[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re[4]: [Openvds-support] ssh/ftp
|
From: |
River Hume |
|
Subject: |
Re[4]: [Openvds-support] ssh/ftp |
|
Date: |
Fri, 25 Jan 2002 18:12:33 -0800 |
Whew! okay... got ssh solved, got apache solved, got bevs solved... MOST
everything is working now.
...Anyone had any experience setting up IMAP on virtual servers?
Ok now I'm not sure what the problem is here.
Do you don't want SSH to run at all on the VS ?
Or you can telnet to a VS (that has it's own ip) and be able to login
as root ?
yes, we need ssh on the master and virtual servers... strange new
development by the way... I rebooted the machine, and no longer have the
problem of the master server's sshd listening on all ip's, the vs ssh works
fine, but I still couldn't ssh to the master server... Fortunately I was
not completely cut off, as I installed webmin ages ago (redundancy rox) ;)
... So I re-edited the master server;s sshd_config that mysteriously had
been using the supposedly unused master ip (see below) and changed it to
the actual ip our fqdn points to, restarted sshd and it works!!! :) At any
rate, details follow if you're interested, and more responses to your
comments further down (I actually solved the problem in the middle of
typing this reply)...
Ok this is how it's supposed to be setup
you're close... here's what we've got:
using 192.168.0 as example
66.118.0.223 <- meta-master server - ip for internal use only... not even
declared in etc/hosts (arbitrary numbers chosen to show the ip is wildly
different from the range of IP's we're using)
192.168.0.20 <- master server's actual use address (FQDN points here)
192.168.0.21 <- to be used for VS1
192.168.0.22 <- to be used for VS2
192.168.0.23 <- to be used for VS3
...
when you create your first domain you do
svsdadm vs_create masterserver VS1 192.168.0.20 www.vserver1.net 100 500 5
freevsd_1.4.10-2rh6
masterserver points to 192.168.0.10 in /etc/hosts or your dns
VS1 is the name for your first virtual server that has the fqdn of
www.vserver1.net we will allow 100 users, 500MB quota, max 5 virtual
domains and we use skel freevsd_1.4.10-2rh6
after vsd-vsbatch.pl have run you boot the VS "vsboot --start VS1"
to give admin ssh access you need to edit
/home/vsd/vs/VS1/etc/vsd/priv and add admin after login:
Now the admin for VS1 can ssh into 192.168.0.20 give username admin
and the password for him (you will need to do "bevs VS1" and do "passwd
admin" to set the password).
root will NOT be able to login to 192.168.0.20 with username root and
the password for root.
Yes, I know... this is all 'by the book' exactly how I set it up...
RH> Wait, so it's designed explicitly only to allow connections from
localhost?
RH> That doesn't help me any; my machine's 3000 miles away... Any more
specific
RH> direction on what needs to be hacked in order to make this possible?
No. I created an iptables rule on my server that will only allow
connections to port 1725 & 1726 from localhost that way nobody on the
net can connect to these ports and execute commands since 1725 don't
use any type of authentication so if this port is left open anybody
can connect and create/delete/modify any settings that root executing
vsdadm/svsdadm can do from the command prompt. However they need
either the Idaya GUI tool or know the protocol syntax (or have vsdadm
on a machine).
Remember the webadmin runs as a "program" on the localmachine (3000
miles away in your case). So when you execute a "command" on the
webadmin interface with your browser (change any settings that is
loaded on the webadmin pages) it will execute a command that is ran on
the "local machine" (the server 3000 mile away). This command will make
a connection to port 1725 or 1726 (depending if you run ssl or not).
webadmin is just a set of php pages that you access through apache.
Remember php is a "program" that runs on the local machine (the server
3000 mile away)..
Okay... sorry I misunderstood what you were saying... it didn't seem to
make much sense, as I _know_ this is how php behaves...
I misunderstood:
Got one issue so far with the webadmin tool that is that you can't
grant login permission from the web without hacking the code for
webadmin.
I get it now... granting ssh access to users, right?
I get the feeling your don't know that much about unix and tcp/ip ?
yes and no... I'm still pretty shaky on many aspects of it, but learning
VERY fast... this whole vsd experience has helped to increase my skillz by
an order of magnitude ;) Your help has been most instrumental in this
process, and I wish to express my deep gratitude!!!
Peas,
-River