Koozali.org formerly Contribs.org

Server only mode network range limits?

Server only mode network range limits?
« on: July 31, 2013, 05:36:06 PM »
Is there currently any limitation on the network range running the SME server in server only mode, in regards to running a public IP range in this mode?

I am having problems getting my IP configuration working with a IP range of 160.123.40.0/28. I have specified all the relevant settings but if I look under /etc/sysconfig/network-scripts/ifcfg-eth0 I do not see the gateway entry for instance.

Re: Server only mode network range limits?
« Reply #1 on: July 31, 2013, 07:17:01 PM »
I am having problems getting my IP configuration working with a IP range of 160.123.40.0/28.

What trouble?

Quote
I have specified all the relevant settings but if I look under /etc/sysconfig/network-scripts/ifcfg-eth0 I do not see the gateway entry for instance.

You'll find the gateway in:

/etc/sysconfig/network

Re: Server only mode network range limits?
« Reply #2 on: August 01, 2013, 10:27:01 AM »
Well for starters I cannot use Putty to the server. I have enabled "Allow administrative command line access over secure shell" and after I type in the password it just closes my Putty session. I am however able to connect via the web management interface and even establish a SCP connection.

EDIT: After further troubleshooting from both the server and client side I found this from the client.

login as: root
root@xxx.xxx.xxx.xxx's password:
Last login: Thu Aug  1 10:01:19 2013 from xxxxxxxxxxxxx

/bin/bash: No such file or directory


If I disable the "Don't start a shell or command at all" in my Windows Putty client it just gives me a black screen after the password prompt. I have tried as well with different SSH versions and from different computers but I always end up with the same error.
« Last Edit: August 01, 2013, 11:08:39 AM by 1-0-1 »

Re: Server only mode network range limits?
« Reply #3 on: August 01, 2013, 02:24:29 PM »
You have to find out why you have this problem and correct it:

/bin/bash: No such file or directory

Re: Server only mode network range limits?
« Reply #4 on: August 01, 2013, 06:17:54 PM »
This is pretty much out of a out of box install. Looks like I have to go through these steps :(

http://oio11.livejournal.com/1209298.html

Offline _alex

  • ***
  • 103
Re: Server only mode network range limits?
« Reply #5 on: August 01, 2013, 06:25:45 PM »
don't follow this chroot procedure!

Can You login as root on the console?

if not, boot with the install cd, and select option "rescue broken system"
« Last Edit: August 01, 2013, 06:41:45 PM by _alex »

Re: Server only mode network range limits?
« Reply #6 on: August 01, 2013, 07:31:36 PM »
This is pretty much out of a out of box install.

What does "pretty much" mean? I suspect you have done some sort of chroot modification, and that is what has broken your system. Undo what you did.

Re: Server only mode network range limits?
« Reply #7 on: August 01, 2013, 10:05:04 PM »
don't follow this chroot procedure!

Can You login as root on the console?

if not, boot with the install cd, and select option "rescue broken system"

Yes I can log in fine with root on the console.

What does "pretty much" mean? I suspect you have done some sort of chroot modification, and that is what has broken your system. Undo what you did.

I took over the installation as the person initially installing it was in a motorcycle accident. I was under the impression he did a standard install with no custom modifications. You are right about the chroot though. I found the SSHD config contains point CHROOT to /sftp/. I have commented out that line and I am able to remotely log in via Putty. However I noticed that the config file clearly states not to make any modification in the file. How do I fix this within SME standards?

Also is there a way to check if there where any other "customization"?  We still early in the project and the system is not live yet. We using it only for SFTP and e-mail relaying to a single e-mail address. I am thinking of re-installing the server to make sure there is no other gotcha's down the line.

Offline _alex

  • ***
  • 103
Re: Server only mode network range limits?
« Reply #8 on: August 01, 2013, 11:49:55 PM »
Quote
Also is there a way to check if there where any other "customization"?  We still early in the project and the system is not live yet. We using it only for SFTP and e-mail relaying to a single e-mail address. I am thinking of re-installing the server to make sure there is no other gotcha's down the line.

Customisations are located in /etc/e-smith/templates-custom/. Unless the system is seriously messed up, it is unlikely that You need to reinstall it.

Offline janet

  • ****
  • 4,812
Re: Server only mode network range limits?
« Reply #9 on: August 02, 2013, 12:38:10 AM »
1-0-1

Quote
I am thinking of re-installing the server to make sure there is no other gotcha's down the line.

That is probably a good idea, on  a fast server you could have it all freshly (clean) installed & setup in one hour.
That way you have a known starting point & there will be no hidden tweaks that have been made directly to config files (which is NOT the sme way of doing things).
As you say, you have very little to configure.
Please search before asking, an answer may already exist.
The Search & other links to useful information are at top of Forum.

Re: Server only mode network range limits?
« Reply #10 on: August 07, 2013, 11:30:37 PM »
So my problem was due to a chroot issue which also prevents Putty logins from working as it was assigned no bash. Looking around on the forum it seems chroot SFTP users is not supported on SME Server 8.x. The most relevant and recent info I found is a bug report, http://bugs.contribs.org/show_bug.cgi?id=3178#c17.

Quote
Unnilennium 2013-06-16 20:56:23 MDT
this bug is for sme9 .
open SSH version is too old in sme 8 / centos 5. However you can find a version recent enough for sme8 in centalt repo if you trust to use this repo.

What is the official status of chrooting SFTP users (specific users only for SFTP use) in SME 8.x without making modifications beyond the server manager portal?

EDIT: Okay going through some other articles related to other distros I just want to clear up what I understand by chroot SFTP.

- Chroot SFTP user is restricted to a home directory. Has full access to his home directory but cannot move beyond his home directory.
- Chroot SFTP user is only for SFTP and cannot log in via SSH or console.
- The chroot SFTP will not effect other users accounts.
« Last Edit: August 07, 2013, 11:41:01 PM by 1-0-1 »

Offline janet

  • ****
  • 4,812
Re: Server only mode network range limits?
« Reply #11 on: August 08, 2013, 01:55:57 AM »
1-0-1

There are two articles in the Howtos section, on FTP & SFTP, have you read them.
Link to Howtos at top of forum

Search forums on
FTP
&
SFTP
go back a few years for some good details.
Please search before asking, an answer may already exist.
The Search & other links to useful information are at top of Forum.

Re: Server only mode network range limits?
« Reply #12 on: August 08, 2013, 02:29:55 AM »
What is the official status of chrooting SFTP users (specific users only for SFTP use) in SME 8.x without making modifications beyond the server manager portal?

Officially (as you already know) not supported. IMO, not necessary. What are you hoping that it will achieve?

Re: Server only mode network range limits?
« Reply #13 on: August 08, 2013, 08:01:57 AM »
Thanks Janet - have gone through some the old posts until I cam across the bug report stating that this is not officially supported. I am concerned of making huge diversion from a distro's given principles.

Officially (as you already know) not supported. IMO, not necessary. What are you hoping that it will achieve?

Quoting myself here:

Quote
- Chroot SFTP user is restricted to a home directory. Has full access to his home directory but cannot move beyond his home directory.
- Chroot SFTP user is only for SFTP and cannot log in via SSH or console.
- The chroot SFTP will not effect other users accounts.

Why do you say it is not necessary as to how I understand it this is the only way to create secure SFTP directories? Oh and I think it is called jailed chroot although I understood chroot does that in a sense :/ Sorry but Linux is not my specialty and the lack of standards from distro to distro is confusing.
« Last Edit: August 08, 2013, 08:13:23 AM by 1-0-1 »