Unfortunately no one can be told what fun_plug is - you have to see it for yourself.
You are not logged in.
I'm using 1.05 firmware DNS-323 with ffp 0.5 and one drive in the right bay.
I have sshd enabled which is pretty straight forward according to this guide:
http://dns323.kood.org/howto:ffp#the_root_user
There's nothing else sophisticated on this machine. Plain ffp 0.5 with the one or other package installed, but NONE except sshd launching in start folder. Telnet ist disabled.
Within a couple of days it happened twice to me that I can't log into the DNS-323. I have to reenable telnet again. Log into it and both times I figured the access permissions got changed. If I try to manually launch sshd, I'm getting:
WARNING: sshd: Not running Starting /ffp/sbin/sshd @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: UNPROTECTED PRIVATE KEY FILE! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ Permissions 0622 for '/ffp/etc/ssh/ssh_host_rsa_key' are too open. It is recommended that your private key files are NOT accessible by others. This private key will be ignored. bad permissions: ignore key: /ffp/etc/ssh/ssh_host_rsa_key Could not load host key: /ffp/etc/ssh/ssh_host_rsa_key @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: UNPROTECTED PRIVATE KEY FILE! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ Permissions 0622 for '/ffp/etc/ssh/ssh_host_dsa_key' are too open. It is recommended that your private key files are NOT accessible by others. This private key will be ignored. bad permissions: ignore key: /ffp/etc/ssh/ssh_host_dsa_key Could not load host key: /ffp/etc/ssh/ssh_host_dsa_key Disabling protocol version 2. Could not load host key sshd: no hostkeys available -- exiting.
And it's dammed right:
/mnt/HD_a2/ffp/start # ls -l /ffp/etc/ssh/ | grep key -rw--w--w- 1 root root 668 Nov 11 11:28 ssh_host_dsa_key -rw-rw-rw- 1 root root 602 Nov 11 11:28 ssh_host_dsa_key.pub -rw--w--w- 1 root root 975 Nov 11 11:28 ssh_host_key -rw-rw-rw- 1 root root 639 Nov 11 11:28 ssh_host_key.pub -rw--w--w- 1 root root 1675 Nov 11 11:28 ssh_host_rsa_key -rw-rw-rw- 1 root root 394 Nov 11 11:28 ssh_host_rsa_key.pub
In both cases I had to remove the undesired extra permissions. And actually /ffp/var/lib/sshd must be owned by root as well and not group or world-writable.
Who or what could possibly change the permisssions?
The shutdown before this happened wasn't even a crash. I use
http://philwigglesworth.net/BlogEngine. … adget.aspx
to shutdown the device.
I guess there's no log to look at. Changing permissions doesn't change the modification timestamp, so I guess I can't figure out when the change occurred (e.g. when starting up the DNS-323 or shutting it down).
Haven't found anything regarding this issue in forum search. Any clues?
Last edited by 7oby (2008-11-25 14:26:03)
Offline
7oby wrote:
Who or what could possibly change the permisssions?
Sounds like http://dns323.kood.org/forum/t407-Runni … THIS..html
Offline
7oby wrote:
The shutdown before this happened wasn't even a crash. I use
http://philwigglesworth.net/BlogEngine. … adget.aspx
to shutdown the device.
This just calls the standard shutdown provided by the web interface via a http call, so the gadget shouldn't have anything to do with it. I use ssh and the gadget (from an early version to the current release version) and have not had the problem you describe.
Offline
fonz wrote:
Sounds like http://dns323.kood.org/forum/t407-Runni … THIS..html
Thanks for the info. Could anything else trigger this behavior?
Since my permissions regarding partitions look okay:
root@Storage:~# ls -l /mnt/ drwxrwxrwx 6 root root 4096 Nov 25 08:25 HD_a2 drwxrwxrwx 4 root root 1024 Nov 26 00:29 HD_a4 drwxr-xr-x 2 root root 1024 Feb 16 2007 web_page
I will be monitor this. As I said: Most of the time it works okay, but once in a while permissions of some files change. At least for those files ssh requires and in consequence ssh is broken from that time on.
P.S.: Thanks for moving this tread here from "Custom Firmware". I must have clicked something wrong in the first place.
Last edited by 7oby (2008-11-26 13:41:04)
Offline
Happened to me today. I have modified my local funplug script to fix the permissions on these files.
Then there was also a complaint about incorrect perms or owner on /ffp/var/lib/sshd ... I scripted a fix for that too.
Now it works again. Who knows what modified these perms?
Offline
Hello,
below a similar problem, which I have fixed using eastpole's tip:
eastpole wrote:
I have modified my local funplug script to fix the permissions on these files
Below the description of my context, the problem, and the fix.
I have no idea what is the cause of this issue.
Regards,
Daniel.
Context :
fun_plug script for DNS-320 (2008-08-11 tp@fonz.de), installed in may 2011 on a DNS-320.
Problem :
After hard shutdown of the DNS320 (with the hard buton on the device) I failed loging in with ssh.
> ssh -l root nasdns320 ssh_exchange_identification: Connection closed by remote host
At this time the "ffp.log" was empty for the last restart (as if funplug had failed starting after the first restart after the hard shutdown).
Then after a first "Restart" via the console (ie. firefox "http://nasdns320" or "http://192.168.1.XX" in "System Settings"):
> ssh -l root nasdns320 ssh: connect to host 192.168.1.45 port 22: Connection refused
The "ffp.log" is no longer empty, but sshd fails with error messages :
Starting /ffp/sbin/sshd @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: UNPROTECTED PRIVATE KEY FILE! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ Permissions 0622 for '/ffp/etc/ssh/ssh_host_rsa_key' are too open. It is recommended that your private key files are NOT accessible by others. This private key will be ignored. bad permissions: ignore key: /ffp/etc/ssh/ssh_host_rsa_key Could not load host key: /ffp/etc/ssh/ssh_host_rsa_key @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: UNPROTECTED PRIVATE KEY FILE! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ Permissions 0622 for '/ffp/etc/ssh/ssh_host_dsa_key' are too open. It is recommended that your private key files are NOT accessible by others. This private key will be ignored. bad permissions: ignore key: /ffp/etc/ssh/ssh_host_dsa_key Could not load host key: /ffp/etc/ssh/ssh_host_dsa_key Disabling protocol version 2. Could not load host key sshd: no hostkeys available -- exiting.
Fix 1 (NOT WORKING, see below) :
Based on eastpole's tip above I have inserted the lines below in the file "fun_plug" at the root of the NAS:
# # modif because ssh fails otherwise with error "WARNING: UNPROTECTED PRIVATE KEY FILE! " in ffp.log : # see http://dns323.kood.org/forum/viewtopic.php?id=3360 echo "* MODIF DAN 5/06/2011 - Restrict ssh key file access to let ssh run" chmod 0600 /ffp/etc/ssh/ssh_host_rsa_key chmod 0600 /ffp/etc/ssh/ssh_host_dsa_key echo "* FIN MODIF DAN"
I have inserted the lines above just after the lines :
# run fun_plug.init, if present
if [ -x /ffp/etc/fun_plug.init ]; then
echo "* Running /ffp/etc/fun_plug.init ..."
/ffp/etc/fun_plug.init
fiThen I "Restart" in "System Settings" of the "http://192.168.1.XX" administration UI.
Next problem :
ssh still fails with same error:
> ssh -l root nasdns320 ssh: connect to host 192.168.1.45 port 22: Connection refused
But "ffp.log" differs:
Starting /ffp/sbin/sshd /ffp/var/lib/sshd must be owned by root and not group or world-writable.
Fix 2 (This one worked for me) :
In order to fix this second problem I also force a restriction on the permission of the /ffp/var/lib/sshd directory.
This text needs to fit at the same location as explained above.
# # modif because ssh fails otherwise with error in ffp.log # first : "WARNING: UNPROTECTED PRIVATE KEY FILE! [..] " # then : "/ffp/var/lib/sshd must be owned by root and not group or world-writable." # see http://dns323.kood.org/forum/viewtopic.php?id=3360 echo "* MODIF DAN 5/06/2011 - Restrict ssh files access to let ssh run" chmod 0600 /ffp/etc/ssh/ssh_host_rsa_key chmod 0600 /ffp/etc/ssh/ssh_host_dsa_key chmod 0600 /ffp/var/lib/sshd echo "* FIN MODIF DAN"
Offline