Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

What if SSHD_PORT is changed and not 22 by default? #261

Open
malsony opened this issue Aug 19, 2024 · 2 comments
Open

What if SSHD_PORT is changed and not 22 by default? #261

malsony opened this issue Aug 19, 2024 · 2 comments

Comments

@malsony
Copy link

malsony commented Aug 19, 2024

In line 103 of /functions/cleanup.sh, the script asks:

"File: /etc/nftables.conf, with SSHD ports: 22. [Y|n]"

Because I have changed the default port number of sshd by adding an extra line in /etc/ssh/sshd_config.d/60-cloudimg-settings.conf and I am not sure if I should type the port number or just "n"? I tried "n", but the script took for granted that I do not want to update the firewall rules.

Later I tracked back the source codes, and realized that the SSHD port was detected by /conf/global, from line 637, and I suggest the detector change another way to get the port number of sshd.

REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER:

  • iRedMail version (check /etc/iredmail-release): 1.7.2
  • Deployed with iRedMail Easy or the downloadable installer? Downloaded from GitHub
  • Linux/BSD distribution name and version: Ubuntu 24.02
  • Store mail accounts in which backend (LDAP/MySQL/PGSQL): MariaDB (MySQL)
  • Web server (Apache or Nginx): Nginx
  • Manage mail accounts with iRedAdmin-Pro? No
  • [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
@malsony
Copy link
Author

malsony commented Aug 19, 2024

As a temporary work-around, I added some lines to /conf/global:

Add a line 639:
export SSHD_SUPPLIMENTAL_CONFIG='/etc/ssh/sshd_config.d/60-cloudimg-settings.conf'

Add a block from line 645:

if [ X"${SSHD_PORT}" == X'' ]; then
    export SSHD_PORT="$(awk '/^Port/ {print $2}' ${SSHD_SUPPLIMENTAL_CONFIG} | head -1)"
    export SSHD_PORT2="$(awk '/^Port/ {print $2}' ${SSHD_SUPPLIMENTAL_CONFIG} | tail -1)"
fi

@iredmail
Copy link
Owner

"File: /etc/nftables.conf, with SSHD ports: 22. [Y|n]"

You can answer "Y" here, it will copy prepared firewall rules.
Then it asks whether to restart firewall right now, choose "N" here so that you can update firewall rules with correct port number.

iRedMail installer checks file /etc/ssh/sshd_config by default, so if you changed it in file under /etc/ssh/sshd_config.d/, it won't be detected by the installer. If i remember correctly, old OpenSSH doesn't support loading config snippets, and i forgot to update this with recent linux/bsd distros. Will try to fix it in later release, but no plan shortly, sorry. Busy working on iRedMail Enterprise Edition: https://www.iredmail.org/ee.html

@iredmail iredmail reopened this Aug 19, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@iredmail @malsony