Jump to content
docgyver

SSH and Denyhosts updated for v6.1

87 posts in this topic Last Reply

Recommended Posts

I have it running on 6.2.4. I installed it on 6.1, have been working since. Be sure to read the readme file, I think the info is on the github page too.

What sort of problems do you have?

 

Both denyhosts and ssh??

 

I hadn't installed it yet thinking from the comments above it was no longer working.  Will try it now...  Thanks...

Share this post


Link to post

Yeah, I have both running. Haven't tested if denyhost is actually doing what it's supposed to do since 6.1, but it's running. SSH I use almost daily so I know that's working

Share this post


Link to post

Yeah, I have both running. Haven't tested if denyhost is actually doing what it's supposed to do since 6.1, but it's running. SSH I use almost daily so I know that's working

 

Have you got it running on a 6.3 server too?

Share this post


Link to post

Hopefully this is the right place for posting new/updated plugins.

 

I have ssh_config confirmed working with 6.2.4 and have locked my server down significantly.  Secondly, I wanted to bolt it down tighter with denyhosts, but cannot get it to start running.  Attempts to start it result in this:

 

Dec 16 12:51:13 Server1 sudo: root : TTY=unknown ; PWD=/usr/local/emhttp ; USER=root ; COMMAND=/usr/bin/env python /usr/bin/denyhosts.py --daemon --config=/boot/config/plugins/denyhosts/denyhosts.cfg
Dec 16 12:51:33 Server1 sudo: root : TTY=unknown ; PWD=/usr/local/emhttp ; USER=root ; COMMAND=/usr/bin/env python /usr/bin/denyhosts.py --daemon --config=/boot/config/plugins/denyhosts/denyhosts.cfg
Dec 16 12:51:42 Server1 emhttp: cmd: /usr/local/emhttp/plugins/denyhosts/scripts/rc.denyhosts buttonstart
Dec 16 12:51:42 Server1 sudo: root : TTY=unknown ; PWD=/ ; USER=root ; COMMAND=/usr/bin/env python /usr/bin/denyhosts.py --daemon --config=/boot/config/plugins/denyhosts/denyhosts.cfg
Dec 16 12:53:10 Server1 sudo: root : TTY=unknown ; PWD=/usr/local/emhttp ; USER=root ; COMMAND=/usr/bin/env python /usr/bin/denyhosts.py --daemon --config=/boot/config/plugins/denyhosts/denyhosts.cfg

 

This is still what I get in the logs after restricting logins to keyfiles only.  The nasties won't quite trying to break in.

 

Dec 16 10:53:30 Server1 sshd[20738]: Received disconnect from 218.65.30.123 port 8927:11: [preauth]
Dec 16 10:53:30 Server1 sshd[20738]: Disconnected from 218.65.30.123 port 8927 [preauth]
Dec 16 11:11:20 Server1 sshd[27831]: Received disconnect from 221.194.44.231 port 44343:11: [preauth]
Dec 16 11:11:20 Server1 sshd[27831]: Disconnected from 221.194.44.231 port 44343 [preauth]
Dec 16 11:16:02 Server1 sshd[29642]: Received disconnect from 221.194.47.229 port 46792:11: [preauth]
Dec 16 11:16:02 Server1 sshd[29642]: Disconnected from 221.194.47.229 port 46792 [preauth]
Dec 16 11:20:34 Server1 sshd[31476]: Received disconnect from 121.18.238.114 port 41878:11: [preauth]
Dec 16 11:20:34 Server1 sshd[31476]: Disconnected from 121.18.238.114 port 41878 [preauth]
Dec 16 11:23:32 Server1 sshd[32601]: Received disconnect from 121.18.238.114 port 55780:11: [preauth]
Dec 16 11:23:32 Server1 sshd[32601]: Disconnected from 121.18.238.114 port 55780 [preauth]
Dec 16 11:24:13 Server1 sshd[458]: Received disconnect from 221.194.47.208 port 41636:11: [preauth]
Dec 16 11:24:13 Server1 sshd[458]: Disconnected from 221.194.47.208 port 41636 [preauth]
Dec 16 11:26:38 Server1 sshd[1556]: Unable to negotiate with 123.31.32.5 port 62192: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1 [preauth]
Dec 16 11:35:25 Server1 sshd[5040]: Received disconnect from 121.123.153.46 port 52816:11: Bye Bye [preauth]
Dec 16 11:35:25 Server1 sshd[5040]: Disconnected from 121.123.153.46 port 52816 [preauth]
Dec 16 11:45:10 Server1 sshd[8839]: Received disconnect from 221.194.47.224 port 46493:11: [preauth]
Dec 16 11:45:10 Server1 sshd[8839]: Disconnected from 221.194.47.224 port 46493 [preauth]
Dec 16 11:45:27 Server1 sshd[9018]: Received disconnect from 121.18.238.98 port 34741:11: [preauth]
Dec 16 11:45:27 Server1 sshd[9018]: Disconnected from 121.18.238.98 port 34741 [preauth]
Dec 16 11:45:28 Server1 sshd[9061]: Received disconnect from 121.18.238.104 port 35216:11: [preauth]
Dec 16 11:45:28 Server1 sshd[9061]: Disconnected from 121.18.238.104 port 35216 [preauth]
Dec 16 11:51:29 Server1 sshd[10941]: Received disconnect from 221.194.44.224 port 36581:11: [preauth]
Dec 16 11:51:29 Server1 sshd[10941]: Disconnected from 221.194.44.224 port 36581 [preauth]
Dec 16 11:53:00 Server1 sshd[11382]: Received disconnect from 221.194.47.224 port 46110:11: [preauth]
Dec 16 11:53:00 Server1 sshd[11382]: Disconnected from 221.194.47.224 port 46110 [preauth]
Dec 16 11:54:35 Server1 sshd[11907]: Received disconnect from 221.194.47.229 port 44266:11: [preauth]
Dec 16 11:54:35 Server1 sshd[11907]: Disconnected from 221.194.47.229 port 44266 [preauth]
Dec 16 12:07:49 Server1 sshd[16083]: Received disconnect from 221.194.44.195 port 44063:11: [preauth]
Dec 16 12:07:49 Server1 sshd[16083]: Disconnected from 221.194.44.195 port 44063 [preauth]
Dec 16 12:09:45 Server1 sshd[16694]: Received disconnect from 121.18.238.114 port 36323:11: [preauth]
Dec 16 12:09:45 Server1 sshd[16694]: Disconnected from 121.18.238.114 port 36323 [preauth]
Dec 16 12:10:05 Server1 sshd[16847]: Received disconnect from 221.194.47.249 port 49320:11: [preauth]
Dec 16 12:10:05 Server1 sshd[16847]: Disconnected from 221.194.47.249 port 49320 [preauth]
Dec 16 12:10:14 Server1 sshd[16894]: Received disconnect from 221.194.44.219 port 49424:11: [preauth]
Dec 16 12:10:14 Server1 sshd[16894]: Disconnected from 221.194.44.219 port 49424 [preauth]
Dec 16 12:19:13 Server1 sshd[19711]: Received disconnect from 121.18.238.98 port 42423:11: [preauth]
Dec 16 12:19:13 Server1 sshd[19711]: Disconnected from 121.18.238.98 port 42423 [preauth]
Dec 16 12:41:06 Server1 sshd[26559]: Received disconnect from 221.194.44.219 port 34636:11: [preauth]
Dec 16 12:41:06 Server1 sshd[26559]: Disconnected from 221.194.44.219 port 34636 [preauth]
Dec 16 13:06:06 Server1 sshd[3875]: Invalid user admin from 185.110.132.202 port 43627
Dec 16 13:06:06 Server1 sshd[3875]: input_userauth_request: invalid user admin [preauth]
Dec 16 13:06:07 Server1 sshd[3875]: Received disconnect from 185.110.132.202 port 43627:11: Bye Bye [preauth]
Dec 16 13:06:07 Server1 sshd[3875]: Disconnected from 185.110.132.202 port 43627 [preauth]
Dec 16 13:12:24 Server1 sshd[6388]: Received disconnect from 121.18.238.98 port 51933:11: [preauth]
Dec 16 13:12:24 Server1 sshd[6388]: Disconnected from 121.18.238.98 port 51933 [preauth]
Dec 16 13:38:27 Server1 sshd[16782]: Received disconnect from 221.194.44.219 port 37815:11: [preauth]
Dec 16 13:38:27 Server1 sshd[16782]: Disconnected from 221.194.44.219 port 37815 [preauth]
Dec 16 13:39:43 Server1 sshd[17256]: Received disconnect from 221.194.47.224 port 47834:11: [preauth]
Dec 16 13:39:43 Server1 sshd[17256]: Disconnected from 221.194.47.224 port 47834 [preauth]
Dec 16 13:40:39 Server1 sshd[17633]: Received disconnect from 221.194.47.229 port 42289:11: [preauth]
Dec 16 13:40:39 Server1 sshd[17633]: Disconnected from 221.194.47.229 port 42289 [preauth]
Dec 16 13:41:34 Server1 sshd[18010]: Invalid user support from 185.110.132.202 port 54147
Dec 16 13:41:34 Server1 sshd[18010]: input_userauth_request: invalid user support [preauth]
Dec 16 13:41:35 Server1 sshd[18010]: Received disconnect from 185.110.132.202 port 54147:11: Bye Bye [preauth]
Dec 16 13:41:35 Server1 sshd[18010]: Disconnected from 185.110.132.202 port 54147 [preauth]
Dec 16 14:06:54 Server1 sshd[27998]: Unable to negotiate with 123.31.32.5 port 62083: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1 [preauth]
Dec 16 14:16:42 Server1 sshd[31874]: Received disconnect from 185.110.132.202 port 41156:11: Bye Bye [preauth]
Dec 16 14:16:42 Server1 sshd[31874]: Disconnected from 185.110.132.202 port 41156 [preauth]

 

Share this post


Link to post

Somehow I've been missing notifications on the thread.  I must have deleted one and never got back here.  I just updated to 6.2.4 on Friday and blew up docker containers since I didn't RTFM before jumping from 6.1 to 6.2.

I hope to have things cleared up sometime today (Monday) and will look at both ssh and Denyhosts.

 

I can tell you that ssh plugin seems to be working for me without any further changes.  At least my authorized keys file is making it into place.  I'll kick the tires on other features late today or tomorrow.

 

Sorry for my absence.

 

doc..

Share this post


Link to post

Make sure you check package version compatibility. You might take a look and see what versions of packages the NerdTools plugin installs.

Share this post


Link to post

is there any way to copy over public keys using this plugin?

 

EDIT: Never mind, figured it out. You have to generate the key and copy the public openssh key to /boot/config/plugins/ssh/<username>/.ssh/authorized_keys file.

 

As per readme: Upon restarting SSH, the plug-in will look for (and find) authorized_keys and copy this file to the users home directory.  eg.  /home/someuser/.ssh/authorized_keys

Share this post


Link to post

Just installed this plugin and I have a couple of questions-

 

1) I see a note in "Settings" that logs are persistent. Where are they? Don't see them in the "Logs" folder.

 

2) Wanted to read through the documentation but couldn't find any in CA or via the "Help" button in "Settings"?

Share this post


Link to post

Just installed this plugin and I have a couple of questions-

 

1) I see a note in "Settings" that logs are persistent. Where are they? Don't see them in the "Logs" folder.

 

2) Wanted to read through the documentation but couldn't find any in CA or via the "Help" button in "Settings"?

Is there any documentation at all for this plugin?

Share this post


Link to post

This might seem a little trivial, but is there a way to change the icon for Denyhosts and have it stay changed? The current icon has a white background and shows up when you change the dynamix ui to black. I found a replacement Icon but it keeps changing back to the original one.

Share this post


Link to post

This might seem a little trivial, but is there a way to change the icon for Denyhosts and have it stay changed? The current icon has a white background and shows up when you change the dynamix ui to black. I found a replacement Icon but it keeps changing back to the original one.

Easiest way is to overwrite the existing file (probably stored in /usr/local/emhtttp/plugins/sshWhateverTheFolderIs/images) with your replacement.  You'd have to store the replacement on the flash drive somewhere and either create a script to run at array start with the user scripts plugin, or add the appropriate command to the go file on the flash drive.

 

 

Share this post


Link to post

Not sure if this thread is dead but I think it is my best shot at resolving an issue.

 

I stupidly had port 22 open on my router and I saw Chinese IP's trying to brute force their way into my server. I immediately shut that down and came across the SSH plugin by docgyver.

 

I am currently on unraid 6.3.2 trying to get SSH to work so I can use SFTP when outside my network. I setup my client on my phone through ES File Explorer. When connecting using my private key on my local network (Wifi) I have no issue connecting. When I use 4G I see the error on the phone as "This may be caused by Session.connect: java.net.SocketException: Connection reset"

 

Currently my settings for the SSH plugin are as follows.

 

Enable SSH Service: Yes



SSH Port : 7005

Available options for SSH Users: myusername

Permit Root login: No

Max Auth Retries: 6

Password Authentication: No

Permit Empty Password: No

Gateway Ports: No

 

All options have been toggled all producing the same result, connection allowed on local network, outside network, connection refused.

 

sshd[15414]: Server listening on 0.0.0.0 port 7005.
sshd[15539]: refused connect from *cellphone IP (cellphone ip)

 

When on WiFi i get the following

 

sshd[11261]: Accepted publickey for myusername from 192.168.1.1 port 39520 ssh2: RSA SHA256*rsa key here*

 

My router has port 7005 for the static ip of my unraid server, I had the port forwarded the exact same way when it was 22, which worked outside of my local network. Any help would be greatly appreciated.

Share this post


Link to post

Just a shot in the dark, have you checked to be sure your ISP isn't blocking the port? I know mine blocks many ports,

Share this post


Link to post

I have run Deluge off of this port previously with remote access so I do not believe it is blocked by my ISP. I also made sure nothing else is using this port now.

Share this post


Link to post

Just a quick guess, as I'm not using the plugin myself, but this is indicative of SSH rejecting connections from unwanted / unknown IPs...

though after checking the SSH server docs, I can't find any config option that allows the server to deny/accept connections by IP so I'm also stumped.

Do you have the denyhosts plugin installed too? That may have something to do with this.

 

Share this post


Link to post
3 hours ago, ken-ji said:

Just a quick guess, as I'm not using the plugin myself, but this is indicative of SSH rejecting connections from unwanted / unknown IPs...

though after checking the SSH server docs, I can't find any config option that allows the server to deny/accept connections by IP so I'm also stumped.

Do you have the denyhosts plugin installed too? That may have something to do with this.

 

 

I do have denyhosts installed but it is turned off. I will uninstall it when I get home from work and let you know if that was the solution.

Share this post


Link to post

Thank you all for your help, I do not know how or why but I attempted to connect this morning and was able to connect. Strange because I did not alter any settings from last night to this morning. Maybe my phone just needed to be restarted.

Share this post


Link to post

I'm on a business trip which makes me cautious about changing the port that I use in case it would cause me to lose access but I will give it a try hopefully tonight.

 

It sounds like the problem may have resolved itself but still it would be good for me to try changing the port just to make sure that all works.

 

doc..

Share this post


Link to post
On 1/31/2017 at 10:25 PM, DazedAndConfused said:

This might seem a little trivial, but is there a way to change the icon for Denyhosts and have it stay changed? The current icon has a white background and shows up when you change the dynamix ui to black. I found a replacement Icon but it keeps changing back to the original one.

 

I didn't try changing  the icon when I took over the plugins and have no preference.  If you can send me the icon or a link I will add it to the plugin directly.

Share this post


Link to post

Not sure if this is the right place to ask, but i'm trying to get this to persist a few things between reboots/restarts of the SSH Daemon on my unraid server, other than just my public key.

 

Can I use this to configure a script to run when the ssh daemon starts?

 

It seems that my users home directory is reset to /home/<USERNAME> evertime, and that directory is of course erased, except for the public key being copied back into it from this plugin.

 

I would like to make sure that my home directory remains /mnt/cache/home/<USERNAME>

 

I have done this via the /boot/config/go file, which runs at server boot, but not when ssh starts, obviously.

Edited by gruggo

Share this post


Link to post

I am trying to get this working on 6.3.5 and am having no joy.

 

They key pair works fine on another device and I notice that no authorized_keys is getting copied into my home folder?

 

There is also no mention in the logs.

 

Thanks in advance

 

Edit: Copied my authorized_keys file into /home/<user>.ssh and changed the permissions and owner and all was well; logged in fine with my keys.

Edited by local.bin

Share this post


Link to post
48 minutes ago, local.bin said:

I am trying to get this working on 6.3.5 and am having no joy.

 

They key pair works fine on another device and I notice that no authorized_keys is getting copied into my home folder?

 

There is also no mention in the logs.

 

Thanks in advance

 

Edit: Copied my authorized_keys file into /home/<user>.ssh and changed the permissions and owner and all was well; logged in fine with my keys.

 

'You should note that /home is only in RAM so files placed there will not survive a reboot.   For files to survive a reboot they need to be held on the flash and copied to their final location as unRAID is loading.    For ssh I think this involves putting the files into the config/ssh folder on the USB stick.

Share this post


Link to post
6 hours ago, itimpi said:

 

'You should note that /home is only in RAM so files placed there will not survive a reboot.   For files to survive a reboot they need to be held on the flash and copied to their final location as unRAID is loading.    For ssh I think this involves putting the files into the config/ssh folder on the USB stick.

Yes, I thought that was the purpose of the plugin, to do that copying of config files?

 

My configs are on the stick but don't get copied into position, so ssh doesn't work in 6.3.x for me.

 

I manually copied them myself and I could connect fine, so know the config files are ok.

 

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.