Is is possible that I can get to the admin console via SSH? If so how to setup or disable that feature? We are running 15.4.2. I know how to do to the admin console via HTTPS, I need to use SSH.
Is is possible that I can get to the admin console via SSH? If so how to setup or disable that feature? We are running 15.4.2. I know how to do to the admin console via HTTPS, I need to use SSH.
Serv U was primarily designed as a GUI driven tool. Notably you can see in the docs they specify that to access the admin interface you would launch it in Gnome or KDE or access the web interface. I'm sure if someone was motivated enough you could reverse engineer the settings and admin it from SSH and a bunch of shell scripts, but unfortunately it wasn't designed around that use case and it is documented/supported.
solarwindscore.my.site.com/.../Install-Serv-U-on-Linux
Thanks mesverrum, but I am on a Windows box and according to our external pen test, there was no reverse engineering and it only took seconds. We do not currently have HTTPS setup to remote admin, but it was discovered that SSH'ing into the gateway brought up the admin console.. Should I open a ticket?
Well it sounds like an undocumented use case, so yeah I guess you could open a ticket. I thought you were asking how to do admin tasks from SSH but it sounds like you mainly just have a security use case to cover/close.
Thank you, yeah I couldn't find anything that said you can get to the admin console / login from SSH. I will open a ticket.
Is there an update on this?
Well, support acted like I didn't know what I was talking about. I disabled SSH but as we have to use ftp software, the SSH was needed. So I just enabled "Anti-Hammering," also known as Anti-Brute Force protection, under domain settings. and checked the box never show server information for SSH identity
similar setting but not for same reason...
What I've found on the gateway are many attempts and at $10/20 domestic IP we can assume hackers are willing to sacrifice IP, like the game Battleship if only to know frequency and time limit when IP are blocked and then attempt/attack w/in those parameters and not be blocked "forever" (yes I'm wishing for multiple rule capability)
So, changing the rule frequently (monthly) will capture more* IP. For example, 3 times in 8 seconds (yes seconds) will not block human hackers, but will block bots, and I've seen many blocked w/this rule; I get email from the event. I've also used 4 times in 15 seconds.
However, there's a logical bug, if you contact support they're blocking by User, hence the dialog check box [ ] Block Users who... but actually are blocking IP, which could be an issue, consider, 1 user at a site where everyone has same public IP... smh
And, logical bug/issue w/Rule, consider an IP attempting to log in with many user names, the counter will count each User = 1 even though it's from same IP, maybe working off a list of users
*More IP, I had a SU mFTP tech warn that they'd seen 4K IP blocked and that is potential slow down of server constantly checking the huge list; so I've been blocking adding CIDR every 2-weeks or so... royal pain, but it reduced my list of 900+ IP to 500+ IP
Lastly night & day SW Tech support if you get an agent who knows SU mFTP they're much more helpful...
yeah we started blocking IPs at the firewall level instead. But I get what you are saying.
That's on my road-map to get the blocked IP by Rule/Admin CIDR* up in the server appliance, but gateway has zero blocked IP, and zero allowed IP; all of that logic is in Serv-U (really wish that was query-able into the database...smh)
*CIDR, I've written script to roll up IP by CIDR when first 3 (/24) or first 2 (/16) octets; however the list can't be posted into the server ad-hoc until the allowed list on the other URL is dbl checked, to wit some how the Gateway public IP was blocked w/attempts to login from maybe the desktop, I've left it blocked and the gateway/URL are working so... smh (again)
SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 195,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.