Hi 
I created some SSL certificates from OMV.
After i deleted them from the web ui i see that only the certs are correctly deleted from /etc/ssl/certs, but the key files are still present in /etc/ssl/private
Is it safe to delete them manually? Any idea why they are not automatically removed?
Thanks in advance!
Thanks! Update installed and tried
Resolving the thread.
Nope. The sftp plugin is completely separate from the ssh plugin. It starts its own server process with separate config file. https://github.com/OpenMediaVa…es/omv_sftp_config.j2#L38
That said, I screwed up the saltstack code when porting to 4.x and it uses all environment variables ignoring some of the settings from the web interface. I never noticed (I do use the plugin) because I never disable public key auth. So, don't look at settings in ssh and think they affect the sftp plugin. I will have to fix it.
Oh i see, thank you for the prompt response!
Will keep the thread unsolved in the meantime.
Hi
In SSH configuration i'm using public key authentication and i've disabled authentication with password.
I'm also using the SFTP plugin and in there it does not matter if i enable or not the public key authentication, it will always act like it's enabled. So if i login in SFTP with WinSCP it will use my private key also if i disabled public key authentication in SFTP.
Password authentication instead works fine for SFTP even if it's disabled in SSH configuration.
I think that the SFTP plugin inherits public key settings from SSH, overwriting anything i select for SFTP. Correct?
you should use the adduser command.
The the man page for it:
man adduser
Can I use the adduser command for a user that is already present in OMV? Or I risk to break?
Maybe "mkhomedir_helper" could be better?
Looking in /etc/passwd it seems that the user already has an home dir, strange.
EDIT: Tried and it worked! Strange I had to run it from /usr/sbin because it was not in my path.
I don't use OMV to create users. I am not worried about the tiny amount of data that supports their shell in users home directories on the rootfs.
I see, you think i could create it by hand with?:
That is the standard way of doing it in *nix OSs.
I know but OMV does not create home folders for home users in order to now fill the system drive with other data than OMV. This is what i know.
in the user's home folder
I see, but i do not have a home folder for my user. You have it in a sharefolder "the OMV way"?
I think i do not need that, is it the only way?
Hi,
i have some aliases in place for my root user. Would like to use the same aliases for my user too.
How can i do this? From a reddit post i saw that copying .bashrc, .bash_aliases, .profile to /etc/profile.d should work. But it does not for me. Maybe i am missing something?
Would also like to see the same color formatting for directories and files.
Thanks in advance!
Hi,
just implemented public key authentication for ssh. I've generated the keys for my user, so not for root, with Puttygen.
I have some questions:
1. I added the public key for my user in "Access Right Management | Users | <USERNAME> | Edit | Public Keys", so why i had a private and a public key also for user root in the directory ".ssh"? I deleted them for my tests, hope this was not a mistake.
2. Testing i deleted the public key for my user from "Access Right Management | Users | <USERNAME> | Edit | Public Keys" and strangely i can still log in in ssh with public key. How possible?
3. Connected to my previous question, if for root the key is saved in ".ssh", where is it saved for the users? Can't find it.
4. Why for root user i had also the private key there? I thought that was intended to stay only on the device you want to connect from.
Thanks in advance if you will have the patience to reply!
No. Just look at the changes for these files - https://github.com/openmediava…t/srv/salt/omv/deploy/ssh
Yep i see the name of the service is still "ssh" in those files.
Strange, anyway i also tried with "ssh2" but same issue, so probably something changed for Fail2Ban package as you were saying.
Any hint on the 2 questions of my previous post?
Hi,
have a question about docker networking.
Actually in my OMV dashboard i see 16 veth interfaces listed.
I know that every container has a veth pair and only one is visible to the host.
First strange fact is that in the OMV dashboard i see both for a container i don't know the name of.
In the dashboard i see both veth0346e0c and vethdc5188e. I should see only one.
From terminal i see:
15 veth interfaces here. vethdc5188e is one of them, and is UP but not RUNNING.
So my questions here are:
1. Why from the dashboard i see an entire veth pair and from terminal i only see one? (both have the eth icon grey next to them).
2. I managed to find to which container is attached every veth interface. All but not for vethdc5188e.
How can i understand what is this interface?
Maybe something changed with fail2ban package itself?
Yep I saw that the plugin hasn't changed.
Was asking if something in how OMV calls ssh changed. In this case you say maybe it's Fail2ban package to be changed.
Isn't more plausible that OMV changed the way how to call ssh service from ssh to ssh2 instead?
As said I see from the logs that when a wrong password is used, the name for the service is ssh2. Don't know if Fail2ban package can change how the system calls the service honestly.
So maybe the plugin can be updated. It's not a big issue tho. It works with the port number. EDIT: I tried using "ssh2" as placeholder but the issue persists, it's like "ssh2" is not a valid placeholder.
As said it now only works using the port number directly.
Two questions:
What difference between the ssh and ssh ddos jails?
And I see that in the Fail2ban tab the default ban time is 1 week, but in the jails tab the ban time is -1, so forever.
So which one is used? The one in the first default tab for the plugin or the one for the jail?
Hi,
would like to ask if something has changed with latest versions of OMV 5 and the Fail2Ban plugin.
It was working fine. I have ssh port on a different port than 22 and also forwarded that port to the same port for the outside.
Now i tried to put in the wrong password and the ips get banned correctly. I see them in the logs, but i can still try to connect to my ssh and entering the correct password i'm logged. So the banned ips can still see my ssh server.
Why this is happening in your opinion?
Thanks in advance!
EDIT: Strange, changing the port from the placeholder "ssh" to the actual port number fixes the issue with the jail. It was working in the past so maybe something changed?
In the logs i see for example: Failed password for root from xx.xx.xx.xx port xxx ssh2
OMV moved to use ssh2?
What is the output of: apt-cache policy openmediavault-omvextrasorg
It seems it is already installed https://pastebin.com/YhTkCWmB
From my previous logs i thought i was installing 5.5.2 
Better looking it seems i was installing 5.5.2 but you updated it to 5.5.3 so i updated to this the second time i tried.
Did you try the apt clean button in omv-extras? what is its output?
Here is the output: https://pastebin.com/iczXYL6L
After that i still can't find the update.
I just pushed 5.5.3 to the repo a few mins ago.
Strange, I'm checking since yesterday but can't find this update.
I don't see an omv-extras error there. The output window did lose connection with the process but just refreshing the page would fix that.
I thought the issue was omv-extras there, the only one that was not installed.
I just pushed 5.5.3 to the repo a few mins ago. And I am using reprepro which doesn't keep old copies. So, you need to click Check and try again.
I see, thanks!
Hi, i have just installed the latest updates and found some odds erros at the end.
Here is the log: https://pastebin.com/txLLhFaz
I see that after that there is still the update missing for omvextrasorg 5.5.2.
Trying to update it gives me the following: https://pastebin.com/iMPZLJ7B
Updated now, but still with some errors: https://pastebin.com/8vthKC1R
Is it ok this way?
What could be the cause of this?
Thanks in advance!
Hi
I have installed fail2ban plugin and have a doubt with the configuration.
I see in the "Settings" page for the plugin that "Bantime" is set to 604800 to default.
In the "Jails" page all the jails have a Ban Time of -1, so forever if i'm not wrong.
So which one is used? 604800 or -1?
Images attached.
