Topic: [Solved] SSH Remote-Access after Update

[uli334]

I'm using ssh to control the sme over the internet. Therefore the setting for ssh remote access is on "whole internet" instead of "only local network".
My problem is, that after update of sme9 and "signal-event" with following reboot this setting gets back to "only local network".
So I can't reach the server anymore. Is there a setting to prevent this behavior?

Thanks for tipps, Uli

[JohnG]

Any chance that it's just autoblocking after too many logins? https://wiki.contribs.org/AutoBlock

[uli334]

No chance, its the same behavior on two production- and one testsystem. Im daily working with more than ten SME8 and they don't loose these settings.
Only on SME9 its always so - reproduceable...

[Daniel B.]

Please open a bug, attaching your /var/log/messages log. And the server mode (gateway or server only)

[mmccarn]

No chance, its the same behavior on two production- and one testsystem. Im daily working with more than ten SME8 and they don't loose these settings.
Only on SME9 its always so - reproduceable...

I believe this might be the relevant portion of the Autoblock wiki page that JohnG was trying to draw to your attention:

AutoBlock=disabled          # default for SME Server 8
AutoBlock=enabled           # default for SME Server 9

[uli334]

Hello,

I dit a fresh install of SME 9.1-64 as guest on virtualbox
- this sme- machine has got two network adapters
- servermode:    Privat Server und Gateway

After installation in Server-Manager I changed the remote-access settings to:
- Secure shell access: "Allow public access (entire Internet)"

- Then I procced an update via ssh: "yum update"
- After installing Updates:
  - signal-event post-upgrade
  - signal-event reboot
 
  After doing this I take a look in the Server-Manager again:
  - Secure shell access: "Allow access only from local networks"
 
  I don't believe that this has anything to do with AutoBlock, because it only happens after updating the SME9.
  I have more than 10 SME-8.2 running, none of them shows this behavior in changing remote access.
  But actually running three SME-9.1 and all do change the remote access as described.
  All do not use port 22 for ssh, this port is changed to another number to avoid unnecessary portscans.
  After changing the settings back to "Allow public access (entire Internet)" the servers run for weeks without any problems...

[Stefano]

Please open a bug with all the details, thank you

[Jean-Philippe Pialasse]

Hello,

I dit a fresh install of SME 9.1-64 as guest on virtualbox
- this sme- machine has got two network adapters
- servermode:    Privat Server und Gateway

After installation in Server-Manager I changed the remote-access settings to:
- Secure shell access: "Allow public access (entire Internet)"

- Then I procced an update via ssh: "yum update"
- After installing Updates:
  - signal-event post-upgrade
  - signal-event reboot
 
  After doing this I take a look in the Server-Manager again:
  - Secure shell access: "Allow access only from local networks"
 
  I don't believe that this has anything to do with AutoBlock, because it only happens after updating the SME9.
  I have more than 10 SME-8.2 running, none of them shows this behavior in changing remote access.
  But actually running three SME-9.1 and all do change the remote access as described.
  All do not use port 22 for ssh, this port is changed to another number to avoid unnecessary portscans.
  After changing the settings back to "Allow public access (entire Internet)" the servers run for weeks without any problems...

I have dozen of SME 9 all on remote site, and a such behaviour would have been a blocker that I would have found earlier by not being able to contact them after update.
From what you describe, the only difference is that I do not change the standard port.

have you tried without changing the port ?


from what I know the only way this could occurs is if you have set your server as servergateway-private and this is an expected behaviour.... if you do not want this to occurs you should have set servergateway


before raising a bug can you please give us the output of :

Code: [Select]

config getprop sysconfig PreviousSystemMode
config get SystemMode

[Jean-Philippe Pialasse]

- servermode:    Privat Server und Gateway

answer was right under my nose !

so if this is not what you expect set Server und Gateway instead.

You can then set as many service as you want to private ant they will remain as is.

[uli334]

Now I changed the server-mode from "Privat Server und Gateway" to "Server und Gateway":

- after changing and restart, the system has changed the ssh- access again to "Only from local networks"
- At this time, here the out put of:
  - config getprop sysconfig PreviousSystemMode : "servergateway"
  - config get SystemMode : "servergateway"

- via server-manager I set it back to "whole internet".
- Try to login via internet: ok. success!
- Performing an update: "yum update"
- After updates: "signal-event post-upgrade; signal-event reboot"

- After reboot I can access the server via internet! The ssh- access has not changed to "Only from local networks" like it did before when the server was "servergateway-private".

I tried the same procedure wit another 9.1, again successful.

Thank you for your help!
Uli

[Jean-Philippe Pialasse]

Great to hear,

I forgot to mention indeed that you had to set it back to public a last time, as the change from one sytem mode to another will reset to the default (private) for ssh.
From now on any update will keep your changes.