Page 1 of 2 12 LastLast
Results 1 to 10 of 13

Thread: [SOLVED] Manage Queues - sshd

  1. #1
    magikman is offline Member
    Join Date
    Sep 2007
    Posts
    13
    Rep Power
    7

    Default [SOLVED] Manage Queues - sshd

    Hello,

    I am almost done with setting this server up the way i want it. I have fixed everything that i have needed to thus far. Now, i have one issue that is still nagging me. When trying to manage the queues in the web interface, it throws an error about having the connections refused. Now, the reason why it is doing this is because ALL of zimbra is running @ mail . domain . com and the sshd server is running @ domain . com. Where can i change this? Which script is trying to make this connection? Couldn't i just hard code the correct sshd iport? I have searched around in different threads, but no one has had this problem. If you could help, it would be awesome!

  2. #2
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,201
    Rep Power
    56

    Default

    You should be using port 22 for sshd, is that what it's set to? What error message are you getting (have a look in the logs) and what are you doing at the time?
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  3. #3
    magikman is offline Member
    Join Date
    Sep 2007
    Posts
    13
    Rep Power
    7

    Default

    Quote Originally Posted by magikman View Post
    Now, the reason why it is doing this is because ALL of zimbra is running @ mail.domain.com and the sshd server is running @ domain.com.
    I am using port 22 for ssh. The problem isn't the port, but rather the address that it is listening on. Currently i have ssh running on the IP associated with domain.com, however, zimbra is associated with mail.domain.com. This becomes a problem in that when zimbra tries to connect via ssh to display the queues, it tries to connect to mail.domain.com rather than connect to the correct domain.com. I know that i could change my sshd config and have it listen on all ip addresses, but i don't want that. I would prefer to run one instance of sshd and hard code the correct address into a script. If this isn't possible, i guess i will be forced to run a different sshd process with the mail.domain.com as its interface or run one with the mail host and use that as my sshd host.
    Last edited by magikman; 09-15-2007 at 11:22 AM.

  4. #4
    labynocle is offline Senior Member
    Join Date
    Jan 2007
    Location
    France - Paris 18
    Posts
    50
    Rep Power
    8

    Default

    Hi there,

    I'm really sorry to re-up this topic but I got exactly the same problem...
    When I look the server status, only the "stats" section is not ok (with the red cross)
    And when I want to access to the "Mail Queues" menu, I got the following message :

    Message: system failure: exception during auth {RemoteManager: mail.domain.fr->zimbra@mail.domain.fr:22}
    Error code: service.FAILURE
    Method: ZmCsfeCommand.prototype.invoke
    Details:soap:Receiver
    So it's normal ! the only ssh enable interface is mail.in.domain.fr ! And I can't change this (for security reasons)

    It is possible to change something in the config files with my specifications ?

    Thanks !
    Erwan
    Aleikoum ne mesure pas le web !
    Run, run... ruuuuuuuun !

  5. #5
    Klug's Avatar
    Klug is offline Moderator
    Join Date
    Mar 2006
    Location
    Beaucaire, France
    Posts
    2,292
    Rep Power
    13

    Default

    I haven't seen anything in the configuration (zmprov gs server.domain.tld) that allows to change the IP/name to connect to (in the zimbraRemoteManagement variables)

    You can change the port but not the IP :
    Code:
    zimbraRemoteManagementCommand: /opt/zimbra/libexec/zmrcd
    zimbraRemoteManagementPort: 22
    zimbraRemoteManagementPrivateKeyPath: /opt/zimbra/.ssh/zimbra_identity
    zimbraRemoteManagementUser: zimbra

  6. #6
    labynocle is offline Senior Member
    Join Date
    Jan 2007
    Location
    France - Paris 18
    Posts
    50
    Rep Power
    8

    Question

    Thanks Klug for the informations !

    So I decide to run another ssh instance on the port 2222, with the option AllowUsers zimbra (in the sshd_config), there is no interface or something else restriction.
    The service is running ! So it's ok !

    I change the zimbraRemoteManagementPort with the following command :
    Code:
    [zimbra@mail3 ~]$ zmprov modifyServer mail.domain.fr zimbraRemoteManagementPort 2222
    [zimbra@mail3 ~]$ zmprov getServer mail.domain.fr | grep 22
    zimbraRemoteManagementPort: 2222
    But I still have the same problem (on the port 2222)...
    I have a naive remark, when I try the following command :
    Code:
    [zimbra@mail ~]$ ssh -p 2222 zimbra@mail.domain.fr
    zimbra@mail.domain.fr's password:
    The zimbra user doesn't use key for authentification ?

    Excuse me for my english level.
    Any clue will be greatly appreciated...

    Erwan
    Last edited by labynocle; 10-13-2007 at 04:45 AM.
    Aleikoum ne mesure pas le web !
    Run, run... ruuuuuuuun !

  7. #7
    Klug's Avatar
    Klug is offline Moderator
    Join Date
    Mar 2006
    Location
    Beaucaire, France
    Posts
    2,292
    Rep Power
    13

    Default

    Yes it does.
    Regarde ici : Mail Queue Monitoring - Zimbra :: Wiki

    You'll find how to check your setup and recreate the keys if needed.

  8. #8
    labynocle is offline Senior Member
    Join Date
    Jan 2007
    Location
    France - Paris 18
    Posts
    50
    Rep Power
    8

    Default

    Thank you Klug, I will read this wiki page as soon as possible !!
    Aleikoum ne mesure pas le web !
    Run, run... ruuuuuuuun !

  9. #9
    fernandoflorez is offline Project Contributor
    Join Date
    Sep 2006
    Posts
    252
    Rep Power
    8

    Default

    Just out of curiosity why would you make sshd listen to an specific ip instead of all ips assigned to the server?

    Did you modify zimbra to listen to an specific ip then?

    Thanks,

  10. #10
    labynocle is offline Senior Member
    Join Date
    Jan 2007
    Location
    France - Paris 18
    Posts
    50
    Rep Power
    8

    Default

    proto > it's only for security reason : the sshd on the port 22 is only listenning on a specific interface (which is not the "public" one : mail.domain.fr)... so I decide to create a ssh instance on the port 2222 (and all interfaces) for the zimbra user only !

    klug > actually it doesn't work...

    I regenerated the keys with the command (as the zimbra user) :
    Code:
     zmsshkeygen
    then I deploy it :
    Code:
     zmupdateauthkeys
    All seems ok !

    Then I try to connect via ssh :
    Code:
     ssh -i /opt/zimbra/.ssh/zimbra_identity -o strictHostKeyChecking=no zimbra@mail.domain.fr -p 2222 -v
    But I still have a password request as you can read here :
    Code:
    debug1: Next authentication method: publickey
    debug1: Offering public key: /opt/zimbra/.ssh/zimbra_identity
    debug1: Authentications that can continue: publickey,gssapi-with-mic,password,keyboard-interactive
    debug1: Next authentication method: keyboard-interactive
    debug1: Authentications that can continue: publickey,gssapi-with-mic,password,keyboard-interactive
    debug1: Next authentication method: password
    zimbra@mail.domain.fr's password:
    I check the rights of the files but it seems ok :
    Code:
    -rw-r--r--  1 zimbra zimbra 644 Oct 15 08:48 authorized_keys
    -rw-r--r--  1 zimbra zimbra 256 Oct 15 08:49 known_hosts
    -rw-------  1 zimbra zimbra 672 Oct 15 08:47 zimbra_identity
    -rw-r-----  1 zimbra zimbra 607 Oct 15 08:47 zimbra_identity.pub
    And the zimbra user is not lock according to my /etc/shadow...

    I think I do something wrong but what ?
    I still search !
    Aleikoum ne mesure pas le web !
    Run, run... ruuuuuuuun !

Page 1 of 2 12 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Manage Mail Queues problem
    By mmadavejones in forum Installation
    Replies: 13
    Last Post: 06-29-2012, 04:26 PM
  2. Manage Mail Queues failing
    By tbenoit in forum Administrators
    Replies: 3
    Last Post: 06-09-2007, 08:18 PM
  3. Manage Mail Queues not fuctioning
    By meikka in forum Administrators
    Replies: 3
    Last Post: 12-11-2006, 12:50 PM
  4. Manage Mail Queues Error
    By illscientific in forum Administrators
    Replies: 2
    Last Post: 10-03-2006, 07:17 AM
  5. Error: Manage Mail Queues
    By Kafka in forum Administrators
    Replies: 8
    Last Post: 05-11-2006, 12:07 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •