[SOLVED] Migration tool, remote ssh login as root problem

Discussion in 'Plugins/Modules/Addons' started by Kevin Brackley, Jan 6, 2023.

  1. Kevin Brackley

    Kevin Brackley New Member

    I have a license for the migration tool. I am trying to do a dry run to test things out for migrating mail accounts over from a cpanel server (so I can retain the users' passwords).

    I originally had the ispconfig host configured to only allow ssh access with a public key and root was disabled. The ISP migration script requires the root to login with a password unfortunately I can't seem to reverse my host set up of the sshd.

    I have changed the /etc/ssh/sshd_config file with the following:
    I can login with passwords with non-root user accounts, but still not with the root user.

    I have even re-initialized the sshd configuration files (dpkg-reconfigure openssh-server), restarted sshd and still the same result.

    The auth.log shows "error: PAM: Authentication failure for root from ..."

    On a clean, new server installation I can login as root/password via ssh. ISPConfig is running on the server so I don't want to start over again :-/ but for the life of me I don't know what I am missing.

    So actually two questions:
    1. can I just copy the migration public/private keys to get beyond this step, and/or
    2. does anyone know where else I should be looking to fix the plain-text password for ssh?

    Thanks!
     
  2. Kevin Brackley

    Kevin Brackley New Member

    Never mind. ISPConfig installs a custom.conf in the /etc/ssh/sshd_config.d/ directory which overrides the key elements we need for the migration tool to work :-(

    Once I make the changes and ignore this file, I am good to go.
     
  3. till

    till Super Moderator Staff Member ISPConfig Developer

    Which config options for the auto-installer did you use?
     
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    As a temporary fix, I added some instructions to the migration tool tutorial to delete that file upfront of the migration.
     
  5. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    Curious to this as well.
     
  6. Kevin Brackley

    Kevin Brackley New Member

    I use cloud-init to set up new servers which makes the changes to public key/no password/new port, but on the ispconfig installation I specified the parameters:
    --ssh-port=xxxx --ssh-password-authentication=no --ssh-permit-root=no --no-mailman
    which appear to be the settings in the custom.conf in /etc/ssh/sshd_conf.d

    This is fine, I just haven't ever used the include options before and didn't even think to look at that directory so even though I kept changing my sshd_config I couldn't get in :-/

    Just a note in the docs for people like me that jump in head first!

    On the subject of the migration tool, Is there any way to keep it from copying other accounts over? the --only-client=XXXX doesn't seem to work as it keeps copying the other cPanel accounts over.

    I want to move each project over to specific servers, even though I specified a migration params like:
    --only-client=rev2 --only-web=rev2 . mydomain .com --only-mail=rev2. mydomain .com --only-database=rev2_data --only-dns=rev2. mydomain .com

    I also posted another thread that I discovered what is going on. The migration tool seems to change the setting in Ssystem Config (System + Main Config) under the Domains tab. I thought I had played with it, but after a migration this morning, that setting is now back on/enabled (Use the domain limits in client module...). I turned this off and went to move things around and this was back again. The only thing I did was a transfer.
     
  7. till

    till Super Moderator Staff Member ISPConfig Developer

    The internal data structures in cPanel are very different from the ones in ISPConfig, the limiting functions probably only work in conjunction with ISPCOnfig source systems. But I'll forward this thread to the developer of the migration tool so he can explain this in detail.
     
    Kevin Brackley and ahrasis like this.

Share This Page