Bug #2847

Remote access: web interface error when changing the SSH port

Added by Giacomo Sanchietti about 5 years ago. Updated almost 5 years ago.

Status:CLOSEDStart date:
Priority:LowDue date:
Assignee:-% Done:

100%

Category:nethserver-openssh
Target version:v6.5
Security class: Resolution:
Affected version:v6.5-final NEEDINFO:No

Description

Enter the page Remote Access -> SSH, change the port to a custom value and click on the save button.

The web UI blocks and displays this error:

[["Tf0a2af2d",[]],["T3e4a6b52","enabled"],["T92176716","11122"],["T16199657","yes"],["T852f7497","yes"],["T0f8fddea","public"],["__COMMANDS__",{"0":{"R":"RemoteAccess_Ssh_Port","M":"setMandatoryFields","A":[{"RemoteAccess_Ssh_Port_port":true}]},"1":{"R":"RemoteAccess_Ssh_Access","M":"setMandatoryFields","A":[{"RemoteAccess_Ssh_Access_passwordAuth":true,"RemoteAccess_Ssh_Access_rootLogin":true,"RemoteAccess_Ssh_Access_access":true}]}}],["__STATE__","132e51981c37e4b86d6683211773e527"]]

Extract from messages:

Jun 24 12:18:24 localhost /sbin/e-smith/db[22372]: /var/lib/nethserver/db/configuration: OLD sshd=service|LoginGraceTime|2m|MaxAuthTries|6|PasswordAuthentication|yes|PermitRootLogin|yes|Protocol|2|TCPPort|22|UsePAM|yes|access|public|status|enabled
Jun 24 12:18:24 localhost /sbin/e-smith/db[22372]: /var/lib/nethserver/db/configuration: NEW sshd=service|LoginGraceTime|2m|MaxAuthTries|6|PasswordAuthentication|yes|PermitRootLogin|yes|Protocol|2|TCPPort|2222|UsePAM|yes|access|public|status|enabled
Jun 24 12:18:24 localhost httpd-admin: [NOTICE] Nethgui\System\NethPlatform::runEvents() post-process
Jun 24 12:18:24 localhost esmith::event[22374]: Event: remoteaccess-update 
Jun 24 12:18:24 localhost esmith::event[22374]: expanding /etc/httpd/admin-conf/httpd.conf
Jun 24 12:18:24 localhost esmith::event[22374]: expanding /etc/ssh/sshd_config
Jun 24 12:18:24 localhost esmith::event[22374]: Action: /etc/e-smith/events/actions/generic_template_expand SUCCESS [0.194429]
Jun 24 12:18:24 localhost esmith::event[22376]: Event: lokkit-save remoteaccess-update
Jun 24 12:18:24 localhost esmith::event[22376]: expanding /etc/sysconfig/ipv4_services_custom
Jun 24 12:18:24 localhost esmith::event[22376]: expanding /etc/sysconfig/system-config-firewall
Jun 24 12:18:24 localhost esmith::event[22376]: Action: /etc/e-smith/events/actions/generic_template_expand SUCCESS [0.082476]
Jun 24 12:18:25 localhost kernel: ip_tables: (C) 2000-2006 Netfilter Core Team
Jun 24 12:18:25 localhost kernel: nf_conntrack version 0.5.0 (3923 buckets, 15692 max)
Jun 24 12:18:25 localhost kernel: ip6_tables: (C) 2000-2006 Netfilter Core Team
Jun 24 12:18:25 localhost esmith::event[22376]: Action: /etc/e-smith/events/lokkit-save/S20lokkit-apply SUCCESS [0.289766]
Jun 24 12:18:25 localhost esmith::event[22376]: Event: lokkit-save SUCCESS
Jun 24 12:18:25 localhost esmith::event[22374]: Action: /etc/e-smith/events/remoteaccess-update/S20firewall-adjust SUCCESS [0.434191]
Jun 24 12:18:25 localhost esmith::event[22374]: [INFO] service httpd-admin reload
Jun 24 12:18:25 localhost esmith::event[22374]: httpd-admin-reload stop/waiting
Jun 24 12:18:25 localhost esmith::event[22374]: [INFO] httpd-admin reload
Jun 24 12:18:25 localhost esmith::event[22374]: [INFO] service sshd restart
Jun 24 12:18:25 localhost sshd[12736]: Received signal 15; terminating.
Jun 24 12:18:26 localhost esmith::event[22374]: Stopping sshd: [  OK  ]#015
Jun 24 12:18:26 localhost esmith::event[22374]: Starting sshd: [  OK  ]#015
Jun 24 12:18:26 localhost esmith::event[22374]: [INFO] sshd restart
Jun 24 12:18:26 localhost esmith::event[22374]: Action: /etc/e-smith/events/actions/adjust-services SUCCESS [1.452134]
Jun 24 12:18:26 localhost esmith::event[22374]: Event: remoteaccess-update SUCCESS
Jun 24 12:18:26 localhost sshd[22601]: Server listening on 0.0.0.0 port 2222.
Jun 24 12:18:26 localhost esmith::event[22604]: Event: nethserver-base-save 
Jun 24 12:18:26 localhost esmith::event[22604]: expanding /etc/hosts.allow
Jun 24 12:18:26 localhost esmith::event[22604]: expanding /etc/hosts.deny
Jun 24 12:18:26 localhost esmith::event[22604]: Action: /etc/e-smith/events/actions/generic_template_expand SUCCESS [0.076389]
Jun 24 12:18:26 localhost esmith::event[22604]: Event: nethserver-base-save SUCCESS
Jun 24 12:18:26 localhost httpd-admin: PHP Warning:  Cannot modify header information - headers already sent by (output started at /usr/share/nethesis/Nethgui/Utility/HttpResponse.php:81) in /usr/share/nethesis/nethserver-manager/index.php on line 38

The bug is always reproducible.


Related issues

Related to NethServer 6 - Enhancement #2785: Drop TCP wrappers hosts.allow hosts.deny templates CLOSED

Associated revisions

Revision a68b4910
Added by Davide Principi almost 5 years ago

Ssh UI module: remoteaccess-update event started detached. Refs #2847

Revision 29e7133c
Added by Davide Principi almost 5 years ago

hosts.allow/deny template: removed sshd settings. Refs #2847 #2785

History

#1 Updated by Giacomo Sanchietti about 5 years ago

  • Category set to nethserver-openssh
  • Status changed from NEW to TRIAGED
  • Target version set to v6.5
  • % Done changed from 0 to 20

#2 Updated by Filippo Carletti about 5 years ago

  • Priority changed from Normal to Low

The bug is cosmetic. If you reload the page the new sshd port is displayed and sshd listens on correct port.

#3 Updated by Giacomo Sanchietti about 5 years ago

  • Affected version changed from v6.5 to v6.5-final

#4 Updated by Giacomo Sanchietti about 5 years ago

  • Subject changed from Remote access: changing the SSH port blocks the web UI to Remote access: web interface error when changing the SSH port

#5 Updated by Giacomo Sanchietti about 5 years ago

  • Status changed from TRIAGED to ON_DEV
  • Assignee set to Giacomo Sanchietti
  • % Done changed from 20 to 30

#6 Updated by Giacomo Sanchietti about 5 years ago

  • Status changed from ON_DEV to TRIAGED
  • Assignee deleted (Giacomo Sanchietti)
  • % Done changed from 30 to 20

The bug is in /usr/share/nethesis/NethServer/Module/RemoteAccess/Ssh.php, inside the process function.

Changing the line

$this->getPlatform()->signalEvent('remoteaccess-update@post-response');

to
$this->getPlatform()->signalEvent('remoteaccess-update &');

fixes the problem.

But further investigation on framework is needed.

#7 Updated by Davide Principi almost 5 years ago

  • Status changed from TRIAGED to ON_DEV
  • Assignee set to Davide Principi
  • % Done changed from 20 to 30

#8 Updated by Davide Principi almost 5 years ago

  • Related to Enhancement #2785: Drop TCP wrappers hosts.allow hosts.deny templates added

#9 Updated by Davide Principi almost 5 years ago

  • Status changed from ON_DEV to MODIFIED
  • Assignee deleted (Davide Principi)
  • % Done changed from 30 to 60

Test case

  • check bug reproducibility
  • removed TCP wrappers (/etc/hosts.allow/deny templates):
    check ssh connectivity from green and red networks

#10 Updated by Davide Principi almost 5 years ago

  • Status changed from MODIFIED to ON_QA
  • % Done changed from 60 to 70

In nethserver-testing:
nethserver-openssh-1.0.6-2.0git29e7133c.ns6.noarch.rpm

#11 Updated by Giacomo Sanchietti almost 5 years ago

  • Assignee set to Giacomo Sanchietti

#12 Updated by Giacomo Sanchietti almost 5 years ago

  • Status changed from ON_QA to VERIFIED
  • Assignee deleted (Giacomo Sanchietti)
  • % Done changed from 70 to 90

Tried to change to port 2222, everything is fine.

Daemon is listening:

[root@localhost ~]# netstat -lanp | grep sshd | grep LISTEN
tcp        0      0 0.0.0.0:2222                0.0.0.0:*                   LISTEN      1042/sshd     

Lokkit:

[root@localhost ~]# iptables -nvL | grep 2222
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:2222 

Shorewall (inside loc2fw and net2fw chains):

[root@localhost ~]# iptables -nvL | grep 2222
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:2222 /* sshd */ 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:2222 /* sshd */ 

#13 Updated by Davide Principi almost 5 years ago

  • Status changed from VERIFIED to CLOSED
  • % Done changed from 90 to 100

In nethserver-updates:
nethserver-openssh-1.0.7-1.ns6.noarch.rpm

Also available in: Atom PDF