comet424 Posted March 2, 2019 Author Share Posted March 2, 2019 reason I installed the ssh plugin as when I followed instrustions in one of the articles it said it has the extra features for ssh more whatevers Quote Link to comment
ken-ji Posted March 2, 2019 Share Posted March 2, 2019 yes, but if you don't know what its really for you shouldn't be using it just yet. and your problem might be due to some settings with it. Quote Link to comment
comet424 Posted March 2, 2019 Author Share Posted March 2, 2019 @ken-ji ssh didn't work.. enter the password right 3 times Quote Link to comment
comet424 Posted March 2, 2019 Author Share Posted March 2, 2019 do I need to remove the ssh plugin... do I not loose the features off ssh then... as all I know when I was following instructions it stated you needed to install it for extra features Quote Link to comment
ken-ji Posted March 2, 2019 Share Posted March 2, 2019 You probably should or at least disable all the settings for it. - SSH plugins adds features but you don't need them until you get the base ssh working. you can remove it on the mitchsserver then reboot to be sure that its disabled. Quote Link to comment
comet424 Posted March 2, 2019 Author Share Posted March 2, 2019 @ken-ji nope didn't work deleting ssh pluging and rebooting didn't help Quote Link to comment
ken-ji Posted March 2, 2019 Share Posted March 2, 2019 Ok. just to be sure - does the password for root on mitchsserver have any of the following symbols? $&\!|?* If they do, please use a simple password first. Quote Link to comment
comet424 Posted March 2, 2019 Author Share Posted March 2, 2019 no I just made the password "mike" no quotes Quote Link to comment
comet424 Posted March 2, 2019 Author Share Posted March 2, 2019 same with the user mike I made the password mike Quote Link to comment
comet424 Posted March 2, 2019 Author Share Posted March 2, 2019 I like this unraid but at same time some stuff is a pain in the butt lol Quote Link to comment
ken-ji Posted March 2, 2019 Share Posted March 2, 2019 can you run this on mitchsserver tail -n20 /var/log/syslog then post the output here. You can copy and paste from the webterminal (I've forgotten that you can do that), just highlight with the mouse then rightclick to copy then also cat /etc/ssh/sshd_config and paste that too... Quote Link to comment
comet424 Posted March 2, 2019 Author Share Posted March 2, 2019 is this better then the screen shot Linux 4.18.20-unRAID. Last login: Fri Mar 1 17:21:52 -0500 2019 on /dev/pts/0. root@mitchsserver:~# tail -n20 /var/log/syslog Mar 1 17:36:29 mitchsserver root: Fix Common Problems: Other Warning: Could not perform unknown plugins installed checks Mar 1 17:36:30 mitchsserver root: Fix Common Problems: Other Warning: Could not perform docker application port tests Mar 1 17:36:39 mitchsserver emhttpd: req (1): userName=root&userPassword=****&userPasswordConf=****&cmdUserEdit=Change&csrf_token=**************** Mar 1 17:36:39 mitchsserver emhttpd: shcmd (115): cp /etc/passwd /etc/shadow /var/lib/samba/private/smbpasswd /boot/config Mar 1 17:36:39 mitchsserver emhttpd: Starting services... Mar 1 17:36:39 mitchsserver emhttpd: shcmd (127): /etc/rc.d/rc.nginx reload Mar 1 17:36:39 mitchsserver root: Checking configuration for correct syntax and Mar 1 17:36:39 mitchsserver root: then trying to open files referenced in configuration... Mar 1 17:36:39 mitchsserver root: nginx: the configuration file /etc/nginx/nginx.conf syntax is ok Mar 1 17:36:39 mitchsserver root: nginx: configuration file /etc/nginx/nginx.conf test is successful Mar 1 17:36:39 mitchsserver root: Reloading Nginx configuration... Mar 1 17:36:42 mitchsserver emhttpd: shcmd (128): /usr/bin/php -f /usr/local/emhttp/webGui/include/UpdateDNS.php Mar 1 17:36:42 mitchsserver emhttpd: shcmd (128): exit status: 1 Mar 1 17:36:42 mitchsserver nginx: 2019/03/01 17:36:42 [alert] 13949#13949: *1919 open socket #18 left in connection 17 Mar 1 17:36:42 mitchsserver nginx: 2019/03/01 17:36:42 [alert] 13949#13949: aborting Mar 1 17:37:07 mitchsserver sshd[3575]: Failed password for root from 192.168.0.3 port 51092 ssh2 Mar 1 17:37:10 mitchsserver sshd[3575]: Failed password for root from 192.168.0.3 port 51092 ssh2 Mar 1 17:37:13 mitchsserver sshd[3575]: Failed password for root from 192.168.0.3 port 51092 ssh2 Mar 1 17:37:13 mitchsserver sshd[3575]: Connection closed by authenticating user root 192.168.0.3 port 51092 [preauth] Mar 1 17:46:33 mitchsserver login[16131]: ROOT LOGIN on '/dev/pts/0' root@mitchsserver:~# cat /etc/ssh/sshd_config root@mitchsserver:~# Quote Link to comment
ken-ji Posted March 2, 2019 Share Posted March 2, 2019 yes better. you can also use the </> in the edit toolbar to paste it in monospace, which makes code and text from screens easier to read. odd. your /etc/ssh/sshd_config should not be empty... that's why root is unable to login... please run rm /boot/config/ssh/sshd_config, then reboot, to reset the ssh to original settings Quote Link to comment
comet424 Posted March 2, 2019 Author Share Posted March 2, 2019 I know you told me yesterday to do the rm -rvf /root/ssh if that means anything? what is the /etc/ssh/sshd_config do... ok I did that going to reboot now... and lets see if that </> works Linux 4.18.20-unRAID. Last login: Fri Mar 1 17:21:52 -0500 2019 on /dev/pts/0. root@mitchsserver:~# tail -n20 /var/log/syslog Mar 1 17:36:29 mitchsserver root: Fix Common Problems: Other Warning: Could not perform unknown plugins installed checks Mar 1 17:36:30 mitchsserver root: Fix Common Problems: Other Warning: Could not perform docker application port tests Mar 1 17:36:39 mitchsserver emhttpd: req (1): userName=root&userPassword=****&userPasswordConf=****&cmdUserEdit=Change&csrf_token=**************** Mar 1 17:36:39 mitchsserver emhttpd: shcmd (115): cp /etc/passwd /etc/shadow /var/lib/samba/private/smbpasswd /boot/config Mar 1 17:36:39 mitchsserver emhttpd: Starting services... Mar 1 17:36:39 mitchsserver emhttpd: shcmd (127): /etc/rc.d/rc.nginx reload Mar 1 17:36:39 mitchsserver root: Checking configuration for correct syntax and Mar 1 17:36:39 mitchsserver root: then trying to open files referenced in configuration... Mar 1 17:36:39 mitchsserver root: nginx: the configuration file /etc/nginx/nginx.conf syntax is ok Mar 1 17:36:39 mitchsserver root: nginx: configuration file /etc/nginx/nginx.conf test is successful Mar 1 17:36:39 mitchsserver root: Reloading Nginx configuration... Mar 1 17:36:42 mitchsserver emhttpd: shcmd (128): /usr/bin/php -f /usr/local/emhttp/webGui/include/UpdateDNS.php Mar 1 17:36:42 mitchsserver emhttpd: shcmd (128): exit status: 1 Mar 1 17:36:42 mitchsserver nginx: 2019/03/01 17:36:42 [alert] 13949#13949: *1919 open socket #18 left in connection 17 Mar 1 17:36:42 mitchsserver nginx: 2019/03/01 17:36:42 [alert] 13949#13949: aborting Mar 1 17:37:07 mitchsserver sshd[3575]: Failed password for root from 192.168.0.3 port 51092 ssh2 Mar 1 17:37:10 mitchsserver sshd[3575]: Failed password for root from 192.168.0.3 port 51092 ssh2 Mar 1 17:37:13 mitchsserver sshd[3575]: Failed password for root from 192.168.0.3 port 51092 ssh2 Mar 1 17:37:13 mitchsserver sshd[3575]: Connection closed by authenticating user root 192.168.0.3 port 51092 [preauth] Mar 1 17:46:33 mitchsserver login[16131]: ROOT LOGIN on '/dev/pts/0' root@mitchsserver:~# cat /etc/ssh/sshd_config root@mitchsserver:~# rm /boot/config/ssh/sshd_config root@mitchsserver:~# Quote Link to comment
comet424 Posted March 2, 2019 Author Share Posted March 2, 2019 ok reboot and i typed in the cat code whatever cat does Linux 4.18.20-unRAID. Last login: Fri Mar 1 18:10:32 -0500 2019 on /dev/pts/0. root@mitchsserver:~# cat /etc/ssh/sshd_config # $OpenBSD: sshd_config,v 1.103 2018/04/09 20:41:22 tj Exp $ # This is the sshd server system-wide configuration file. See # sshd_config(5) for more information. # This sshd was compiled with PATH=/usr/local/sbin:/usr/sbin:/sbin:/usr/local/bin:/usr/bin:/bin # The strategy used for options in the default sshd_config shipped with # OpenSSH is to specify options with their default value where # possible, but leave them commented. Uncommented options override the # default value. #Port 22 #AddressFamily any #ListenAddress 0.0.0.0 #ListenAddress :: #HostKey /etc/ssh/ssh_host_rsa_key #HostKey /etc/ssh/ssh_host_ecdsa_key #HostKey /etc/ssh/ssh_host_ed25519_key # Ciphers and keying #RekeyLimit default none # Logging #SyslogFacility AUTH #LogLevel INFO # Authentication: #LoginGraceTime 2m #PermitRootLogin prohibit-password # limetech - permit root login PermitRootLogin yes #StrictModes yes #MaxAuthTries 6 #MaxSessions 10 #PubkeyAuthentication yes # The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2 # but this is overridden so installations will only check .ssh/authorized_keys AuthorizedKeysFile .ssh/authorized_keys #AuthorizedPrincipalsFile none #AuthorizedKeysCommand none #AuthorizedKeysCommandUser nobody # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts #HostbasedAuthentication no # Change to yes if you don't trust ~/.ssh/known_hosts for # HostbasedAuthentication #IgnoreUserKnownHosts no # Don't read the user's ~/.rhosts and ~/.shosts files #IgnoreRhosts yes # To disable tunneled clear text passwords, change to no here! #PasswordAuthentication yes #PermitEmptyPasswords no # limetech - permit empty passwords PermitEmptyPasswords yes # Change to no to disable s/key passwords #ChallengeResponseAuthentication yes # Kerberos options #KerberosAuthentication no #KerberosOrLocalPasswd yes #KerberosTicketCleanup yes #KerberosGetAFSToken no # GSSAPI options #GSSAPIAuthentication no #GSSAPICleanupCredentials yes # Set this to 'yes' to enable PAM authentication, account processing, # and session processing. If this is enabled, PAM authentication will # be allowed through the ChallengeResponseAuthentication and # PasswordAuthentication. Depending on your PAM configuration, # PAM authentication via ChallengeResponseAuthentication may bypass # the setting of "PermitRootLogin without-password". # If you just want the PAM account and session checks to run without # PAM authentication, then enable this but set PasswordAuthentication # and ChallengeResponseAuthentication to 'no'. #UsePAM no #AllowAgentForwarding yes #AllowTcpForwarding yes #GatewayPorts no #X11Forwarding no #X11DisplayOffset 10 #X11UseLocalhost yes #PermitTTY yes #PrintMotd yes #PrintLastLog yes #TCPKeepAlive yes #PermitUserEnvironment no #Compression delayed #ClientAliveInterval 0 #ClientAliveCountMax 3 #UseDNS no #PidFile /var/run/sshd.pid #MaxStartups 10:30:100 #PermitTunnel no #ChrootDirectory none #VersionAddendum none # no default banner path #Banner none # override default of no subsystems Subsystem sftp /usr/libexec/sftp-server # Example of overriding settings on a per-user basis #Match User anoncvs # X11Forwarding no # AllowTcpForwarding no # PermitTTY no # ForceCommand cvs server root@mitchsserver:~# Quote Link to comment
ken-ji Posted March 2, 2019 Share Posted March 2, 2019 2 minutes ago, comet424 said: what is the /etc/ssh/sshd_config do... this is the configuration of the ssh service, if its empty the relative secure defaults are used which prevents root from loggin in. Quote Link to comment
ken-ji Posted March 2, 2019 Share Posted March 2, 2019 1 hour ago, ken-ji said: On tower: # ssh root@mitchsserver This will definitely prompt about the unknown key (like this) The authenticity of host '192.168.71.1 (192.168.71.1)' can't be established. RSA key fingerprint is SHA256:DsrQk63wK2wX+GZRvT8Z2eP3C/W3qk9jb4z5cQQ4nyg. Are you sure you want to continue connecting (yes/no)? Just type yes If there was no root password on mitchsserver set via the Web GUI, this will let you in right a away, else it will prompt you for the password which should let you in right away. Repeat for mitchsserver. Now do this. Quote Link to comment
comet424 Posted March 2, 2019 Author Share Posted March 2, 2019 would power outs or when I shut the server down by holding power button erased that file as I have issues trying to use OpenVPN to connect to a pfsense router so I can do it all in a script OpenVPN then run rysnc then close connetion for openvpn did that erase the file? Quote Link to comment
comet424 Posted March 2, 2019 Author Share Posted March 2, 2019 yaaa it let me in but fails on trying to login tower from mitchs server Linux 4.18.20-unRAID. Last login: Fri Mar 1 20:28:37 -0500 2019 on /dev/pts/0. root@Tower:~# ssh root@mitchsserver root@mitchsserver's password: Last login: Fri Mar 1 18:10:37 2019 Linux 4.18.20-unRAID. root@mitchsserver:~# Linux 4.18.20-unRAID. Last login: Fri Mar 1 18:15:49 -0500 2019 on pts/2 from 192.168.0.3. root@mitchsserver:~# ssh root@tower The authenticity of host 'tower (192.168.0.3)' can't be established. ECDSA key fingerprint is SHA256:LZ7Gv59/aJoBgmJ9/fBADDmpfbtgb1Z30cSzGQh7TRQ. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'tower,192.168.0.3' (ECDSA) to the list of known hosts. root@tower: Permission denied (publickey,keyboard-interactive). root@mitchsserver:~# Quote Link to comment
comet424 Posted March 2, 2019 Author Share Posted March 2, 2019 heres the cat file for tower it shows stuff here Linux 4.18.20-unRAID. Last login: Fri Mar 1 21:20:34 -0500 2019 on /dev/pts/1. root@Tower:~# cat /etc/ssh/sshd_config # $OpenBSD: sshd_config,v 1.102 2018/02/16 02:32:40 djm Exp $ # This is the sshd server system-wide configuration file. See # sshd_config(5) for more information. # This sshd was compiled with PATH=/usr/local/sbin:/usr/sbin:/sbin:/usr/local/bin:/usr/bin:/bin # The strategy used for options in the default sshd_config shipped with # OpenSSH is to specify options with their default value where # possible, but leave them commented. Uncommented options override the # default value. Port 22 #AddressFamily any #ListenAddress 0.0.0.0 #ListenAddress :: #HostKey /etc/ssh/ssh_host_rsa_key #HostKey /etc/ssh/ssh_host_ecdsa_key #HostKey /etc/ssh/ssh_host_ed25519_key # Ciphers and keying #RekeyLimit default none # Logging #SyslogFacility AUTH #LogLevel INFO # Authentication: #LoginGraceTime 2m PermitRootLogin yes # limetech - permit root login PermitRootLogin yes #StrictModes yes MaxAuthTries 6 #MaxSessions 10 #PubkeyAuthentication yes # The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2 # but this is overridden so installations will only check .ssh/authorized_keys AuthorizedKeysFile .ssh/authorized_keys #AuthorizedPrincipalsFile none #AuthorizedKeysCommand none #AuthorizedKeysCommandUser nobody # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts #HostbasedAuthentication no # Change to yes if you don't trust ~/.ssh/known_hosts for # HostbasedAuthentication #IgnoreUserKnownHosts no # Don't read the user's ~/.rhosts and ~/.shosts files #IgnoreRhosts yes # To disable tunneled clear text passwords, change to no here! PasswordAuthentication no PermitEmptyPasswords yes # limetech - permit empty passwords PermitEmptyPasswords yes # Change to no to disable s/key passwords #ChallengeResponseAuthentication yes # Kerberos options #KerberosAuthentication no #KerberosOrLocalPasswd yes #KerberosTicketCleanup yes #KerberosGetAFSToken no # GSSAPI options #GSSAPIAuthentication no #GSSAPICleanupCredentials yes # Set this to 'yes' to enable PAM authentication, account processing, # and session processing. If this is enabled, PAM authentication will # be allowed through the ChallengeResponseAuthentication and PasswordAuthentication no # PAM authentication via ChallengeResponseAuthentication may bypass PermitRootLogin yes # If you just want the PAM account and session checks to run without PasswordAuthentication no # and ChallengeResponseAuthentication to 'no'. #UsePAM no #AllowAgentForwarding yes #AllowTcpForwarding yes GatewayPorts no #X11Forwarding no #X11DisplayOffset 10 #X11UseLocalhost yes #PermitTTY yes #PrintMotd yes #PrintLastLog yes #TCPKeepAlive yes #UseLogin no #PermitUserEnvironment no #Compression delayed #ClientAliveInterval 0 #ClientAliveCountMax 3 #UseDNS no #PidFile /var/run/sshd.pid #MaxStartups 10:30:100 #PermitTunnel no #ChrootDirectory none #VersionAddendum none # no default banner path #Banner none # override default of no subsystems Subsystem sftp /usr/libexec/sftp-server # the following are HPN related configuration options # tcp receive buffer polling. disable in non autotuning kernels #TcpRcvBufPoll yes # disable hpn performance boosts #HPNDisabled no # buffer size for hpn to non-hpn connections #HPNBufferSize 2048 # allow the use of the none cipher #NoneEnabled no # Example of overriding settings on a per-user basis #Match User anoncvs # X11Forwarding no # AllowTcpForwarding no # PermitTTY no # ForceCommand cvs server root@Tower:~# Quote Link to comment
comet424 Posted March 2, 2019 Author Share Posted March 2, 2019 @ken-ji do I run rm /boot/config/ssh/sshd_config on tower server even though the config file is showing but I cant log in? or do I need to also uninstall the ssh plugin... and when will I need to reinstall the ssh plugin Quote Link to comment
ken-ji Posted March 2, 2019 Share Posted March 2, 2019 Suggest you remove the plugin, then rm the sshd_config file, then reboot. the ssh plugin has allowed a bunch of settings to be incorrectly set, and its better you reset everything to stock and get rysnc working first before trying to tweak the stock settings. Quote Link to comment
comet424 Posted March 2, 2019 Author Share Posted March 2, 2019 ok I can ssh both ways now Linux 4.18.20-unRAID. Last login: Fri Mar 1 18:33:05 -0500 2019 on pts/0 from 192.168.0.3. root@mitchsserver:~# ssh root@tower root@tower's password: Last login: Fri Mar 1 22:29:22 2019 Linux 4.18.20-unRAID. root@Tower:~# Linux 4.18.20-unRAID. Last login: Fri Mar 1 22:21:07 -0500 2019 on /dev/pts/0. root@Tower:~# ssh root@mitchsserver The authenticity of host 'mitchsserver (192.168.0.244)' can't be established. ECDSA key fingerprint is SHA256:CZUxd6PS+YJnJeqAPOkXQ+RsAQrs92nnX+NmzlG9uO8. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'mitchsserver,192.168.0.244' (ECDSA) to the list of known hosts. root@mitchsserver's password: Last login: Fri Mar 1 19:24:41 2019 Linux 4.18.20-unRAID. root@mitchsserver:~# Quote Link to comment
comet424 Posted March 2, 2019 Author Share Posted March 2, 2019 although from tower when I ssh it does that cant connect and asks me for yes/no but from mitchsserver when I ssh to tower it doesn't why? Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.