Page 1 of 2 12 LastLast
Results 1 to 10 of 14
  1. #1
    Newbie
    Join Date
    Dec 2007
    Posts
    8

    Default SSH into Untangle?

    This may sound like a silly question but does anyone know why I can't SSH into the untangle box? Everytime I try i get a Connection Refuse message.

    Thanks and it's probably something small i missed.

    Cheers

  2. #2
    Master Untangler hdallen55's Avatar
    Join Date
    Nov 2007
    Location
    Georgia
    Posts
    187

    Default

    rreinsch,

    Check that remote administration is enabled in the Untangle Client -> config -> Remote Admin Config -> Access. Have you launched a terminal session from the console yet? You also have to do that before you can remotely access the box.

    Doug
    www.vbcnetworks.com

  3. #3
    Untangler
    Join Date
    Dec 2007
    Posts
    48

    Default

    you have to enable ssh to the box... Go into the term and type sshd that will start the ssh demon. However i have not been able to get it to start up with the comp... need to do a bit more reserch

  4. #4
    Newbie
    Join Date
    Dec 2007
    Posts
    8

    Default

    Thanks for the quick reply! Yes i have checked and I do have access, I connect via HTTPS with no issues.
    I have launched the Terminal and I am able to login. Strange, do i need to forward port 22?? But if i can't even access it from the internal network then forwarding really does nothing.

    Strange... Any other ideas?

    Thanks,

    RR

  5. #5
    Newbie
    Join Date
    Dec 2007
    Posts
    8

    Default

    Quote Originally Posted by brianmay27 View Post
    you have to enable ssh to the box... Go into the term and type sshd that will start the ssh demon. However i have not been able to get it to start up with the comp... need to do a bit more reserch
    Thanks I will try that!!

    I really love this forum and this product!!


  6. #6
    Newbie
    Join Date
    Dec 2007
    Posts
    8

    Default

    Thanks brianmay27 it works like a charm!!

  7. #7
    Untangle Ninja juank's Avatar
    Join Date
    Aug 2007
    Location
    Athens
    Posts
    1,474

    Default

    Quote Originally Posted by rreinsch View Post

    I really love this forum and this product!!

    I agree! This is the best forum I've ever seen... really!
    --------------------------------
    Juan Machado
    --------------------------------

  8. #8
    Untangler cojo's Avatar
    Join Date
    Nov 2007
    Location
    St. Louis, MO
    Posts
    66

    Default

    rreinsch,

    you probably want to create symbolic link /etc/init.d/ssh* in /etc/rc3.d and /etc/rc5.d. This way ssh will start at boot.

  9. #9
    DMP
    DMP is offline
    Newbie
    Join Date
    Jan 2008
    Posts
    12

    Default sshd startup

    I did a softlink in the rc directory. What I did was to cd into /etc/rc5.d and type in the following command in the rc5.d (do the same in the rc3.d directory as well);
    ln -s ../init.d/ssh s20ssh

    Once that is done, sshd will start automatically the next time your box starts up.

    To start it up now, type in at the command prompt;

    /etc/init.d/ssh start

    and sshd will be started.

  10. #10
    Master Untangler
    Join Date
    Dec 2007
    Posts
    215

    Default SSH security issues

    Since there are tons of brute force attacks against SSH captured by DenyHosts:

    http://stats.denyhosts.net/stats.html

    I'd consider it a bad idea to allow remote ssh (ie. via the external interface) to the Untangle ssh server (ie. if you have either manually symlinked /etc/rc3.d/... and /etc/rc5.d/... to /etc/init.d/ssh or have enabled the "Config -> Support -> Allow Untangle Support..." option).

    The easiest way to secure the SSH server on Untangle is to bind the server to the LAN (internal interface) IP address rather than the default (which is all interfaces). To do so:

    ssh root@your_untangle_server

    vi /etc/ssh/sshd_config

    add a line:

    ListenAddress 192.168.1.1

    save the file.

    restart ssh:

    /etc/init.d/ssh restart
    Replace 192.168.1.1 (above) with the internal IP address of your Untangle server.

    After restarting ssh, you can connect to it from your internal network but not from the internet such that it won't be subject to brute force password attacks.

    Note: Untangle support will not be able to access your Untangle server so if you rely on their support efforts, don't do this (or do it and if you need their support, remember to comment out the ListenAddress line and restart ssh).

    For extra security:

    If you've setup other users on Untangle (ie. using useradd from the command line or similar), it's usually a good idea to set
    "PermitRootLogin no" in /etc/ssh/sshd_config to prevent users from logging in as root (since everybody knows that the ssh server has a root account). You may require root access so you'll need to use "sudo" after you login as non-root. This may be overkill if you've restricted external access (as described above) and your LAN is trusted.

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2