current/putty/putty-0.73-x86_64-1cf.txz
rm /tmp/letsencryptauthorityx3.pem
  • When it decides whether or not Putty is installed it does a check for that very specific old version of Putty. So even after I'd installed the newer version of Putty the script still failed. I ended up having to comment out the section that downloads and installs Putty to get the script to install. I would recommend the script instead check for Putty >= 0.64.
  • Also, above, instead of using '--no-check-certificate' with wget I'd recommend the approach of using wget to download the intermediate from letsencrypt's website and then passing the intermediate to wget. This will allow wget to succeed when downloading from websites that don't provide wget with a full chain without having to tell wget to completely ignore all certificate validation.

For those of you who don't want to have to workaround things and want to get the script back to "just working" you may want to try downloading and installing Putty 0.64 manually before trying to install this plugin:

After that, and assuming the script was failing in your case for the same reason it was failing for me, the plugin should install successfully again.

 

Good luck!

 

PS. If I get some spare time I will submit a PR to update the plugin to add logging, increment the Putty version and remove instances of --no-check-certificate being passed to wget.

Edited by dprus
  • Thanks 1
Link to comment

I have a two part question hopefully this is the correct place for it, essentially what im trying to do is use user scripts to send a command via SSH to my pfsense baremetal to shutdown when the array comes up "ssh [email protected] /etc/rc.halt" which i cant seem to get to work. after some research in order to do this i would need to generate a pair of ssh keys and paste the public one into  the admin user of the pfsense this was easy enough, the problem im having is when trying to ssh out of unraid and into pfsense it does not work because unraid does not respond with my private key im not sure what directories the keys should be in for what im trying to do or what they should be named. I have almost no knowledge of how secure shell works but from what i can see on the forums there are tons of instructions for ssh into unraid but not so much for going out, im hoping someone can tell me what i need to do here

 

Link to comment
5 hours ago, Sinister said:

I have a two part question hopefully this is the correct place for it, essentially what im trying to do is use user scripts to send a command via SSH to my pfsense baremetal to shutdown when the array comes up "ssh [email protected] /etc/rc.halt" which i cant seem to get to work. after some research in order to do this i would need to generate a pair of ssh keys and paste the public one into  the admin user of the pfsense this was easy enough, the problem im having is when trying to ssh out of unraid and into pfsense it does not work because unraid does not respond with my private key im not sure what directories the keys should be in for what im trying to do or what they should be named. I have almost no knowledge of how secure shell works but from what i can see on the forums there are tons of instructions for ssh into unraid but not so much for going out, im hoping someone can tell me what i need to do here

 

Currently the plugin only copies the authorized_keys file from /boot/config/plugins/<user>/.ssh folders to ~<user>/.ssh folders. I have considered adding pub/priv key pairs which have been placed in the /boot folders but would want to give serious thought to any security implications. It is likely no more of an attack surface but still not something I want to do lightly.

In the short term what I would do is store your private key file either on the flash drive or, since you want to do this on array start, a place you think safe on the array. For example's sake lets say /tmp/id_rsa.

Then you can tell your script to use that id with "-i /tmp/id_rsa". Your command would then become: ssh -i /tmp/id_rsa [email protected] /etc/rc.halt

Of course /tmp is wiped on boot so a better choice would be somewhere on /mnt/user :)

Link to comment
On 4/25/2020 at 2:56 PM, letri said:

I was able to figure out the issue by downloading the plugin locally and using the commandline "installplg" to try and install it. This allowed me to easily edit the script and add logging (it badly needs logging). I found out it was failing to download putty. Some observations:

  • It tries to download Putty 0.64. That's a very old version of Putty. So instead of trying to make this work I went ahead and installed the latest Putty 0.73 package instead:

# Slackbuilds doesn't send the full Letsencrypt certificate chain and wget doesn't know how to handle this. So we'll help it...
wget https://letsencrypt.org/certs/letsencryptauthorityx3.pem.txt -O /tmp/letsencryptauthorityx3.pem
wget --ca-certificate=/tmp/letsencryptauthorityx3.pem https://slack.conraid.net/repository/slackware64-current/putty/putty-0.73-x86_64-1cf.txz
rm /tmp/letsencryptauthorityx3.pem
  • When it decides whether or not Putty is installed it does a check for that very specific old version of Putty. So even after I'd installed the newer version of Putty the script still failed. I ended up having to comment out the section that downloads and installs Putty to get the script to install. I would recommend the script instead check for Putty >= 0.64.
  • Also, above, instead of using '--no-check-certificate' with wget I'd recommend the approach of using wget to download the intermediate from letsencrypt's website and then passing the intermediate to wget. This will allow wget to succeed when downloading from websites that don't provide wget with a full chain without having to tell wget to completely ignore all certificate validation.

For those of you who don't want to have to workaround things and want to get the script back to "just working" you may want to try downloading and installing Putty 0.64 manually before trying to install this plugin:

After that, and assuming the script was failing in your case for the same reason it was failing for me, the plugin should install successfully again.

 

Good luck!

 

PS. If I get some spare time I will submit a PR to update the plugin to add logging, increment the Putty version and remove instances of --no-check-certificate being passed to wget.

Thanks so much for the effort. Heads down on some certification course right now but will add the >= putty version check soon and will look into what is needed for the cert stuff and maybe even switch to grabbing putty from the official site and not keep it as part of the plugin itself.

Link to comment
Currently the plugin only copies the authorized_keys file from /boot/config/plugins//.ssh folders to ~/.ssh folders. I have considered adding pub/priv key pairs which have been placed in the /boot folders but would want to give serious thought to any security implications. It is likely no more of an attack surface but still not something I want to do lightly.
In the short term what I would do is store your private key file either on the flash drive or, since you want to do this on array start, a place you think safe on the array. For example's sake lets say /tmp/id_rsa.
Then you can tell your script to use that id with "-i /tmp/id_rsa". Your command would then become: ssh -i /tmp/id_rsa [email protected] /etc/rc.halt
Of course /tmp is wiped on boot so a better choice would be somewhere on /mnt/user
Thank you so much for your help with this issue ive been at it for an entire month trying to digure out why this wasnt working and you explained it simply

Sent from my SM-G975U1 using Tapatalk

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.