Hi Community!
Congratulations to the new committers.
One VM in a test environment was infected by a brute force SSH trojan.
The OS is debian-9 , the template from openvm.eu
It had only SSH (22) and iperf (5001) services running and reachable from
anywhere.
I believe this article is related
Hi
You did not change the password, and all using the default password ?
On Sun, Nov 22, 2020 at 4:59 PM wrote:
> Hi Community!
>
> Congratulations to the new committers.
>
> One VM in a test environment was infected by a brute force SSH trojan.
>
> The OS is debian-9 , the template from openv
Hi!
I don't know. I have to look into it.
I did setup my template to use SSH key, and disabled password (when importing
the template in ACS). I assumed that password auth would be disabled and only
available via that SSH key.
I have to look into this and check if that is happening or not. I g
May be do not just assume, you need to check on it
On Mon, Nov 23, 2020 at 1:00 AM wrote:
> Hi!
>
> I don't know. I have to look into it.
>
> I did setup my template to use SSH key, and disabled password (when
> importing the template in ACS). I assumed that password auth would be
> disabled an
Hi Hean,
Mystery solved.
The template comes with Password Enabled in SSH server. And debian user has a
default password: "password".
Assigning the SSH key only added the key, without disabling any other thing.
Regards,
Rafael
On Sun, 2020-11-22 03:38 PM, Hean Seng wrote:
> Hi
>
> You di
Hi. It looks like an improperly crafted template, not a ACS issue.
пн, 23 нояб. 2020 г., 02:18 Rafael del Valle :
> Hi Hean,
>
> Mystery solved.
>
> The template comes with Password Enabled in SSH server. And debian user
> has a default password: "password".
>
> Assigning the SSH key only added t
Hi
Is that possible to add IPv6 prefix range to existing GuestShareNetwork ?
During creating shared network, there is not enter the IPv6, but now wish
to add in IPv6, is that possible ?
--
Regards,
Hean Seng
Hi Hean,
I had seen a similar behavior with VMs deployed on shared network. The issue
was that cloud-init first searches for the dhcp leases file, and only if it
can't find one does cloud-init use the default gateway to reach the metadata
server.
So, firstly you may want to check for the presen
HI Hean
Network manager supports three ways to get DHCP: dhclient, dhcpcd and internal;
rhel7/centos7 default is dhclient
centos8 default is internal;
Cloud init and cloudstack password scripts depend on dhclient;
So we need to modify / etc / network manager/ NetworkManager.conf
[main]
##Add the
Hi Jerry,
I can try your option . Tht might be good idea.
What I am trying to do now is at the Change Password Script, manually run
dhclient command, and let it
generate the /var/lib/dhclient/dhclient.leases,
Then mondiy the change password script to read
from /var/lib/dhclient/dhclient.lease
Centos8 does not have "network scripts" installed,But you can install it
manually
dnf install -y -q network-scripts
systemctl disable NetworkManager
systemctl enable network-scripts
systemctl start network-scripts
After network scripts is started, the files you need will be created
automatica
Hi Ivan.
I can imagine: If the template has the hability to re-set password, that means,
that there should not be any password pre-assigned, right?
Which piece of code is responsible for password/key reset, is it cloud-init? or
is there any other involved part.
I will try to workout a fix and
It must be configured upon the first boot, or as you have said,
preconfigured. Our templates set password upon the first boot.
пн, 23 нояб. 2020 г., 14:20 :
> Hi Ivan.
>
> I can imagine: If the template has the hability to re-set password, that
> means, that there should not be any password pre-a
hi all,
my management server is broken so i need to reinstall it from backup database,
i can restore it and login to web page but i cant start the VM,
host status also shown as unsecure
anyone have experience in this?
regards,
udee
Hi Ivan,
If there is a legitimate possibility for shipping templates with a password
setup, then setting an SSH key as logon mechanism should imply that any
existing password will be cleared.
Or perhaps if a template is ready to "accept" passwords from ACS then no
password should be re-configu
I suppose your new managemnet server and old management server are the same
network configuration, cloudstack version etc , right ?
Probably look at the log see if any error
On Mon, Nov 23, 2020 at 3:42 PM Yudi P wrote:
> hi all,
>
> my management server is broken so i need to reinstall it fr
16 matches
Mail list logo
