Posts by steakhutzeee

    Hi :)


    I created some SSL certificates from OMV.


    After i deleted them from the web ui i see that only the certs are correctly deleted from /etc/ssl/certs, but the key files are still present in /etc/ssl/private


    Is it safe to delete them manually? Any idea why they are not automatically removed?



    Thanks in advance!

    Nope. The sftp plugin is completely separate from the ssh plugin. It starts its own server process with separate config file. https://github.com/OpenMediaVa…es/omv_sftp_config.j2#L38


    That said, I screwed up the saltstack code when porting to 4.x and it uses all environment variables ignoring some of the settings from the web interface. I never noticed (I do use the plugin) because I never disable public key auth. So, don't look at settings in ssh and think they affect the sftp plugin. I will have to fix it.

    Oh i see, thank you for the prompt response!


    Will keep the thread unsolved in the meantime.

    Hi :)


    In SSH configuration i'm using public key authentication and i've disabled authentication with password.


    I'm also using the SFTP plugin and in there it does not matter if i enable or not the public key authentication, it will always act like it's enabled. So if i login in SFTP with WinSCP it will use my private key also if i disabled public key authentication in SFTP.


    Password authentication instead works fine for SFTP even if it's disabled in SSH configuration.


    I think that the SFTP plugin inherits public key settings from SSH, overwriting anything i select for SFTP. Correct?

    you should use the adduser command.


    The the man page for it:


    man adduser

    Can I use the adduser command for a user that is already present in OMV? Or I risk to break?


    Maybe "mkhomedir_helper" could be better?


    Looking in /etc/passwd it seems that the user already has an home dir, strange.


    EDIT: Tried and it worked! Strange I had to run it from /usr/sbin because it was not in my path.

    Hi,


    i have some aliases in place for my root user. Would like to use the same aliases for my user too.


    How can i do this? From a reddit post i saw that copying .bashrc, .bash_aliases, .profile to /etc/profile.d should work. But it does not for me. Maybe i am missing something?

    Would also like to see the same color formatting for directories and files.


    Thanks in advance!

    Hi,


    just implemented public key authentication for ssh. I've generated the keys for my user, so not for root, with Puttygen.


    I have some questions:


    1. I added the public key for my user in "Access Right Management | Users | <USERNAME> | Edit | Public Keys", so why i had a private and a public key also for user root in the directory ".ssh"? I deleted them for my tests, hope this was not a mistake.


    2. Testing i deleted the public key for my user from "Access Right Management | Users | <USERNAME> | Edit | Public Keys" and strangely i can still log in in ssh with public key. How possible?


    3. Connected to my previous question, if for root the key is saved in ".ssh", where is it saved for the users? Can't find it.


    4. Why for root user i had also the private key there? I thought that was intended to stay only on the device you want to connect from.



    Thanks in advance if you will have the patience to reply!

    Hi,


    have a question about docker networking.


    Actually in my OMV dashboard i see 16 veth interfaces listed.


    I know that every container has a veth pair and only one is visible to the host.


    First strange fact is that in the OMV dashboard i see both for a container i don't know the name of.


    Code
    root@DK:~# ethtool -S vethdc5188e
    NIC statistics:
    peer_ifindex: 15
    root@DK:~# ip link | grep 15:
    15: veth0346e0c@vethdc5188e: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT group default
    root@DK:~#


    In the dashboard i see both veth0346e0c and vethdc5188e. I should see only one.


    From terminal i see:


    15 veth interfaces here. vethdc5188e is one of them, and is UP but not RUNNING.


    So my questions here are:


    1. Why from the dashboard i see an entire veth pair and from terminal i only see one? (both have the eth icon grey next to them).


    2. I managed to find to which container is attached every veth interface. All but not for vethdc5188e.

    How can i understand what is this interface?

    Maybe something changed with fail2ban package itself?

    Yep I saw that the plugin hasn't changed.

    Was asking if something in how OMV calls ssh changed. In this case you say maybe it's Fail2ban package to be changed.

    Isn't more plausible that OMV changed the way how to call ssh service from ssh to ssh2 instead?


    As said I see from the logs that when a wrong password is used, the name for the service is ssh2. Don't know if Fail2ban package can change how the system calls the service honestly.


    So maybe the plugin can be updated. It's not a big issue tho. It works with the port number. EDIT: I tried using "ssh2" as placeholder but the issue persists, it's like "ssh2" is not a valid placeholder.


    As said it now only works using the port number directly.


    Two questions:


    What difference between the ssh and ssh ddos jails?


    And I see that in the Fail2ban tab the default ban time is 1 week, but in the jails tab the ban time is -1, so forever.

    So which one is used? The one in the first default tab for the plugin or the one for the jail?

    Hi,


    would like to ask if something has changed with latest versions of OMV 5 and the Fail2Ban plugin.


    It was working fine. I have ssh port on a different port than 22 and also forwarded that port to the same port for the outside.


    Now i tried to put in the wrong password and the ips get banned correctly. I see them in the logs, but i can still try to connect to my ssh and entering the correct password i'm logged. So the banned ips can still see my ssh server.


    Why this is happening in your opinion?


    Thanks in advance!


    EDIT: Strange, changing the port from the placeholder "ssh" to the actual port number fixes the issue with the jail. It was working in the past so maybe something changed?


    In the logs i see for example: Failed password for root from xx.xx.xx.xx port xxx ssh2


    OMV moved to use ssh2?