[Spce-user] fresh install debian 7 not web access
odotom at gmail.com
Thu Sep 4 07:46:25 EDT 2014
setting up a new SPCE instance for test purposes today I also encountered some trouble with the newly added ssh configuration.
I’ve done a reboot after install due to the known apache/nginx issue and excluded myself from ssh (ssh access actually on a different ethernet, I was not aware of the ssh config changes ).
In principal I understand your attempt to improve security - in that case I do not know why ssh access should be limited/granted by default to the kamailio listening addresses. Probably this can be discussed - usually ssh access is basic debian sysadmin stuff and ngcp installation is overwriting an existing ssh configuration without notice.
At least there should be a hint within the manual to advise that the network configuration including ssh addresses should be finished and applied before performing any reboot.
When upgrading my other SPCE instance to mr3.3 I observed that the folder for sems had been renamed to ngcp-sems, however the existing reg_agent.conf entries for peer registration had not been transferred. It took some time to find the reason why numbers could not been reached anymore (/etc/ngcp-config/templates/etc/sems does still exist and I thought that the upgrade failed)
Nevertheless, a great piece of work and many thanks for the package!
Am Aug 1, 2014 um 6:28 PM schrieb Alex Lutay <alutay at sipwise.com>:
NGCP has a configuration file /etc/ngcp-config/network.yml which
contains IPs/service/roles attached to server/service.
For mr3.3 we improved security configuration, allowing to listen SSH
on specified interfaces only. Please find type ssh_ext into network.yml
So, we might have some issues there, lets try to debug.
Please check the list of IPs sshd currently listening:
> netstat -anp | grep sshd
Does sshd listen IP(s) you are trying to reach?
If NO: please check that all interfaces in network.yml has type ssh_ext.
Update network.yml if necessary and run "ngcpcfg apply" to apply config
changes. Recheck the ssh connection.
If YES: it is local networking issue.
If you have no luck, please share:
1) netstat -anp | grep sshd
2) cat /etc/ngcp-config/network.yml
3) grep ListenAddress /etc/ssh/sshd_config
On 01/08/14 17:34, Paul Belanger wrote:
> Okay, rebooting has gotten me a step closer. Aside from loosing ssh
> access, I now get '502 Bad Gateway' from the web interface. Looking
> at the ngcp-panel error logs, I see the following:
Head of Quality Assurance
Sipwise GmbH, Campus 21/Europaring F15
AT-2345 Brunn am Gebirge
Email: alutay at sipwise.com
Spce-user mailing list
Spce-user at lists.sipwise.com
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 496 bytes
Desc: Message signed with OpenPGP using GPGMail
More information about the Spce-user