[Spce-user] fresh install debian 7 not web access

Thomas Odorfer odotom at gmail.com
Thu Sep 4 07:46:25 EDT 2014


Hi,

setting up a new SPCE instance for test purposes today I also encountered some trouble with the newly added ssh configuration.

I’ve done a reboot after install due to the known apache/nginx issue and excluded myself from ssh (ssh access actually on a different ethernet, I was not aware of the ssh config changes ).
In principal I understand your attempt to improve security - in that case I do not know why ssh access should be limited/granted by default to the kamailio listening addresses. Probably this can be discussed - usually ssh access is basic debian sysadmin stuff and ngcp installation is overwriting an existing ssh configuration without notice.
At least there should be a hint within the manual to advise that the network configuration including ssh addresses should be finished and applied before performing any reboot.

When upgrading my other SPCE instance to mr3.3 I observed that the folder for sems had been renamed to ngcp-sems, however the existing reg_agent.conf entries for peer registration had not been transferred. It took some time to find the reason why numbers could not been reached anymore (/etc/ngcp-config/templates/etc/sems does still exist and I thought that the upgrade failed)

Nevertheless, a great piece of work and many thanks for the package!
Thomas



Am Aug 1, 2014 um 6:28 PM schrieb Alex Lutay <alutay at sipwise.com>:

Dear Paul,

NGCP has a configuration file /etc/ngcp-config/network.yml which
contains IPs/service/roles attached to server/service.

For mr3.3 we improved security configuration, allowing to listen SSH
on specified interfaces only. Please find type ssh_ext into network.yml

So, we might have some issues there, lets try to debug.
Please check the list of IPs sshd currently listening:
> netstat -anp | grep sshd

Does sshd listen IP(s) you are trying to reach?

If NO: please check that all interfaces in network.yml has type ssh_ext.
Update network.yml if necessary and run "ngcpcfg apply" to apply config
changes. Recheck the ssh connection.

If YES: it is local networking issue.

If you have no luck, please share:
1) netstat -anp | grep sshd
2) cat /etc/ngcp-config/network.yml
3) grep ListenAddress /etc/ssh/sshd_config

Tnx!

On 01/08/14 17:34, Paul Belanger wrote:
> Okay, rebooting has gotten me a step closer. Aside from loosing ssh
> access, I now get '502 Bad Gateway' from the web interface.  Looking
> at the ngcp-panel error logs, I see the following:

-- 
Alexander Lutay
Head of Quality Assurance
Sipwise GmbH, Campus 21/Europaring F15
AT-2345 Brunn am Gebirge

Office: +43(0)13012036
Email: alutay at sipwise.com
Website: http://www.sipwise.com
_______________________________________________
Spce-user mailing list
Spce-user at lists.sipwise.com
https://lists.sipwise.com/listinfo/spce-user

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 496 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.sipwise.com/mailman/private/spce-user_lists.sipwise.com/attachments/20140904/1e2b550c/attachment.asc>


More information about the Spce-user mailing list