1 Topic by superlazy

  • superlazy
  • Member
  • Offline
  • Registered: 2017-12-27
  • Posts: 3

Topic: SSH Port 22 Closed After Install

Aloha,

This looks like a great system and easy to set up!  Thanks for your work!  I'm ready to get away from the large companies reading through my email.

I just did my first setup on Ubuntu on AWS.  After the process was complete and I rebooted, I was locked out of SSH.  Being that it's on AWS, I have no other way to get in.  Is this expected?  Should I have answered 'No' to this questions:

    < Question > Would you like to use firewall rules provided by iRedMail?
    < Question > File: /etc/default/iptables, with SSHD port: 22. [Y|n]Y

Here's an nmap showing port 22 is closed.  Oh well.  It was a fresh EC2 instance, so I guess I'll just start over.

PORT     STATE  SERVICE
21/tcp   open   ftp
22/tcp   closed ssh
80/tcp   open   http
110/tcp  open   pop3
143/tcp  open   imap
443/tcp  open   https
554/tcp  open   rtsp
587/tcp  open   submission
993/tcp  open   imaps
995/tcp  open   pop3s
7070/tcp open   realserver

==== Required information ====
- iRedMail version (check /etc/iredmail-release): 0.9.7
- Linux/BSD distribution name and version: Ubuntu 16.04
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySQL
- Web server (Apache or Nginx): Apache
- Manage mail accounts with iRedAdmin-Pro? No
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,793

Re: SSH Port 22 Closed After Install

This is not expected, because iRedMail won't close/disable ssh service.

Could you please try another fresh EC2 instance? BEFORE installing iRedMail, please make sure ssh service is enabled.

BTW, why a fresh EC2 instance has ports 21, 554 and 7070 open?

3 Reply by superlazy

  • superlazy
  • Member
  • Offline
  • Registered: 2017-12-27
  • Posts: 3

Re: SSH Port 22 Closed After Install

I just finished up with a new EC2 instance, same setup as before.  This time I answered 'No' to the question about using iRedMail's firewall and IP table rules (I did everything else exactly the same).  This time I was still able to get back in via SSH.  I have since added inbound rules to the security group to only allow the mail services, but these were the open ports after installting and reboot:

PORT     STATE    SERVICE
21/tcp   open     ftp
22/tcp   open     ssh
25/tcp   filtered smtp
80/tcp   open     http
110/tcp  open     pop3
143/tcp  open     imap
443/tcp  open     https
554/tcp  open     rtsp
587/tcp  open     submission
993/tcp  open     imaps
995/tcp  open     pop3s
7070/tcp open     realserver

Not sure why many of these are open, but access is not allowed in the EC2's security group.

4 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,793

Re: SSH Port 22 Closed After Install

Is ssh open and running after reboot?

Could you do me a favor? Setup a new EC2 instance again and answer 'Y' like the first time, check whether ssh is still running after reboot.

< Question > File: /etc/default/iptables, with SSHD port: 22. [Y|n]Y

5 Reply by superlazy

  • superlazy
  • Member
  • Offline
  • Registered: 2017-12-27
  • Posts: 3

Re: SSH Port 22 Closed After Install

Sure, so on the 3rd try I answered yes to the firewall and iptables questions, and I was able to get back in via SSH this time.  Not sure what happened on the first attempt.

< Question > Would you like to use firewall rules provided by iRedMail?
< Question > File: /etc/default/iptables, with SSHD port: 22. [Y|n]Y
[ INFO ] Copy firewall sample rules: /etc/default/iptables.
< Question > Restart firewall now (with SSHD port 22)? [y|N]y

Thanks for your replies and your work on the software!  Looks like a great project and I'm excited to start testing it!