LinkBack URL
About LinkBacksThis may sound like a silly question but does anyone know why I can't SSH into the untangle box? Everytime I try i get a Connection Refuse message.
Thanks and it's probably something small i missed.
Cheers
SSH into Untangle?
This may sound like a silly question but does anyone know why I can't SSH into the untangle box? Everytime I try i get a Connection Refuse message.
Thanks and it's probably something small i missed.
Cheers
rreinsch,
Check that remote administration is enabled in the Untangle Client -> config -> Remote Admin Config -> Access. Have you launched a terminal session from the console yet? You also have to do that before you can remotely access the box.
Doug
www.vbcnetworks.com
you have to enable ssh to the box... Go into the term and type sshd that will start the ssh demon. However i have not been able to get it to start up with the comp... need to do a bit more reserch
Thanks for the quick reply! Yes i have checked and I do have access, I connect via HTTPS with no issues.
I have launched the Terminal and I am able to login. Strange, do i need to forward port 22?? But if i can't even access it from the internal network then forwarding really does nothing.
Strange... Any other ideas?
Thanks,
RR
Thanks I will try that!!Originally Posted by brianmay27
I really love this forum and this product!!
Thanks brianmay27 it works like a charm!!
I agree! This is the best forum I've ever seen... really!
I really love this forum and this product!!
--------------------------------
Juan Machado
--------------------------------
rreinsch,
you probably want to create symbolic link /etc/init.d/ssh* in /etc/rc3.d and /etc/rc5.d. This way ssh will start at boot.
sshd startup
I did a softlink in the rc directory. What I did was to cd into /etc/rc5.d and type in the following command in the rc5.d (do the same in the rc3.d directory as well);
ln -s ../init.d/ssh s20ssh
Once that is done, sshd will start automatically the next time your box starts up.
To start it up now, type in at the command prompt;
/etc/init.d/ssh start
and sshd will be started.
SSH security issues
Since there are tons of brute force attacks against SSH captured by DenyHosts:
http://stats.denyhosts.net/stats.html
I'd consider it a bad idea to allow remote ssh (ie. via the external interface) to the Untangle ssh server (ie. if you have either manually symlinked /etc/rc3.d/... and /etc/rc5.d/... to /etc/init.d/ssh or have enabled the "Config -> Support -> Allow Untangle Support..." option).
The easiest way to secure the SSH server on Untangle is to bind the server to the LAN (internal interface) IP address rather than the default (which is all interfaces). To do so:
Replace 192.168.1.1 (above) with the internal IP address of your Untangle server.ssh root@your_untangle_server
vi /etc/ssh/sshd_config
add a line:
ListenAddress 192.168.1.1
save the file.
restart ssh:
/etc/init.d/ssh restart
After restarting ssh, you can connect to it from your internal network but not from the internet such that it won't be subject to brute force password attacks.
Note: Untangle support will not be able to access your Untangle server so if you rely on their support efforts, don't do this (or do it and if you need their support, remember to comment out the ListenAddress line and restart ssh).
For extra security:
If you've setup other users on Untangle (ie. using useradd from the command line or similar), it's usually a good idea to set
"PermitRootLogin no" in /etc/ssh/sshd_config to prevent users from logging in as root (since everybody knows that the ssh server has a root account). You may require root access so you'll need to use "sudo" after you login as non-root. This may be overkill if you've restricted external access (as described above) and your LAN is trusted.
Posting Permissions
