ok, killed the process, however the IP was already automatically banned by the firewall....
LinkBack URL
About LinkBacks
Elite Member
ok, killed the process, however the IP was already automatically banned by the firewall....
Elite Member
How do I change it back?I your system was changing the :22 to :ssh
Elite Member
OK....
Change the ssh port with this:
Added this:zmprov ms MAIL.DOMAIN.COM zimbraRemoteManagementPort 2222
AllowUsers admin zimbraRestarted ssh, refreshed web admin ui...lsof -i | grep ssh
sshd 19598 root 3u IPv6 2167219 TCP mail.domain.com:2222->192.168.1.191:53437 (ESTABLISHED)
sshd 20011 root 3u IPv6 2168932 TCP *:2222 (LISTEN)
....still get same error...
Trained Alumni
This might do the trick:
as zimbra user:
zmsshkeygen
zmupdateauthkeys
zmprov ms mail.example.com zimbraRemoteManagementPort <ssh port>
zmcontrol stop/start/status
Moderator
If you read earlier in the thread danny.sierra you will see that that was already tried and it didn't solve the issue.
Nodoze did you find anything in the mentioned /var/log/secure? If you don't have that file (I don't on Ubuntu) you might try /var/log/auth.log.
Elite Member
Sorry it took me so long to get back to you, had to deal with some other server issues...
my secure.log has this....
What does it mean?Nov 9 09:51:58 mail sshd[13188]: pam_ldap: ldap_simple_bind Can't contact LDAP server
Nov 9 09:51:58 mail sshd[13190]: fatal: Access denied for user zimbra by PAM account configuration
Nov 9 09:52:51 mail sudo: zimbra : TTY=unknown ; PWD=/usr/libexec/webmin/cron ; USER=root ; COMMAND=/opt/zimbra/libexec/zmmailboxdmgr status
Nov 9 09:52:51 mail sudo: zimbra : TTY=unknown ; PWD=/usr/libexec/webmin/cron ; USER=root ; COMMAND=/opt/zimbra/libexec/zmmtastatus
Moderator
Hmm... are user accounts on this server accessed via LDAP or the local users file? It looks like when Zimbra tries to open a ssh connection to itself it is getting an access denied by your PAM configuration.
Try running this command as the zimbra user and see what you get. It should look like this:
Also... looks like we both forgot that you already posted your /var/log/secure.log right hereCode:zimbra@email:~$ ssh -p 12345 -i /opt/zimbra/.ssh/zimbra_identity localhost The authenticity of host '[localhost]:12345 ([127.0.0.1]:12345)' can't be established. RSA key fingerprint is 95:fa:10:74:ee:58:2f:56:03:f9:4c:85:cd:d8:f1:89. Are you sure you want to continue connecting (yes/no)?
Elite Member
Well... while you were posting I did this:
From: [SOLVED] ZCS 5.0.1 and admin console problems (SSH?)su - zimbra
then run
ssh-keygen -t dsa
Choose to save the generated keys at /opt/zimbra/.ssh/zimbra_identity
do not give it a password
then edit your /opt/zimbra/.ssh/authorized_keys file to use the text that is in the /opt/zimbra/.ssh/zimbra-identity.pub file. it replaces the old key text.
that will permit zimbra to run remote ssh
But still get the same error...I dunno if I have to restart the server to make it in effect...?
I did:
and got:ssh -p 22 -i /opt/zimbra/.ssh/zimbra_identity localhost
Second try I got only:The authenticity of host 'localhost (127.0.0.1)' can't be established.
RSA key fingerprint is af:06:44:4f:5c:ff:c9:19:02:99:34:a9:f3:08:ab:9e.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'localhost' (RSA) to the list of known hosts.
Connection closed by 127.0.0.1
refeshed the browser, I still get the same error...Connection closed by 127.0.0.1
Moderator
It looks like the script that it is running is /opt/zimbra/libexec/zmqstat, what do you get when you run that as root?
This is what I get:
Code:root@email:~# /opt/zimbra/libexec/zmqstat hold=0 corrupt=0 deferred=0 active=0 incoming=0
Elite Member
Got the same thing:
[root@mail /]# /opt/zimbra/libexec/zmqstat
hold=0
corrupt=0
deferred=1
active=0
incoming=0
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
