I’m a newcomer to Drobo 5N. My goal would be to access it remotely (over internet) via WEBDAV (first choice) or SFTP (second choice).
I’ll try to be short, I’ve a lot of issues most certainly related to my lack of UNIX knowledge. I’ve tried to follow the instructions I’ve found around the forums. But now I’m stuck with these problems.
I’ve installed SUDO, but as soon as I sudo anything, all I get is:
sudo: effective uid is not 0, is sudo installed setuid root?
OK, I’ve continued to setup as root proftpd.
I can’t access the config page! If I only type in my Drobo URL in Safari, I get “ lighted is working”, if I use http://192.168.1.50/proftpd/index.php “I have a 404 - not found”.
I’ve read I should disable Apache, but I don’t know how to do this.
Proftpd doesn’t seem to work anyway, I can’t login with ftpuser or anonymous. But the service says it’s running…
In the auth.log I see :
192.168.1.84 UNKNOWN nobody [27/Feb/2014:16:58:19 -0800] “USER ftpuser” 331 -
192.168.1.84 UNKNOWN nobody [27/Feb/2014:16:58:19 -0800] “PASS (hidden)" 530 -
Or in the proftpd log, I have, for example:
FTP session opened.
wtmp /var/log/wtmp: No such file or directory
Preparing to chroot to directory ‘/mnt/DroboFS/Shares/Public’
ANON anonymous: Login successful.
wtmp /var/log/wtmp: No such file or directory
FTP session closed.
Next are php and lighttpd. I’ve installed both, the later with hope to get WebDav working. I know I did something wrong, I’ve first setup those logged as my user, not root. So maybe this is the place I’ve messed them up. I’ve deleted the folders and redone the install as root.
Failed too, I can’t login.
I don’t want to overwhelm anybody here with loads of text, so if you can help me I’d be glad to provide any detail you could require.
Let’s take one thing at a time - first being sudo. A quick google of the error leads here - sudo is telling you that its permissions are incorrect. Log in as root and run this:
You also need to ensure your user is allowed to use sudo by editing “/mnt/DroboFS/Shares/DroboApps/sudo/etc/sudoers”. Under “User privilege specification”, add a line such as (with your normal user instead of “username”):
username ALL=(ALL) ALL
Once those steps are done, you should be able to log out of your root SSH session, then log back in as the normal user and sudo when you need to elevate privileges.
For what it’s worth, securing FTP over the internet is rather difficult due to its protocol design. WebDAV is easier, but another option is SFTP, which is built into OpenSSH (if you used that DroboPort for your remote login).
First, I want to thank you for taking time to answer.
I’ve googled for the SUDO problem but found too many possibilities to focus on a particular one.
I’ve done the chmod command, now editing the “sudoers” as I’ve previously added :
%sudo ALL=(ALL) ALL
now replaced %sudo with my username.
But this hasn’t changed anything, I still get the same error.
From what I remember, I might have wrongly installed sudo when logged as my user and not as root. I know I’ve done this by error on some packages but I can’t remember which. Could this be the cause? I’ve subsequently redone all the installations as root.
I’m not going any further for now about the second part, and you’re right, I don’t want FTP, only SFTP and more importantly to me, WebDav. I think it’s better to sort out the first issue before I install anything more, I’ve screwed up too much already, don’t you think?
Even if I’m stuck with the SUDO thing, I’ve installed OpenSSH as you previously suggested (I’m living for a trip soon and I want be able to access what’s on my Drobo!).
I’ve removed DropBear (stop, uninstall) before installing (by rebooting Drobo).
Now I successfully have SFTP working, thank you for that!
But my ssh login isn’t working anymore (well, I guess it works but I don’t want to mess anything more!)
Here is what it says:
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
[redacted].
Please contact your system administrator.
Add correct host key in /Users/my_user/.ssh/known_hosts to get rid of this message.
Offending RSA key in /Users/my_user/.ssh/known_hosts:6
RSA host key for 192.168.1.50 has changed and you have requested strict checking.
Host key verification failed.
What should I do at this point, is it a configuration on the Drobo or on the local client?
You mentioned WebDav is easier to get, could you give me a clue on how to enable it?
Ah, that. All that is saying is your computer didn’t recognize the Drobo when it connected. Sort of like “Hi, DropBear… wait a minute, you’re not DropBear! Aiieeeee!”. This is easy to fix - on your client, just delete the line indicated (line 6 in ~/.ssh/known_hosts), or you can delete the known_hosts file entirely (rm ~/.ssh/known_hosts). SSH will ask you next time you connect if you want to remember this host, and then everything will proceed normally. Since it looks like you’re using Mac OS X, let me recommend CyberDuck as an excellent SFTP client, even if it does have a goofy name.
As for WebDAV, the lighttpd DroboPort can act as a WebDAV server. Install that as usual (you can even install without rebooting using SSH - just type “sudo DroboApps.sh install”!). Lighttpd by default enables new features by moving them from the conf-available folder to conf-enabled. So once the lighttpd.tgz is in place:
Then restart lighttpd from Drobo Dashboard. That turns on webdav and shares all of your Drobo’s shares at “https://droboip/Shares/”. My configuration requests my username and password to connect - but it’s been so long since I set it up, I don’t recall how I added authentication (although knowing lighttpd, it was probably simple). Perhaps ricardo could jump in?
Note that for remote access, you’ll still need to set up port forwarding on your router to the Drobo, and some sort of way to find your computer’s public IP address. Some ISP’s never change it (mine hasn’t in 5 years or more), and some change it daily. That’s a whole other post (one I’ve written before - I’ll try to find it).
I’ve not tried anything in your post yet (my job is killing me:) ), but do you think I could secure both SFTP (which works and I’ve remotely tested with Cyberduck) and WebDAV to disable the “root+root” access I have to use to gain access to my stuff remotely?
Ideally, I’d like to be able to log on my Drobo from any computer to download stuff while on the move, and now with SFTP exposed over the internet with only root/root, I’m not comfortable at all.
Ho, and do you have an idea about the SUDO problem that remained unsolved (I don’t remember using VISUDO to edit it, could it be the cause?)
May I politely bump this thread as I’m leaving soon and would love to have remote access to my Drobo without leaving the whole Earth with free access on it?
Let’s focus on the basics of sudo - probably easiest if we start with a clean slate (uninstall the DroboApp and reinstall in a known-good environment as root), then apply the permissions change. At that point it should be functional, but locked down and not allowing anything to use it. Make a backup copy of the sudoers file, then try editing it again. Editing the sudoers file is tricky - visudo is useful as it checks for problems before writing, but it also means using vi, which is… less than user friendly. I once got it to use nano (which is much more usable), but I don’t recall how it worked (and given the libraries that nano relies on, it can be extra tricky). Keep the backup of the original file, and you can always revert to it and try editing again (or find a visudo tutorial). Once sudo is properly set up, you can start logging in as a standard user and - if you’re brave - disable root logins.
For remote access, the most secure method would be to stick to SFTP and set up public key authentication - but that’s another fiddly thing to get working in a short timeframe. Is it safe to assume you have the basics of port mapping and dynamic DNS set up, so that you can reach your home network from the road? That much is a must no matter what you set up.
Before putting myself back into SUDO (this is far less of an emergency to me), let me answer the second part about SFTP: I’ve tried it remotely thru internet and it worked fine (so no prob for router config). It’s when I’ve done this (with Cyberduck) that I realized anyone could log in as root/root and have all access.
I’m going to travel with my MB Pro R and an Android tablet. If it’s easier to setup public key authentication instead of user/password credential log in, I’m in! I could try to tackle the “any computer” access later.
Would the problem be the same problem with WebDav (I guess so)?
Again, thank you, I really appreciate all of your contributions.
More importantly change it, and make sure the Drobo keeps changes persistent after any significant config changes or reboots. The easiest way to do this is to use the ‘root_passwd’ script included in the Dropbear app. I know you’re using OpenSSH, but don’t worry, the script works regardless.
Unpackage this tarball on your Mac and find the ‘root_passwd’ script. Copy this script onto your Drobo, you can go ahead and use Cyberduck to do this seeing as you have it working. I place mine in:
/mnt/DroboFS/Shares/DroboApps/openssh
…but anywhere on the Drobo will do fine. Once it has uploaded make sure the permissions are set to allow execution for the owner. You can simply do this by right clicking on the file in Cyberduck and selecting ‘info’, then looking at the permissions tab. It should read 744.
Pull open Terminal on your mac and login to your Drobo as root via SSH:
ssh root@YOURDROBOIP
Once you are logged in via SSH simply enter the following code to run the aforementioned script:
/mnt/DroboFS/Shares/DroboApps/openssh/root_passwd
This will prompt you to enter a new root password twice and will give you a confirmation when done.
Don’t forget this password…write it down or tattoo it on the sole of your foot.
More importantly change it, and make sure the Drobo keeps changes persistent after any significant config changes or reboots. The easiest way to do this is to use the ‘root_passwd’ script included in the Dropbear app. I know you’re using OpenSSH, but don’t worry, the script works regardless.
Unpackage this tarball on your Mac and find the ‘root_passwd’ script. Copy this script onto your Drobo, you can go ahead and use Cyberduck to do this seeing as you have it working. I place mine in:
/mnt/DroboFS/Shares/DroboApps/openssh
…but anywhere on the Drobo will do fine. Once it has uploaded make sure the permissions are set to allow execution for the owner. You can simply do this by right clicking on the file in Cyberduck and selecting ‘info’, then looking at the permissions tab. It should read 744.
Pull open Terminal on your mac and login to your Drobo as root via SSH:
ssh root@YOURDROBOIP
Once you are logged in via SSH simply enter the following code to run the aforementioned script:
/mnt/DroboFS/Shares/DroboApps/openssh/root_passwd
This will prompt you to enter a new root password twice and will give you a confirmation when done.
Don’t forget this password…write it down or tattoo it on the sole of your foot.
More importantly change it, and make sure the Drobo keeps changes persistent after any significant config changes or reboots. The easiest way to do this is to use the ‘root_passwd’ script included in the Dropbear app. I know you’re using OpenSSH, but don’t worry, the script works regardless.
Unpackage this tarball on your Mac and find the ‘root_passwd’ script. Copy this script onto your Drobo, you can go ahead and use Cyberduck to do this seeing as you have it working. I place mine in:
/mnt/DroboFS/Shares/DroboApps/openssh
…but anywhere on the Drobo will do fine. Once it has uploaded make sure the permissions are set to allow execution for the owner. You can simply do this by right clicking on the file in Cyberduck and selecting ‘info’, then looking at the permissions tab. It should read 744.
Pull open Terminal on your mac and login to your Drobo as root via SSH:
ssh root@YOURDROBOIP
Once you are logged in via SSH simply enter the following code to run the aforementioned script:
/mnt/DroboFS/Shares/DroboApps/openssh/root_passwd
This will prompt you to enter a new root password twice and will give you a confirmation when done.
More importantly change it, and make sure the Drobo keeps changes persistent after any significant config changes or reboots. The easiest way to do this is to use the ‘root_passwd’ script included in the Dropbear app. I know you’re using OpenSSH, but don’t worry, the script works regardless.
Unpackage this tarball on your Mac and find the ‘root_passwd’ script. Copy this script onto your Drobo, you can go ahead and use Cyberduck to do this seeing as you have it working. I place mine in:
/mnt/DroboFS/Shares/DroboApps/openssh
…but anywhere on the Drobo will do fine. Once it has uploaded make sure the permissions are set to allow execution for the owner. You can simply do this by right clicking on the file in Cyberduck and selecting ‘info’, then looking at the permissions tab. It should read 744.
Pull open Terminal on your mac and login to your Drobo as root via SSH:
ssh root@YOURDROBOIP
Once you are logged in via SSH simply enter the following code to run the aforementioned script:
/mnt/DroboFS/Shares/DroboApps/openssh/root_passwd
This will prompt you to enter a new root password twice and will give you a confirmation when done.
More importantly change it, and make sure the Drobo keeps changes persistent after any significant config changes or reboots. The easiest way to do this is to use the ‘root_passwd’ script included in the Dropbear app. I know you’re using OpenSSH, but don’t worry, the script works regardless.
Ok, so go ahead and download Dropbear again.
Unpackage the Dropbear tarball on your Mac and find the ‘root_passwd’ script. Copy this script onto your Drobo, you can go ahead and use Cyberduck to do this seeing as you have it working. I place mine in:
/mnt/DroboFS/Shares/DroboApps/openssh
…but anywhere on the Drobo will do fine. Once it has uploaded make sure the permissions are set to allow execution for the owner. You can simply do this by right clicking on the file in Cyberduck and selecting ‘info’, then looking at the permissions tab. It should read 744.
Pull open Terminal on your mac and login to your Drobo as root via SSH:
ssh root@YOURDROBOIP
Once you are logged in via SSH simply enter the following code to run the aforementioned script:
/mnt/DroboFS/Shares/DroboApps/openssh/root_passwd
This will prompt you to enter a new root password twice and will give you a confirmation when done.
