Two small problems after install

J

josetann

Verified User
Joined
Aug 3, 2003
Messages
29
Location
Tennessee
Just tried DA on a FreeBSD 5.2 box, had a couple problems which I figured out.

I had the same problem where it misidentifies the network device. /usr/local/directadmin/conf/directadmin.conf has this line:

ethernet_dev=xl0

When it should be:

ethernet_dev=lnc0

DA correctly identified my IP during setup so I assume it knew the correct network device then.

Second issue, DA seems to overwrite the sshd_config file, locking out the user I previously created from ssh'ing in. I had created a special user account in the wheel group that I could use to ssh into first, then su to root. After I installed DA and rebooted I could no longer ssh in at all (either as the user I created, or as root of course). After some digging and checking the sshd_config file, I noticed that the only allowed users were root and admin (the user DA creates). So now I'm able to login as admin, then as my regular user, then su to root. It'd be nice if DA could see what user(s) are already there, and include them in the new config file.
 
I had the same problem with a DA install today with "ethernet_dev". Wasn't sure if it was specific to me, but looks like a definite bug.

I also verified a user I created before the install can no loger log in.
 
Last edited:
yes the user is listed, its the exact situation he had. It was a user I setup in the wheel group so that I could turn off root ssh login. But I turned on root login before I installed just in case something like this happened.

Looks like it's cause DA added these lines to the sshd config

# override default of no subsystems
Subsystem sftp /usr/libexec/sftp-server
AllowUsers root
AllowUsers admin
 
We never turn on root access in ssh. What we do is create a user in the wheel group that can't login. Here is a example of our configuration

We have all the users accounts (like those setup in DA):
user1
user2
user2
user4


The user in the wheel group:
admin1

Root user:
root

So what our admins do is login to their account on the box. So logged in to their account they will do:

#:su admin1

then
#:su

No they have root access. This adds a level of security for us. You can also edit the /etc/group and change:

wheel:*:0:root

to

wheel:*:0:root,your_user_name

your_user_name is obviously where the user you want to login goes.
 
Yes, that is what both
josetann and I already had. What we are saying is the DA install made it to where that extra user cannot log in. The sshd config file had to be re-edited by hand.
 
Really?

I have done a few installs of DA on it and did not have this problem. That is why I said what I did...
 
Yup, that's exactly it.

Step1: Install FreeBSD.
Step2: At end of install create user "josetann", put it in the wheel group.
Step3: Install DA.
Step4: Find out why DA won't work (wrong eth device in directadmin.conf).
Step5: Go crazy wondering why I can no longer ssh in as josetann.
Step6: Find suspicious entry in sshd_config, try ssh'ing in as admin (successfully).

Without changing what DA has done, I can only ssh in as admin. To become root, I have to login as admin, su to josetann, then to root.

I don't remember having this problem with DA and FreeBSD 4.8, so I'm guessing it's either a new bug, or a new feature that we need to know about before some of us pull all our hair out during a new install.
 
I can confirm on our 4.9 box that we had the same issue. Because we always setup the box so that you go from admin -> user -> root, it was never a problem.
 
Hello,

I'll try and get the installer to parse throught the /etc/passwd file and look for all accounts that already have a shell, and put them into the "AllowUsers" chunk of the sshd_config file. Right now, it adds admin and root, which won't be enough if you're using other accounts.

John
 
Either that, or it may be easier to just prompt the installer for any users they want added to the sshd cfg. Maybe a user file to place user names in that the setup reads.
 
On a 5.1 Bsd box today:

had the same problem where it misidentifies the network device. /usr/local/directadmin/conf/directadmin.conf has this line:
Click to expand...

had the same problem:

Code: 
quota_partition=/
ethernet_dev=fxp0
quota_partition=/
quota_partition=/
quota_partition=/
quota_partition=/

the ethernet_dev was set on x10
 
I'll be fixing the ethernet device install issue (and ip issue if there is one) after I make the release of 1.20.6.

John
 
You must log in or register to reply here.
Back
Top