The OPC Webgui requires SSH to communicate with other instances on your host and the host itself. If you plan to make any changes to your SSH configuration, this may prevent the OPC Webgui from working as intended.
In order to prevent this, we recommend creating a custom SSH configuration or a match block for the OPC, which will allow the OPC Webgui to bypass any restrictions set by your configuration.
During Installation
If you've not installed the OPC yet and plan to make changes to your SSH configuration in future, the OPC installer can configure a second SSH daemon solely for the OPC.
This configuration is set to listen only on the Docker network subnets, which are configured on virtual network interfaces. This means they can only be accessed from containers on the host and cannot be used as a back-door for external access to the host
To install the OPC with this second SSH daemon, you will need to add the flag --ssh-communication-port <port> replacing <port> with the custom SSH port you would like Deskpro to use, i.e.:
Ubuntu / Debian
curl https://get.deskpro.com/installer.sh -o /tmp/installer.sh && sudo bash /tmp/installer.sh -- --ssh-communication-port 2222 copyRHEL / Rocky / Alma
curl https://get.deskpro.com/installer.sh -o /tmp/installer.sh && sudo dnf install -y tar && sudo bash /tmp/installer.sh -- --ssh-communication-port 2222 copyThis will install a second SSH configuration to /etc/ssh/sshd_config_deskpro and enable a new systemd service as ssh_deskpro.service.
Due to issues with pre-compiled versions of SSH, we also modify the systemd ssh.service file to include the parameter RuntimeDirectoryPreserve=yes.
This prevents stopping or restarting the SSH service from breaking the Deskpro SSH service, as they share the same runtime directory.
If you wish to prevent this change, you can add the flag --ssh-protect-default to the installer scripts.
However, please bear in mind that if you restart the SSH service, you may need to restart the Deskpro SSH service to prevent any issues.
Post Installation
If you have already installed the OPC, and wish to make changes to your SSH configuration, you will need to either manually configure a second SSH daemon, or add a match block to your SSH configuration which can allow the OPC Webgui to continue working.
For these, we recommend either setting the SSH configuration to listen on 172.17.0.1 and 172.30.0.1, or to address match the subnets 172.17.0.0/16 and 172.30.0.0/16 (or whichever subnets you have configured for Docker)
You will need to allow PasswordAuthentication yes and PermitRootLogin yes in the custom SSH config or match block.
If you have also set a custom SSH port, you can advise the OPC Webgui to use that with the following CLI command:
opc config set ssh --port <port> copy(You will need to change <port> to your custom SSH port).
Behaviour
With the custom SSH configuration active, the OPC Webgui will attempt to login through the custom port specified first. If this fails, the OPC Webgui will then attempt to connect through the default SSH Port 22. If neither of these options are available, the OPC Webgui will not function.
You will still be able to use the OPC CLI functions to manage your host and Deskpro instances.
Please log in or register to submit a comment.