Line 1: |
Line 1: |
| {{Languages|Denyhosts}} | | {{Languages|Denyhosts}} |
− | =Denyhosts SSH for SME7= | + | =Denyhosts SSH= |
| + | {{ #smeversion: smeserver-denyhosts }} |
| + | {{ #smeversion: denyhosts }} |
| + | |
| | | |
| === Maintainer === | | === Maintainer === |
Line 15: |
Line 18: |
| === Installation === | | === Installation === |
| | | |
− | 1. Log in (with username root) to the SMEserver console.
| + | # Log in (with username root) to the SMEserver console. |
| + | # Install smeserver-denyhosts<pre>/usr/bin/yum install smeserver-denyhosts --enablerepo=smecontribs</pre> You will get a y/N-question, answer y if it looks fine. There is no need to reboot the server. |
| + | # Open your webbrowser and go to the server-manager.<br>Under "Security" there should be a new line named "SSH Denyhosts". You should go to it and configure all necessary allowed hosts before enabling the service. When done set status to 'enabled'. |
| + | |
| + | |
| + | Alternatively you can use the server-manager panel "Software installer" to add a new package and select smeserver-denyhosts (repo smecontribs must be enabled) then do the reconfiguration and reboot task, instead of steps 1 and 2, then refresh your browser and configure denyhosts,. |
| + | |
| + | |
| + | === Editing configuration === |
| + | Q) How can the denyhost configuration be customized? |
| + | |
| + | A) You must copy the templates to the templates-custom directory and modify the appropriate fragments. |
| + | mkdir -p /etc/e-smith/templates-custom/etc/denyhosts.conf |
| + | cd /etc/e-smith/templates-custom/etc/denyhosts.conf/ |
| + | cp ../../../templates/etc/denyhosts.conf/* . |
| + | Now edit the appropriate files. See the [http://denyhosts.sourceforge.net/faq.html Denyhosts FAQ] for details. When done make your changes effective: |
| + | signal-event conf-denyhosts |
| + | |
| + | |
| + | Q) How is an ip-address removed from the blocked list? |
| + | |
| + | A) Edit the configuration file and and restart the service. |
| + | |
| + | pico -w /etc/hosts.deny_ssh |
| + | |
| + | Make required changes, then save & exit |
| + | |
| + | ctrl + c |
| + | |
| + | ctrl + x |
| + | |
| + | /etc/init.d/denyhosts restart |
| | | |
− | 2. Install smeserver-denyhosts
| + | ==== precaution ==== |
| | | |
− | yum install smeserver-denyhosts --enablerepo=smecontribs
| + | when you edit the /etc/hosts.deny_ssh |
| | | |
− | You will get a y/N-question, answer y if it looks fine.
| + | you should delete both the IP and comment line |
| + | otherwise it will not work |
| | | |
− | 3. Instructions at the end of previous installation advices the following commands: | + | for example you want to let '''192.168.3.3''' to have access and you find this |
− | <br><code>signal-event post-upgrade and signal-event reboot</code>
| |
| | | |
− | '''it is recommended to do so !''' | + | # DenyHosts: Thu Feb 14 19:03:30 2013 | 192.168.1.1 |
| + | 192.168.1.1 |
| + | # DenyHosts: Thu Feb 14 22:36:00 2013 | 192.168.2.2 |
| + | 192.168.2.2 |
| + | '''# DenyHosts: Fri Feb 15 08:44:09 2013 | 192.168.3.3''' |
| + | '''192.168.3.3''' |
| + | # DenyHosts: Fri Feb 15 10:44:39 2013 | 192.168.n.n |
| + | 192.168.n.n |
| | | |
− | <br>but you can skip that using
| + | if you delete only the IP (not the comment also) the block ban will not be raised for IP 192.168.3.3 after the restart of the service |
− | /etc/e-smith/events/actions/navigation-conf
| |
| | | |
− | 4. Open your webbrowser and go to the server-manager.
| + | # DenyHosts: Thu Feb 14 19:03:30 2013 | 192.168.1.1 |
− | <br>Under "Security" there should be a new line named "SSH Denyhosts".
| + | 192.168.1.1 |
| + | # DenyHosts: Thu Feb 14 22:36:00 2013 | 192.168.2.2 |
| + | 192.168.2.2 |
| + | '''# DenyHosts: Fri Feb 15 08:44:09 2013 | 192.168.3.3''' |
| + | # DenyHosts: Fri Feb 15 10:44:39 2013 | 192.168.n.n |
| + | 192.168.n.n |
| | | |
− | You should go to it and configure all necessary allowed host before enabling the service
| + | or if you change to another IP it seems to don't work |
| | | |
| + | # DenyHosts: Thu Feb 14 19:03:30 2013 | 192.168.1.1 |
| + | 192.168.1.1 |
| + | # DenyHosts: Thu Feb 14 22:36:00 2013 | 192.168.2.2 |
| + | 192.168.2.2 |
| + | # DenyHosts: Fri Feb 15 08:44:09 2013 | '''192.168.3.3''' |
| + | '''192.168.a.a''' |
| + | # DenyHosts: Fri Feb 15 10:44:39 2013 | 192.168.n.n |
| + | 192.168.n.n |
| | | |
− | Alternatively you can use the server-manager panel "Software installer" to add a new package and select smeserver-denyhosts (repo smecontribs must be enabled) then do the reconfiguration and reboot task, instead of steps 1 to 3, then refresh your browser and configure denyhosts,.
| + | you should delete both lines (IP + comment) |
| | | |
| + | # DenyHosts: Thu Feb 14 19:03:30 2013 | 192.168.1.1 |
| + | 192.168.1.1 |
| + | # DenyHosts: Thu Feb 14 22:36:00 2013 | 192.168.2.2 |
| + | 192.168.2.2 |
| + | # DenyHosts: Fri Feb 15 10:44:39 2013 | 192.168.n.n |
| + | 192.168.n.n |
| + | |
| + | and then restart the service |
| + | |
| + | /etc/init.d/denyhosts restart |
| | | |
| === Uninstall === | | === Uninstall === |
Line 55: |
Line 118: |
| === Check installed version === | | === Check installed version === |
| yum info installed smeserver-denyhosts | | yum info installed smeserver-denyhosts |
| + | |
| + | === Bugs=== |
| + | Please raise bugs under the SME Contribs section in {{BugzillaFileBug|product=SME%20Contribs|component=smeserver-denyhosts|title=bugzilla}}. |
| + | |
| + | |
| + | {{#bugzilla:columns=id,product,version,status,summary |sort=id |order=desc |component=smeserver-denyhosts|noresultsmessage="No open bugs found."}} |
| + | |
| + | ===Changelog=== |
| + | Only released version in smecontrib are listed here. |
| + | |
| + | {{ #smechangelog: smeserver-denyhosts}} |
| ---- | | ---- |
| | | |
| [[Category: Contrib]] | | [[Category: Contrib]] |
− | [[Category: Administration]] | + | [[Category: Administration:Remote Access]] |
| + | [[Category: Security]] |