Changes

From SME Server
Jump to navigationJump to search

Denyhosts (view source)

Revision as of 23:35, 6 July 2017

2,619 bytes added ,  23:35, 6 July 2017
→‎Bugs
Line 1: Line 1:  
{{Languages|Denyhosts}}
 
{{Languages|Denyhosts}}
=Denyhosts SSH for SME7=
+
=Denyhosts SSH=
 +
{{ #smeversion: smeserver-denyhosts }}
 +
{{ #smeversion: denyhosts }}
 +
 
    
=== Maintainer ===
 
=== Maintainer ===
Line 15: Line 18:  
=== Installation ===
 
=== Installation ===
   −
1. Log in (with username root) to the SMEserver console.
+
# Log in (with username root) to the SMEserver console.
 +
# Install smeserver-denyhosts<pre>/usr/bin/yum install smeserver-denyhosts --enablerepo=smecontribs</pre> You will get a y/N-question, answer y if it looks fine. There is no need to reboot the server.
 +
# Open your webbrowser and go to the server-manager.<br>Under "Security" there should be a new line named "SSH Denyhosts". You should go to it and configure all necessary allowed hosts before enabling the service. When done set status to 'enabled'.
 +
 
 +
 
 +
Alternatively you can use the server-manager panel "Software installer" to add a new package and select smeserver-denyhosts (repo smecontribs must be enabled) then do the reconfiguration and reboot task, instead of steps 1 and 2, then refresh  your browser and configure denyhosts,.
 +
 
 +
 
 +
=== Editing configuration ===
 +
Q) How can the denyhost configuration be customized?
 +
 
 +
A) You must copy the templates to the templates-custom directory and modify the appropriate fragments.
 +
mkdir -p /etc/e-smith/templates-custom/etc/denyhosts.conf
 +
cd /etc/e-smith/templates-custom/etc/denyhosts.conf/
 +
cp ../../../templates/etc/denyhosts.conf/* .
 +
Now edit the appropriate files. See the [http://denyhosts.sourceforge.net/faq.html Denyhosts FAQ] for details. When done make your changes effective:
 +
signal-event conf-denyhosts
 +
 
 +
 
 +
Q) How is an ip-address removed from the blocked list?
 +
 
 +
A) Edit the configuration file and and restart the service.
 +
 
 +
pico -w /etc/hosts.deny_ssh
 +
 
 +
Make required changes, then save & exit
 +
 
 +
ctrl + c
 +
 
 +
ctrl + x
 +
 
 +
/etc/init.d/denyhosts restart
   −
2. Install smeserver-denyhosts
+
==== precaution ====
   −
yum install smeserver-denyhosts --enablerepo=smecontribs
+
when you edit the /etc/hosts.deny_ssh
   −
You will get a y/N-question, answer y if it looks fine.
+
you should delete both the IP and comment line
 +
otherwise it will not work
   −
3. Instructions at the end of previous installation advices the following commands:
+
for example you want to let '''192.168.3.3''' to have access and you find this
<br><code>signal-event post-upgrade and signal-event reboot</code>
     −
'''it is recommended to do so !'''
+
# DenyHosts: Thu Feb 14 19:03:30 2013 | 192.168.1.1
 +
192.168.1.1
 +
# DenyHosts: Thu Feb 14 22:36:00 2013 | 192.168.2.2
 +
192.168.2.2
 +
'''# DenyHosts: Fri Feb 15 08:44:09 2013 | 192.168.3.3'''
 +
  '''192.168.3.3'''
 +
# DenyHosts: Fri Feb 15 10:44:39 2013 | 192.168.n.n
 +
192.168.n.n
   −
<br>but you can skip that  using
+
if you delete only the IP (not the comment also) the block ban will not be raised for IP 192.168.3.3 after the restart of the service
/etc/e-smith/events/actions/navigation-conf
     −
4. Open your webbrowser and go to the server-manager.  
+
# DenyHosts: Thu Feb 14 19:03:30 2013 | 192.168.1.1
<br>Under "Security" there should be a new line named "SSH Denyhosts".
+
192.168.1.1
 +
# DenyHosts: Thu Feb 14 22:36:00 2013 | 192.168.2.2
 +
192.168.2.2
 +
'''# DenyHosts: Fri Feb 15 08:44:09 2013 | 192.168.3.3'''
 +
# DenyHosts: Fri Feb 15 10:44:39 2013 | 192.168.n.n
 +
192.168.n.n
   −
You should go to it and configure all necessary allowed host before enabling the service
+
or if you change to another IP it seems to don't work
    +
# DenyHosts: Thu Feb 14 19:03:30 2013 | 192.168.1.1
 +
192.168.1.1
 +
# DenyHosts: Thu Feb 14 22:36:00 2013 | 192.168.2.2
 +
192.168.2.2
 +
# DenyHosts: Fri Feb 15 08:44:09 2013 | '''192.168.3.3'''
 +
'''192.168.a.a'''
 +
# DenyHosts: Fri Feb 15 10:44:39 2013 | 192.168.n.n
 +
192.168.n.n
   −
Alternatively you can use the server-manager panel "Software installer" to add a new package and select smeserver-denyhosts (repo smecontribs must be enabled) then do the reconfiguration and reboot task, instead of steps 1 to 3, then refresh  your browser and configure denyhosts,.
+
you should delete both lines (IP + comment)
    +
# DenyHosts: Thu Feb 14 19:03:30 2013 | 192.168.1.1
 +
192.168.1.1
 +
# DenyHosts: Thu Feb 14 22:36:00 2013 | 192.168.2.2
 +
192.168.2.2
 +
# DenyHosts: Fri Feb 15 10:44:39 2013 | 192.168.n.n
 +
192.168.n.n
 +
 +
and then restart the service
 +
 +
/etc/init.d/denyhosts restart
    
=== Uninstall ===
 
=== Uninstall ===
Line 55: Line 118:  
=== Check installed version ===
 
=== Check installed version ===
 
  yum info installed smeserver-denyhosts
 
  yum info installed smeserver-denyhosts
 +
 +
=== Bugs===
 +
Please raise bugs under the SME Contribs section in {{BugzillaFileBug|product=SME%20Contribs|component=smeserver-denyhosts|title=bugzilla}}.
 +
 +
 +
{{#bugzilla:columns=id,product,version,status,summary |sort=id |order=desc |component=smeserver-denyhosts|noresultsmessage="No open bugs found."}}
 +
 +
===Changelog===
 +
Only released version in smecontrib are listed here.
 +
 +
{{ #smechangelog: smeserver-denyhosts}}
 
----
 
----
    
[[Category: Contrib]]
 
[[Category: Contrib]]
[[Category: Administration]]
+
[[Category: Administration:Remote Access]]
 +
[[Category: Security]]
Unnilennium
Super Admin, Wiki & Docs Team, Bureaucrats, Interface administrators, Administrators
3,250

edits

Retrieved from "https://wiki.koozali.org/Special:MobileDiff/9328...33674"

Navigation menu