<div dir="ltr">Problem fixed.<div>I did a modification to /etc/ngcp-config/config.yml </div><div><span style="background-color:rgb(238,238,238);color:rgb(128,128,128);font-size:9pt">ngcpcfg apply 'enabled the backup feature'</span></div><div><span style="background-color:rgb(238,238,238);color:rgb(128,128,128);font-size:9pt"></span>reboot</div><div><br></div><div><div>I think that it may be a bug,</div></div><div>Tony</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Tue, Jun 13, 2017 at 1:23 PM, Maxwell Power <span dir="ltr"><<a href="mailto:mpower@yegtel.ca" target="_blank">mpower@yegtel.ca</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">We had issues with this a few versions ago where we got completely locked out. Not a good time.<br>
<br>
SSH is fairly locked down in recent builds due to the new firewall configuration. Which is great in theory for sure. Except in our case, we have support located in multiple locations. All use changing IP addresses.<br>
<br>
Our solution was to add a firewall rule to allow all SSH traffic.<br>
<br>
Update config.yml, looking for the following section:<br>
<br>
security:<br>
rules4:<br>
- '-A INPUT --dport 22 - j ACCEPT'<br>
<br>
It does allow anyone to connect via SSH and is a security risk, if SSH is not properly protected.<br>
<br>
Cheers,<br>
Maxwell Power<br>
Technical Account Manager<br>
Phone: <a href="tel:%28780%29%20809-9990%20Ext.%20417" value="+17808099990">(780) 809-9990 Ext. 417</a> | Toll Free: (855) 4-YEGTEL(934835) | Fax: (780) 401-3390<br>
YEGTEL Communications INC. | 10301 104 ST NW, Suite 55, Edmonton, Alberta, T5J 1B9<br>
Email: <a href="mailto:mpower@yegtel.ca">mpower@yegtel.ca</a> | Web: <a href="http://www.yegtel.ca" rel="noreferrer" target="_blank">www.yegtel.ca</a><br>
<br>
This e-mail and any attachments may contain confidential or privileged information. If you are not an intended recipient, do not re-send, copy or use this e-mail. Please also contact the sender immediately and delete this e-mail in its entirety. Privilege is not waived by reason of mistaken delivery to you. YEGTEL Communications and its affiliates accept no liability whatsoever for loss or damage in relation to this e-mail and may monitor, retain and/or review email. Opinions expressed in this e-mail are those of the author and may not represent the opinions of YEGTEL Communications and its affiliates.<br>
<br>
Ce courriel et toutes ses pièces jointes peuvent contenir de l'information de nature confidentielle ou privilégiée. Si vous avez reçu ce courriel par erreur, merci de ne pas le transférer, le copier ou l'utiliser. Veuillez communiquer immédiatement avec l'expéditeur et supprimer le message dans son intégralité. Le fait de vous avoir envoyé ce courriel par erreur ne signifie pas que l'expéditeur renonce à ses droits. YEGTEL Communications et ses sociétés affiliées ne peuvent être tenues responsables de toute perte ou dommages liés au présent courriel et peuvent effectuer un suivi de ce courriel, le conserver et l'examiner. Les opinions exprimées dans le présent courriel sont celles de son auteur et non celles de YEGTEL Communications et de ses sociétés affiliées.<br>
<div class="HOEnZb"><div class="h5"><br>
-----Original Message-----<br>
From: Spce-user [mailto:<a href="mailto:spce-user-bounces@lists.sipwise.com">spce-user-bounces@<wbr>lists.sipwise.com</a>] On Behalf Of Alex Lutay<br>
Sent: Monday, June 12, 2017 17:07<br>
To: <a href="mailto:spce-user@lists.sipwise.com">spce-user@lists.sipwise.com</a><br>
Subject: Re: [Spce-user] Lost SSH after upgrade<br>
<br>
So, what is your problem exactly?<br>
You cannot establish TCP connect or system doesn't accept your password/key? Option -v will help you here: ssh -v <you_ip><br>
<br>
Also check: netstat -anp | grep 22<br>
Does sshd listens proper IP?<br>
<br>
Any hints inside auth.log?<br>
<br>
On 06/12/2017 07:10 PM, Anthony Sanchez wrote:<br>
> root@spce:~# /etc/init.d/ssh<br>
> [info] Usage: /etc/init.d/ssh<br>
> {start|stop|reload|force-<wbr>reload|restart|try-restart|<wbr>status}.<br>
> root@spce:~# /etc/init.d/ssh status<br>
> [ ok ] sshd is running.<br>
><br>
><br>
> On Mon, Jun 12, 2017 at 11:56 AM, Alex Lutay <<a href="mailto:alutay@sipwise.com">alutay@sipwise.com</a><br>
> <mailto:<a href="mailto:alutay@sipwise.com">alutay@sipwise.com</a>>> wrote:<br>
><br>
> Hi,<br>
><br>
> This is hard to say something from this side.<br>
><br>
> You can't connect or your credentials were not accepted?<br>
><br>
> Obviously you need to connect the system using terminal/console<br>
> and check sshd state, is IP listening there correct,<br>
> then you can check /var/log/auth.log to see the reason why<br>
> you login attempt was rejected.<br>
><br>
> I do not recall mr5.3.1 changes which can affect SSHd.<br>
> BTW, did you access system using password or key?<br>
><br>
> I see one option moved to config.yml:<br>
> > 17:55:25 ✔ taurus:(mr5.3.1)~/sipwise/git/<wbr>templates$ git diff<br>
> mr5.2.1 mr5.3.1 -- system/sshd_config<br>
> > diff --git a/system/sshd_config b/system/sshd_config<br>
> > index 9163032..8f83735 100644<br>
> > --- a/system/sshd_config<br>
> > +++ b/system/sshd_config<br>
> > @@ -67,7 +67,7 @@ PermitEmptyPasswords no<br>
> > ChallengeResponseAuthenticatio<wbr>n no<br>
> ><br>
> > # Change to no to disable tunnelled clear text passwords<br>
> > -#PasswordAuthentication yes<br>
> > +PasswordAuthentication [% sshd.password_authentication %]<br>
> ><br>
> > # Kerberos options<br>
> > #KerberosAuthentication no<br>
> > 17:55:27 ✔ taurus:(mr5.3.1)~/sipwise/git/<wbr>templates$<br>
><br>
> While default value must not be changed there.<br>
><br>
> Please share your progress there. Tnx!<br>
><br>
> On 06/12/2017 05:42 PM, Anthony Sanchez wrote:<br>
> > Yesterday I did an upgrade from mr5.2.1 to mr5.3.1, after that ssh<br>
> > connections stops working.<br>
> > How can I get it working again?<br>
><br>
> --<br>
> Alex Lutay<br>
<br>
<br>
--<br>
Alex Lutay<br>
______________________________<wbr>_________________<br>
Spce-user mailing list<br>
<a href="mailto:Spce-user@lists.sipwise.com">Spce-user@lists.sipwise.com</a><br>
<a href="https://lists.sipwise.com/listinfo/spce-user" rel="noreferrer" target="_blank">https://lists.sipwise.com/<wbr>listinfo/spce-user</a><br>
<br>
______________________________<wbr>_________________<br>
Spce-user mailing list<br>
<a href="mailto:Spce-user@lists.sipwise.com">Spce-user@lists.sipwise.com</a><br>
<a href="https://lists.sipwise.com/listinfo/spce-user" rel="noreferrer" target="_blank">https://lists.sipwise.com/<wbr>listinfo/spce-user</a><br>
</div></div></blockquote></div><br></div>