[Spce-user] Lost SSH after upgrade

Anthony Sanchez agswinpr at gmail.com
Thu Jun 15 20:22:51 EDT 2017


Problem fixed.
I did a modification to /etc/ngcp-config/config.yml
ngcpcfg apply 'enabled the backup feature'
reboot

I think that it may be a bug,
Tony

On Tue, Jun 13, 2017 at 1:23 PM, Maxwell Power <mpower at yegtel.ca> wrote:

> We had issues with this a few versions ago where we got completely locked
> out. Not a good time.
>
> SSH is fairly locked down in recent builds due to the new firewall
> configuration. Which is great in theory for sure. Except in our case, we
> have support located in multiple locations. All use changing IP addresses.
>
> Our solution was to add a firewall rule to allow all SSH traffic.
>
> Update config.yml, looking for the following section:
>
> security:
>     rules4:
>       - '-A INPUT --dport 22 - j ACCEPT'
>
> It does allow anyone to connect via SSH and is a security risk, if SSH is
> not properly protected.
>
> Cheers,
> Maxwell Power
> Technical Account Manager
> Phone: (780) 809-9990 Ext. 417 | Toll Free: (855) 4-YEGTEL(934835) | Fax:
> (780) 401-3390
> YEGTEL Communications INC. | 10301 104 ST NW, Suite 55, Edmonton, Alberta,
> T5J 1B9
> Email: mpower at yegtel.ca | Web: www.yegtel.ca
>
> This e-mail and any attachments may contain confidential or privileged
> information. If you are not an intended recipient, do not re-send, copy or
> use this e-mail. Please also contact the sender immediately and delete this
> e-mail in its entirety. Privilege is not waived by reason of mistaken
> delivery to you. YEGTEL Communications and its affiliates accept no
> liability whatsoever for loss or damage in relation to this e-mail and may
> monitor, retain and/or review email. Opinions expressed in this e-mail are
> those of the author and may not represent the opinions of YEGTEL
> Communications and its affiliates.
>
> Ce courriel et toutes ses pièces jointes peuvent contenir de l'information
> de nature confidentielle ou privilégiée. Si vous avez reçu ce courriel par
> erreur, merci de ne pas le transférer, le copier ou l'utiliser. Veuillez
> communiquer immédiatement avec l'expéditeur et supprimer le message dans
> son intégralité. Le fait de vous avoir envoyé ce courriel par erreur ne
> signifie pas que l'expéditeur renonce à ses droits. YEGTEL Communications
> et ses sociétés affiliées ne peuvent être tenues responsables de toute
> perte ou dommages liés au présent courriel et peuvent effectuer un suivi de
> ce courriel, le conserver et l'examiner. Les opinions exprimées dans le
> présent courriel sont celles de son auteur et non celles de YEGTEL
> Communications et de ses sociétés affiliées.
>
> -----Original Message-----
> From: Spce-user [mailto:spce-user-bounces at lists.sipwise.com] On Behalf Of
> Alex Lutay
> Sent: Monday, June 12, 2017 17:07
> To: spce-user at lists.sipwise.com
> Subject: Re: [Spce-user] Lost SSH after upgrade
>
> So, what is your problem exactly?
> You cannot establish TCP connect or system doesn't accept your
> password/key? Option -v will help you here: ssh -v <you_ip>
>
> Also check: netstat -anp | grep 22
> Does sshd listens proper IP?
>
> Any hints inside auth.log?
>
> On 06/12/2017 07:10 PM, Anthony Sanchez wrote:
> > root at spce:~# /etc/init.d/ssh
> > [info] Usage: /etc/init.d/ssh
> > {start|stop|reload|force-reload|restart|try-restart|status}.
> > root at spce:~# /etc/init.d/ssh status
> > [ ok ] sshd is running.
> >
> >
> > On Mon, Jun 12, 2017 at 11:56 AM, Alex Lutay <alutay at sipwise.com
> > <mailto:alutay at sipwise.com>> wrote:
> >
> >     Hi,
> >
> >     This is hard to say something from this side.
> >
> >     You can't connect or your credentials were not accepted?
> >
> >     Obviously you need to connect the system using terminal/console
> >     and check sshd state, is IP listening there correct,
> >     then you can check /var/log/auth.log to see the reason why
> >     you login attempt was rejected.
> >
> >     I do not recall mr5.3.1 changes which can affect SSHd.
> >     BTW, did you access system using password or key?
> >
> >     I see one option moved to config.yml:
> >     > 17:55:25 ✔ taurus:(mr5.3.1)~/sipwise/git/templates$ git diff
> >     mr5.2.1 mr5.3.1  -- system/sshd_config
> >     > diff --git a/system/sshd_config b/system/sshd_config
> >     > index 9163032..8f83735 100644
> >     > --- a/system/sshd_config
> >     > +++ b/system/sshd_config
> >     > @@ -67,7 +67,7 @@ PermitEmptyPasswords no
> >     >  ChallengeResponseAuthentication no
> >     >
> >     >  # Change to no to disable tunnelled clear text passwords
> >     > -#PasswordAuthentication yes
> >     > +PasswordAuthentication [% sshd.password_authentication %]
> >     >
> >     >  # Kerberos options
> >     >  #KerberosAuthentication no
> >     > 17:55:27 ✔ taurus:(mr5.3.1)~/sipwise/git/templates$
> >
> >     While default value must not be changed there.
> >
> >     Please share your progress there. Tnx!
> >
> >     On 06/12/2017 05:42 PM, Anthony Sanchez wrote:
> >     > Yesterday I did an upgrade from mr5.2.1 to mr5.3.1, after that ssh
> >     > connections stops working.
> >     > How can I get it working again?
> >
> >     --
> >     Alex Lutay
>
>
> --
> Alex Lutay
> _______________________________________________
> Spce-user mailing list
> Spce-user at lists.sipwise.com
> https://lists.sipwise.com/listinfo/spce-user
>
> _______________________________________________
> Spce-user mailing list
> Spce-user at lists.sipwise.com
> https://lists.sipwise.com/listinfo/spce-user
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sipwise.com/pipermail/spce-user_lists.sipwise.com/attachments/20170615/efce72a8/attachment-0001.html>


More information about the Spce-user mailing list