[Spce-user] Lost SSH after upgrade
Alex Lutay
alutay at sipwise.com
Fri Jun 16 09:23:19 EDT 2017
Hi Maxwell,
Thank you for reporting it here!
I would like to clarify some details to commit the fixes if necessary.
Firewall configuration (as a part of NGCP) has been introduced in
mr5.2.1, while Anthony's initial report was about upgrade
mr5.2.1->mr5.3.1 .
Did you experience described problem after upgrade on mr5.2.1 or after
upgrade on mr5.3.1 ?
Also as for upgrade on mr5.2.1 we were tried to make zero harm
as security->firewall->enable=no by default.
I would really appreciate detailed description here (private email if
you want). I would like to prevent this for other spce@ users.
Thank you!
On 06/13/2017 07:23 PM, Maxwell Power wrote:
> We had issues with this a few versions ago where we got completely locked out. Not a good time.
>
> SSH is fairly locked down in recent builds due to the new firewall configuration. Which is great in theory for sure. Except in our case, we have support located in multiple locations. All use changing IP addresses.
>
> Our solution was to add a firewall rule to allow all SSH traffic.
>
> Update config.yml, looking for the following section:
>
> security:
> rules4:
> - '-A INPUT --dport 22 - j ACCEPT'
>
> It does allow anyone to connect via SSH and is a security risk, if SSH is not properly protected.
--
Alex Lutay
Head of Quality Assurance
Sipwise GmbH, Campus 21/Europaring F15
AT-2345 Brunn am Gebirge
Office: +43(0)13012036
Email: alutay at sipwise.com
Website: https://www.sipwise.com
More information about the Spce-user
mailing list