Bug #2847
Remote access: web interface error when changing the SSH port
Status: | CLOSED | Start date: | ||
---|---|---|---|---|
Priority: | Low | Due date: | ||
Assignee: | - | % Done: | 100% | |
Category: | nethserver-openssh | |||
Target version: | v6.5 | |||
Security class: | Resolution: | |||
Affected version: | v6.5-final | NEEDINFO: | No |
Description
Enter the page Remote Access
-> SSH
, change the port to a custom value and click on the save button.
The web UI blocks and displays this error:
[["Tf0a2af2d",[]],["T3e4a6b52","enabled"],["T92176716","11122"],["T16199657","yes"],["T852f7497","yes"],["T0f8fddea","public"],["__COMMANDS__",{"0":{"R":"RemoteAccess_Ssh_Port","M":"setMandatoryFields","A":[{"RemoteAccess_Ssh_Port_port":true}]},"1":{"R":"RemoteAccess_Ssh_Access","M":"setMandatoryFields","A":[{"RemoteAccess_Ssh_Access_passwordAuth":true,"RemoteAccess_Ssh_Access_rootLogin":true,"RemoteAccess_Ssh_Access_access":true}]}}],["__STATE__","132e51981c37e4b86d6683211773e527"]]
Extract from messages:
Jun 24 12:18:24 localhost /sbin/e-smith/db[22372]: /var/lib/nethserver/db/configuration: OLD sshd=service|LoginGraceTime|2m|MaxAuthTries|6|PasswordAuthentication|yes|PermitRootLogin|yes|Protocol|2|TCPPort|22|UsePAM|yes|access|public|status|enabled Jun 24 12:18:24 localhost /sbin/e-smith/db[22372]: /var/lib/nethserver/db/configuration: NEW sshd=service|LoginGraceTime|2m|MaxAuthTries|6|PasswordAuthentication|yes|PermitRootLogin|yes|Protocol|2|TCPPort|2222|UsePAM|yes|access|public|status|enabled Jun 24 12:18:24 localhost httpd-admin: [NOTICE] Nethgui\System\NethPlatform::runEvents() post-process Jun 24 12:18:24 localhost esmith::event[22374]: Event: remoteaccess-update Jun 24 12:18:24 localhost esmith::event[22374]: expanding /etc/httpd/admin-conf/httpd.conf Jun 24 12:18:24 localhost esmith::event[22374]: expanding /etc/ssh/sshd_config Jun 24 12:18:24 localhost esmith::event[22374]: Action: /etc/e-smith/events/actions/generic_template_expand SUCCESS [0.194429] Jun 24 12:18:24 localhost esmith::event[22376]: Event: lokkit-save remoteaccess-update Jun 24 12:18:24 localhost esmith::event[22376]: expanding /etc/sysconfig/ipv4_services_custom Jun 24 12:18:24 localhost esmith::event[22376]: expanding /etc/sysconfig/system-config-firewall Jun 24 12:18:24 localhost esmith::event[22376]: Action: /etc/e-smith/events/actions/generic_template_expand SUCCESS [0.082476] Jun 24 12:18:25 localhost kernel: ip_tables: (C) 2000-2006 Netfilter Core Team Jun 24 12:18:25 localhost kernel: nf_conntrack version 0.5.0 (3923 buckets, 15692 max) Jun 24 12:18:25 localhost kernel: ip6_tables: (C) 2000-2006 Netfilter Core Team Jun 24 12:18:25 localhost esmith::event[22376]: Action: /etc/e-smith/events/lokkit-save/S20lokkit-apply SUCCESS [0.289766] Jun 24 12:18:25 localhost esmith::event[22376]: Event: lokkit-save SUCCESS Jun 24 12:18:25 localhost esmith::event[22374]: Action: /etc/e-smith/events/remoteaccess-update/S20firewall-adjust SUCCESS [0.434191] Jun 24 12:18:25 localhost esmith::event[22374]: [INFO] service httpd-admin reload Jun 24 12:18:25 localhost esmith::event[22374]: httpd-admin-reload stop/waiting Jun 24 12:18:25 localhost esmith::event[22374]: [INFO] httpd-admin reload Jun 24 12:18:25 localhost esmith::event[22374]: [INFO] service sshd restart Jun 24 12:18:25 localhost sshd[12736]: Received signal 15; terminating. Jun 24 12:18:26 localhost esmith::event[22374]: Stopping sshd: [ OK ]#015 Jun 24 12:18:26 localhost esmith::event[22374]: Starting sshd: [ OK ]#015 Jun 24 12:18:26 localhost esmith::event[22374]: [INFO] sshd restart Jun 24 12:18:26 localhost esmith::event[22374]: Action: /etc/e-smith/events/actions/adjust-services SUCCESS [1.452134] Jun 24 12:18:26 localhost esmith::event[22374]: Event: remoteaccess-update SUCCESS Jun 24 12:18:26 localhost sshd[22601]: Server listening on 0.0.0.0 port 2222. Jun 24 12:18:26 localhost esmith::event[22604]: Event: nethserver-base-save Jun 24 12:18:26 localhost esmith::event[22604]: expanding /etc/hosts.allow Jun 24 12:18:26 localhost esmith::event[22604]: expanding /etc/hosts.deny Jun 24 12:18:26 localhost esmith::event[22604]: Action: /etc/e-smith/events/actions/generic_template_expand SUCCESS [0.076389] Jun 24 12:18:26 localhost esmith::event[22604]: Event: nethserver-base-save SUCCESS Jun 24 12:18:26 localhost httpd-admin: PHP Warning: Cannot modify header information - headers already sent by (output started at /usr/share/nethesis/Nethgui/Utility/HttpResponse.php:81) in /usr/share/nethesis/nethserver-manager/index.php on line 38
The bug is always reproducible.
Related issues
History
#1 Updated by Giacomo Sanchietti almost 7 years ago
- Category set to nethserver-openssh
- Status changed from NEW to TRIAGED
- Target version set to v6.5
- % Done changed from 0 to 20
#2 Updated by Filippo Carletti almost 7 years ago
- Priority changed from Normal to Low
The bug is cosmetic. If you reload the page the new sshd port is displayed and sshd listens on correct port.
#3 Updated by Giacomo Sanchietti almost 7 years ago
- Affected version changed from v6.5 to v6.5-final
#4 Updated by Giacomo Sanchietti almost 7 years ago
- Subject changed from Remote access: changing the SSH port blocks the web UI to Remote access: web interface error when changing the SSH port
#5 Updated by Giacomo Sanchietti almost 7 years ago
- Status changed from TRIAGED to ON_DEV
- Assignee set to Giacomo Sanchietti
- % Done changed from 20 to 30
#6 Updated by Giacomo Sanchietti almost 7 years ago
- Status changed from ON_DEV to TRIAGED
- Assignee deleted (
Giacomo Sanchietti) - % Done changed from 30 to 20
The bug is in /usr/share/nethesis/NethServer/Module/RemoteAccess/Ssh.php
, inside the process
function.
Changing the line
$this->getPlatform()->signalEvent('remoteaccess-update@post-response');
to
$this->getPlatform()->signalEvent('remoteaccess-update &');
fixes the problem.
But further investigation on framework is needed.
#7 Updated by Davide Principi almost 7 years ago
- Status changed from TRIAGED to ON_DEV
- Assignee set to Davide Principi
- % Done changed from 20 to 30
#8 Updated by Davide Principi almost 7 years ago
- Related to Enhancement #2785: Drop TCP wrappers hosts.allow hosts.deny templates added
#9 Updated by Davide Principi almost 7 years ago
- Status changed from ON_DEV to MODIFIED
- Assignee deleted (
Davide Principi) - % Done changed from 30 to 60
Test case
- check bug reproducibility
- removed TCP wrappers (/etc/hosts.allow/deny templates):
check ssh connectivity from green and red networks
#10 Updated by Davide Principi almost 7 years ago
- Status changed from MODIFIED to ON_QA
- % Done changed from 60 to 70
In nethserver-testing:
nethserver-openssh-1.0.6-2.0git29e7133c.ns6.noarch.rpm
#11 Updated by Giacomo Sanchietti almost 7 years ago
- Assignee set to Giacomo Sanchietti
#12 Updated by Giacomo Sanchietti almost 7 years ago
- Status changed from ON_QA to VERIFIED
- Assignee deleted (
Giacomo Sanchietti) - % Done changed from 70 to 90
Tried to change to port 2222, everything is fine.
Daemon is listening:
[root@localhost ~]# netstat -lanp | grep sshd | grep LISTEN tcp 0 0 0.0.0.0:2222 0.0.0.0:* LISTEN 1042/sshd
Lokkit:
[root@localhost ~]# iptables -nvL | grep 2222 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:2222
Shorewall (inside loc2fw and net2fw chains):
[root@localhost ~]# iptables -nvL | grep 2222 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:2222 /* sshd */ 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:2222 /* sshd */
#13 Updated by Davide Principi almost 7 years ago
- Status changed from VERIFIED to CLOSED
- % Done changed from 90 to 100
In nethserver-updates:
nethserver-openssh-1.0.7-1.ns6.noarch.rpm