Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

SSH and Denyhosts updated for v6.1

Featured Replies

I have it running on 6.2.4. I installed it on 6.1, have been working since. Be sure to read the readme file, I think the info is on the github page too.

What sort of problems do you have?

 

Both denyhosts and ssh??

 

I hadn't installed it yet thinking from the comments above it was no longer working.  Will try it now...  Thanks...

  • Replies 220
  • Views 75.3k
  • Created
  • Last Reply

Top Posters In This Topic

Most Popular Posts

  • Quite correct Shaun. I didn't check the location of the "Post Install" script in the plg file in relation when I accepted the patch.   I moved it to the bottom right above the script which d

  • Hi everyone!   I think I found the error   Check your files in /etc/ssh   ls -la /etc/ssh   You may get something like this:   -rw-------  1 root root 246880 Aug  5 09:34 moduli -

  • JustinAiken
    JustinAiken

    For anyone wondering how:   Do chmod 755 /usr/local/emhttp/plugins/ssh to fix it for your current session.   Or add to `/boot/config/go` to make it fixed each time you start:

Posted Images

Yeah, I have both running. Haven't tested if denyhost is actually doing what it's supposed to do since 6.1, but it's running. SSH I use almost daily so I know that's working

Yeah, I have both running. Haven't tested if denyhost is actually doing what it's supposed to do since 6.1, but it's running. SSH I use almost daily so I know that's working

 

Have you got it running on a 6.3 server too?

Nah, haven't tested 6.3 yet

Hopefully this is the right place for posting new/updated plugins.

 

I have ssh_config confirmed working with 6.2.4 and have locked my server down significantly.  Secondly, I wanted to bolt it down tighter with denyhosts, but cannot get it to start running.  Attempts to start it result in this:

 

Dec 16 12:51:13 Server1 sudo: root : TTY=unknown ; PWD=/usr/local/emhttp ; USER=root ; COMMAND=/usr/bin/env python /usr/bin/denyhosts.py --daemon --config=/boot/config/plugins/denyhosts/denyhosts.cfg
Dec 16 12:51:33 Server1 sudo: root : TTY=unknown ; PWD=/usr/local/emhttp ; USER=root ; COMMAND=/usr/bin/env python /usr/bin/denyhosts.py --daemon --config=/boot/config/plugins/denyhosts/denyhosts.cfg
Dec 16 12:51:42 Server1 emhttp: cmd: /usr/local/emhttp/plugins/denyhosts/scripts/rc.denyhosts buttonstart
Dec 16 12:51:42 Server1 sudo: root : TTY=unknown ; PWD=/ ; USER=root ; COMMAND=/usr/bin/env python /usr/bin/denyhosts.py --daemon --config=/boot/config/plugins/denyhosts/denyhosts.cfg
Dec 16 12:53:10 Server1 sudo: root : TTY=unknown ; PWD=/usr/local/emhttp ; USER=root ; COMMAND=/usr/bin/env python /usr/bin/denyhosts.py --daemon --config=/boot/config/plugins/denyhosts/denyhosts.cfg

 

This is still what I get in the logs after restricting logins to keyfiles only.  The nasties won't quite trying to break in.

 

Dec 16 10:53:30 Server1 sshd[20738]: Received disconnect from 218.65.30.123 port 8927:11: [preauth]
Dec 16 10:53:30 Server1 sshd[20738]: Disconnected from 218.65.30.123 port 8927 [preauth]
Dec 16 11:11:20 Server1 sshd[27831]: Received disconnect from 221.194.44.231 port 44343:11: [preauth]
Dec 16 11:11:20 Server1 sshd[27831]: Disconnected from 221.194.44.231 port 44343 [preauth]
Dec 16 11:16:02 Server1 sshd[29642]: Received disconnect from 221.194.47.229 port 46792:11: [preauth]
Dec 16 11:16:02 Server1 sshd[29642]: Disconnected from 221.194.47.229 port 46792 [preauth]
Dec 16 11:20:34 Server1 sshd[31476]: Received disconnect from 121.18.238.114 port 41878:11: [preauth]
Dec 16 11:20:34 Server1 sshd[31476]: Disconnected from 121.18.238.114 port 41878 [preauth]
Dec 16 11:23:32 Server1 sshd[32601]: Received disconnect from 121.18.238.114 port 55780:11: [preauth]
Dec 16 11:23:32 Server1 sshd[32601]: Disconnected from 121.18.238.114 port 55780 [preauth]
Dec 16 11:24:13 Server1 sshd[458]: Received disconnect from 221.194.47.208 port 41636:11: [preauth]
Dec 16 11:24:13 Server1 sshd[458]: Disconnected from 221.194.47.208 port 41636 [preauth]
Dec 16 11:26:38 Server1 sshd[1556]: Unable to negotiate with 123.31.32.5 port 62192: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1 [preauth]
Dec 16 11:35:25 Server1 sshd[5040]: Received disconnect from 121.123.153.46 port 52816:11: Bye Bye [preauth]
Dec 16 11:35:25 Server1 sshd[5040]: Disconnected from 121.123.153.46 port 52816 [preauth]
Dec 16 11:45:10 Server1 sshd[8839]: Received disconnect from 221.194.47.224 port 46493:11: [preauth]
Dec 16 11:45:10 Server1 sshd[8839]: Disconnected from 221.194.47.224 port 46493 [preauth]
Dec 16 11:45:27 Server1 sshd[9018]: Received disconnect from 121.18.238.98 port 34741:11: [preauth]
Dec 16 11:45:27 Server1 sshd[9018]: Disconnected from 121.18.238.98 port 34741 [preauth]
Dec 16 11:45:28 Server1 sshd[9061]: Received disconnect from 121.18.238.104 port 35216:11: [preauth]
Dec 16 11:45:28 Server1 sshd[9061]: Disconnected from 121.18.238.104 port 35216 [preauth]
Dec 16 11:51:29 Server1 sshd[10941]: Received disconnect from 221.194.44.224 port 36581:11: [preauth]
Dec 16 11:51:29 Server1 sshd[10941]: Disconnected from 221.194.44.224 port 36581 [preauth]
Dec 16 11:53:00 Server1 sshd[11382]: Received disconnect from 221.194.47.224 port 46110:11: [preauth]
Dec 16 11:53:00 Server1 sshd[11382]: Disconnected from 221.194.47.224 port 46110 [preauth]
Dec 16 11:54:35 Server1 sshd[11907]: Received disconnect from 221.194.47.229 port 44266:11: [preauth]
Dec 16 11:54:35 Server1 sshd[11907]: Disconnected from 221.194.47.229 port 44266 [preauth]
Dec 16 12:07:49 Server1 sshd[16083]: Received disconnect from 221.194.44.195 port 44063:11: [preauth]
Dec 16 12:07:49 Server1 sshd[16083]: Disconnected from 221.194.44.195 port 44063 [preauth]
Dec 16 12:09:45 Server1 sshd[16694]: Received disconnect from 121.18.238.114 port 36323:11: [preauth]
Dec 16 12:09:45 Server1 sshd[16694]: Disconnected from 121.18.238.114 port 36323 [preauth]
Dec 16 12:10:05 Server1 sshd[16847]: Received disconnect from 221.194.47.249 port 49320:11: [preauth]
Dec 16 12:10:05 Server1 sshd[16847]: Disconnected from 221.194.47.249 port 49320 [preauth]
Dec 16 12:10:14 Server1 sshd[16894]: Received disconnect from 221.194.44.219 port 49424:11: [preauth]
Dec 16 12:10:14 Server1 sshd[16894]: Disconnected from 221.194.44.219 port 49424 [preauth]
Dec 16 12:19:13 Server1 sshd[19711]: Received disconnect from 121.18.238.98 port 42423:11: [preauth]
Dec 16 12:19:13 Server1 sshd[19711]: Disconnected from 121.18.238.98 port 42423 [preauth]
Dec 16 12:41:06 Server1 sshd[26559]: Received disconnect from 221.194.44.219 port 34636:11: [preauth]
Dec 16 12:41:06 Server1 sshd[26559]: Disconnected from 221.194.44.219 port 34636 [preauth]
Dec 16 13:06:06 Server1 sshd[3875]: Invalid user admin from 185.110.132.202 port 43627
Dec 16 13:06:06 Server1 sshd[3875]: input_userauth_request: invalid user admin [preauth]
Dec 16 13:06:07 Server1 sshd[3875]: Received disconnect from 185.110.132.202 port 43627:11: Bye Bye [preauth]
Dec 16 13:06:07 Server1 sshd[3875]: Disconnected from 185.110.132.202 port 43627 [preauth]
Dec 16 13:12:24 Server1 sshd[6388]: Received disconnect from 121.18.238.98 port 51933:11: [preauth]
Dec 16 13:12:24 Server1 sshd[6388]: Disconnected from 121.18.238.98 port 51933 [preauth]
Dec 16 13:38:27 Server1 sshd[16782]: Received disconnect from 221.194.44.219 port 37815:11: [preauth]
Dec 16 13:38:27 Server1 sshd[16782]: Disconnected from 221.194.44.219 port 37815 [preauth]
Dec 16 13:39:43 Server1 sshd[17256]: Received disconnect from 221.194.47.224 port 47834:11: [preauth]
Dec 16 13:39:43 Server1 sshd[17256]: Disconnected from 221.194.47.224 port 47834 [preauth]
Dec 16 13:40:39 Server1 sshd[17633]: Received disconnect from 221.194.47.229 port 42289:11: [preauth]
Dec 16 13:40:39 Server1 sshd[17633]: Disconnected from 221.194.47.229 port 42289 [preauth]
Dec 16 13:41:34 Server1 sshd[18010]: Invalid user support from 185.110.132.202 port 54147
Dec 16 13:41:34 Server1 sshd[18010]: input_userauth_request: invalid user support [preauth]
Dec 16 13:41:35 Server1 sshd[18010]: Received disconnect from 185.110.132.202 port 54147:11: Bye Bye [preauth]
Dec 16 13:41:35 Server1 sshd[18010]: Disconnected from 185.110.132.202 port 54147 [preauth]
Dec 16 14:06:54 Server1 sshd[27998]: Unable to negotiate with 123.31.32.5 port 62083: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1 [preauth]
Dec 16 14:16:42 Server1 sshd[31874]: Received disconnect from 185.110.132.202 port 41156:11: Bye Bye [preauth]
Dec 16 14:16:42 Server1 sshd[31874]: Disconnected from 185.110.132.202 port 41156 [preauth]

 

  • Author

Somehow I've been missing notifications on the thread.  I must have deleted one and never got back here.  I just updated to 6.2.4 on Friday and blew up docker containers since I didn't RTFM before jumping from 6.1 to 6.2.

I hope to have things cleared up sometime today (Monday) and will look at both ssh and Denyhosts.

 

I can tell you that ssh plugin seems to be working for me without any further changes.  At least my authorized keys file is making it into place.  I'll kick the tires on other features late today or tomorrow.

 

Sorry for my absence.

 

doc..

Make sure you check package version compatibility. You might take a look and see what versions of packages the NerdTools plugin installs.

  • 1 month later...

is there any way to copy over public keys using this plugin?

 

EDIT: Never mind, figured it out. You have to generate the key and copy the public openssh key to /boot/config/plugins/ssh/<username>/.ssh/authorized_keys file.

 

As per readme: Upon restarting SSH, the plug-in will look for (and find) authorized_keys and copy this file to the users home directory.  eg.  /home/someuser/.ssh/authorized_keys

Just installed this plugin and I have a couple of questions-

 

1) I see a note in "Settings" that logs are persistent. Where are they? Don't see them in the "Logs" folder.

 

2) Wanted to read through the documentation but couldn't find any in CA or via the "Help" button in "Settings"?

Just installed this plugin and I have a couple of questions-

 

1) I see a note in "Settings" that logs are persistent. Where are they? Don't see them in the "Logs" folder.

 

2) Wanted to read through the documentation but couldn't find any in CA or via the "Help" button in "Settings"?

Is there any documentation at all for this plugin?

This might seem a little trivial, but is there a way to change the icon for Denyhosts and have it stay changed? The current icon has a white background and shows up when you change the dynamix ui to black. I found a replacement Icon but it keeps changing back to the original one.

This might seem a little trivial, but is there a way to change the icon for Denyhosts and have it stay changed? The current icon has a white background and shows up when you change the dynamix ui to black. I found a replacement Icon but it keeps changing back to the original one.

Easiest way is to overwrite the existing file (probably stored in /usr/local/emhtttp/plugins/sshWhateverTheFolderIs/images) with your replacement.  You'd have to store the replacement on the flash drive somewhere and either create a script to run at array start with the user scripts plugin, or add the appropriate command to the go file on the flash drive.

 

 

  • 1 month later...

Not sure if this thread is dead but I think it is my best shot at resolving an issue.

 

I stupidly had port 22 open on my router and I saw Chinese IP's trying to brute force their way into my server. I immediately shut that down and came across the SSH plugin by docgyver.

 

I am currently on unraid 6.3.2 trying to get SSH to work so I can use SFTP when outside my network. I setup my client on my phone through ES File Explorer. When connecting using my private key on my local network (Wifi) I have no issue connecting. When I use 4G I see the error on the phone as "This may be caused by Session.connect: java.net.SocketException: Connection reset"

 

Currently my settings for the SSH plugin are as follows.

 

Enable SSH Service: Yes



SSH Port : 7005

Available options for SSH Users: myusername

Permit Root login: No

Max Auth Retries: 6

Password Authentication: No

Permit Empty Password: No

Gateway Ports: No

 

All options have been toggled all producing the same result, connection allowed on local network, outside network, connection refused.

 

sshd[15414]: Server listening on 0.0.0.0 port 7005.
sshd[15539]: refused connect from *cellphone IP (cellphone ip)

 

When on WiFi i get the following

 

sshd[11261]: Accepted publickey for myusername from 192.168.1.1 port 39520 ssh2: RSA SHA256*rsa key here*

 

My router has port 7005 for the static ip of my unraid server, I had the port forwarded the exact same way when it was 22, which worked outside of my local network. Any help would be greatly appreciated.

Just a shot in the dark, have you checked to be sure your ISP isn't blocking the port? I know mine blocks many ports,

I have run Deluge off of this port previously with remote access so I do not believe it is blocked by my ISP. I also made sure nothing else is using this port now.

Just a quick guess, as I'm not using the plugin myself, but this is indicative of SSH rejecting connections from unwanted / unknown IPs...

though after checking the SSH server docs, I can't find any config option that allows the server to deny/accept connections by IP so I'm also stumped.

Do you have the denyhosts plugin installed too? That may have something to do with this.

 

3 hours ago, ken-ji said:

Just a quick guess, as I'm not using the plugin myself, but this is indicative of SSH rejecting connections from unwanted / unknown IPs...

though after checking the SSH server docs, I can't find any config option that allows the server to deny/accept connections by IP so I'm also stumped.

Do you have the denyhosts plugin installed too? That may have something to do with this.

 

 

I do have denyhosts installed but it is turned off. I will uninstall it when I get home from work and let you know if that was the solution.

Thank you all for your help, I do not know how or why but I attempted to connect this morning and was able to connect. Strange because I did not alter any settings from last night to this morning. Maybe my phone just needed to be restarted.

  • Author

I'm on a business trip which makes me cautious about changing the port that I use in case it would cause me to lose access but I will give it a try hopefully tonight.

 

It sounds like the problem may have resolved itself but still it would be good for me to try changing the port just to make sure that all works.

 

doc..

  • Author
On 1/31/2017 at 10:25 PM, DazedAndConfused said:

This might seem a little trivial, but is there a way to change the icon for Denyhosts and have it stay changed? The current icon has a white background and shows up when you change the dynamix ui to black. I found a replacement Icon but it keeps changing back to the original one.

 

I didn't try changing  the icon when I took over the plugins and have no preference.  If you can send me the icon or a link I will add it to the plugin directly.

I was trying to use this one

 

However, there are a lot of good Icons. My search term was "stop sign"

 

I really appreciate you responding :)

  • 1 month later...

Not sure if this is the right place to ask, but i'm trying to get this to persist a few things between reboots/restarts of the SSH Daemon on my unraid server, other than just my public key.

 

Can I use this to configure a script to run when the ssh daemon starts?

 

It seems that my users home directory is reset to /home/<USERNAME> evertime, and that directory is of course erased, except for the public key being copied back into it from this plugin.

 

I would like to make sure that my home directory remains /mnt/cache/home/<USERNAME>

 

I have done this via the /boot/config/go file, which runs at server boot, but not when ssh starts, obviously.

Edited by gruggo

  • 1 month later...

I am trying to get this working on 6.3.5 and am having no joy.

 

They key pair works fine on another device and I notice that no authorized_keys is getting copied into my home folder?

 

There is also no mention in the logs.

 

Thanks in advance

 

Edit: Copied my authorized_keys file into /home/<user>.ssh and changed the permissions and owner and all was well; logged in fine with my keys.

Edited by local.bin

48 minutes ago, local.bin said:

I am trying to get this working on 6.3.5 and am having no joy.

 

They key pair works fine on another device and I notice that no authorized_keys is getting copied into my home folder?

 

There is also no mention in the logs.

 

Thanks in advance

 

Edit: Copied my authorized_keys file into /home/<user>.ssh and changed the permissions and owner and all was well; logged in fine with my keys.

 

'You should note that /home is only in RAM so files placed there will not survive a reboot.   For files to survive a reboot they need to be held on the flash and copied to their final location as unRAID is loading.    For ssh I think this involves putting the files into the config/ssh folder on the USB stick.

6 hours ago, itimpi said:

 

'You should note that /home is only in RAM so files placed there will not survive a reboot.   For files to survive a reboot they need to be held on the flash and copied to their final location as unRAID is loading.    For ssh I think this involves putting the files into the config/ssh folder on the USB stick.

Yes, I thought that was the purpose of the plugin, to do that copying of config files?

 

My configs are on the stick but don't get copied into position, so ssh doesn't work in 6.3.x for me.

 

I manually copied them myself and I could connect fine, so know the config files are ok.

 

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.