SSH denied login both internal and external

Allanon · 02-20-2008, 06:33 AM

So last night I reinstalled UT, restored my backup and created a new user with read only access. Enabled remote administration and edited my sshd_config file to watch all interfaces, changed PermitRootLogin to no and was able to connect from an outside host. However I saw an "error" of sorts upon connecting saying that the remote host couldnt be trusted...basically. I accepted by typing yes and was prompted for that read-only users password. The same one I set in the UT gui...and it is not being accepted.

Is there a better way to create a new user in UT that will allow for remote login rights?

mdh · 02-20-2008, 07:23 AM

Are you referring to SSH or Rermote Admin? The GUI has nothing to do with SSH except to enable it. You may or may not be using the same password for both, but if not, you gotta know which is which.

If you saw a certificate-based error, its because we self-sign a cert for Untangle, but its not recognized by anyone else. If you were talking about a Putty error, it was likely because you hadn't accessed your Untangle box via Putty before so the identity of the box wasn't cached yet.

gwar9999 · 02-20-2008, 09:55 AM

Quote:

Originally Posted by Allanon

So last night I reinstalled UT, restored my backup and created a new user with read only access. Enabled remote administration and edited my sshd_config file to watch all interfaces, changed PermitRootLogin to no and was able to connect from an outside host. However I saw an "error" of sorts upon connecting saying that the remote host couldnt be trusted...basically. I accepted by typing yes and was prompted for that read-only users password. The same one I set in the UT gui...and it is not being accepted.

Is there a better way to create a new user in UT that will allow for remote login rights?

You need to create a console user for SSH (not an Untangle GUI user). To do this, from the Untangle shell:

Quote:

useradd foo

useradd has several options too (such as defining the default shell, etc):

Quote:

usage: useradd [-u uid [-o]] [-g group] [-G group,...]
[-d home] [-s shell] [-c comment] [-m [-k template]]
[-f inactive] [-e expire ] [-p passwd] name
useradd -D [-g group] [-b base] [-s shell]
[-f inactive] [-e expire ]

After creating the 'foo' user, you should be able to login via ssh with the password that you assigned to foo.

SSH uses the users found in /etc/passwd rather than those created for Untangle use (within the Untangle GUI). As MDH said, there are 2 types of users wrt Untangle.

rdchavali · 02-20-2008, 03:02 PM

How can I use SSH to get into the Untangled box?

abridge · 02-20-2008, 03:08 PM

I use putty. It works well.

http://www.chiark.greenend.org.uk/~sgtatham/putty/

rdchavali · 02-20-2008, 03:26 PM

Quote:

Originally Posted by abridge

I use putty. It works well.

http://www.chiark.greenend.org.uk/~sgtatham/putty/

I use the gnome terminal in Ubuntu but I am sure how am I supposed to login.

abridge · 02-20-2008, 04:12 PM

Quote:

Originally Posted by rdchavali

I use the gnome terminal in Ubuntu but I am sure how am I supposed to login.

First make sure ssh is allowed on the config tab in the Untangle GUI.
1. From the Untangle Client, click Config tab > Support. The Support Config window launches.
2. Click the Access Restrictions tab.
3. Select the Allow radio button.
4. Click the Save Settings button

Second, from the ubuntu gnome terminal
ssh root@your.untangle.ip
enter your password

If you don't want to use root you can replace root with a different username if you made one. Then use the password created for that user.

Allanon · 02-20-2008, 06:51 PM

Ok so I used useradd to create a new user following this syntax: "useradd -p somepassword foo" Logged into my remote ssh host, then tried "ssh foo@my.untanlge.ip, get prompted for a password and UT still does not accept it.

I nano'd /etc/passwd and verified the user i created is in that file, without a default shell but still he's in there.

Anything else I can try? Oh yeah I did re-verify that Support is allowed to remotely access my server too.
Should I have assigned the new user to a group?

Allanon · 02-20-2008, 06:58 PM

Ok I quickly googled "useradd" and found out that I did infact use the wrong syntax. Instead of:
"useradd -p somepassword foo" I should have used,
"useradd foo" followed by "passwd foo", then get prompted for this users new password. I am FINALLY IN!! W00T!

02-20-2008, 06:33 AM	#1 (permalink)
Allanon Master Untangler Join Date: Dec 2007 Posts: 102	SSH denied login both internal and external - SOLVED So last night I reinstalled UT, restored my backup and created a new user with read only access. Enabled remote administration and edited my sshd_config file to watch all interfaces, changed PermitRootLogin to no and was able to connect from an outside host. However I saw an "error" of sorts upon connecting saying that the remote host couldnt be trusted...basically. I accepted by typing yes and was prompted for that read-only users password. The same one I set in the UT gui...and it is not being accepted. Is there a better way to create a new user in UT that will allow for remote login rights? Last edited by Allanon; 02-20-2008 at 06:57 PM..

Protect

Filter

Perform

Connect

Manage

Add-Ons

02-20-2008, 07:23 AM	#2 (permalink)
mdh Join Date: Aug 2007 URLs submitted: 171 Posts: 4,802	Are you referring to SSH or Rermote Admin? The GUI has nothing to do with SSH except to enable it. You may or may not be using the same password for both, but if not, you gotta know which is which. If you saw a certificate-based error, its because we self-sign a cert for Untangle, but its not recognized by anyone else. If you were talking about a Putty error, it was likely because you hadn't accessed your Untangle box via Putty before so the identity of the box wasn't cached yet.

02-20-2008, 03:02 PM	#4 (permalink)
rdchavali Untangler Join Date: Feb 2008 Posts: 31	How can I use SSH to get into the Untangled box?

02-20-2008, 03:08 PM	#5 (permalink)
abridge Untangler Join Date: Jan 2008 URLs submitted: 5 Posts: 59	I use putty. It works well. http://www.chiark.greenend.org.uk/~sgtatham/putty/

02-20-2008, 06:51 PM	#8 (permalink)
Allanon Master Untangler Join Date: Dec 2007 Posts: 102	Ok so I used useradd to create a new user following this syntax: "useradd -p somepassword foo" Logged into my remote ssh host, then tried "ssh foo@my.untanlge.ip, get prompted for a password and UT still does not accept it. I nano'd /etc/passwd and verified the user i created is in that file, without a default shell but still he's in there. Anything else I can try? Oh yeah I did re-verify that Support is allowed to remotely access my server too. Should I have assigned the new user to a group?

02-20-2008, 06:58 PM	#9 (permalink)
Allanon Master Untangler Join Date: Dec 2007 Posts: 102	Ok I quickly googled "useradd" and found out that I did infact use the wrong syntax. Instead of: "useradd -p somepassword foo" I should have used, "useradd foo" followed by "passwd foo", then get prompted for this users new password. I am FINALLY IN!! W00T!