Nội dung
I. Cause
Because the VPS or server does not use the default SSH port 22, the Zimbra configuration always uses port 22 to monitor.
While accessing email queues or monitoring graphs and other services, the server will sometimes give an error saying “Server error encountered” with a system error during authentication.
II. Implementation Guide
1. Generate SSH and update the SSH key on the server
To regenerate the ssh keys, you use the following command with the zimbra user.
[root@webmail ~]# su zimbra
[zimbra@webmail ~]$ cd && zmsshkeygen
Generating public/private rsa key pair.
Your identification has been saved in /opt/zimbra/.ssh/zimbra_identity.
Your public key has been saved in /opt/zimbra/.ssh/zimbra_identity.pub.
The key fingerprint is:
SHA256:yolGi/6hcCcUKDqihNx8yjh0p6HCca2rxi6E73t8IA8 webmail.azdigi.online
The key's randomart image is:
+---[RSA 2048]----+
| |
| . |
|o . |
|= o.. |
|*=.*.+ S |
|B+EoO+ o |
|**+X*.+ |
|o*o==.. |
|++*=.. |
+----[SHA256]-----+
Next, you use the command below to update the ssh key on the VPS/server.
[zimbra@webmail ~]$ zmupdateauthkeys
Updating keys for webmail.azdigi.online
Fetching key for webmail.azdigi.online
Updating keys for webmail.azdigi.online
Updating /opt/zimbra/.ssh/authorized_keys
2. Check and update the SSH port
If you have a configuration to change the ssh port to another port, you need to update the zimbraRemoteManagementPort property on the VPS/server to the port you configured to change!
You use the command as below to change:
[zimbra@webmail ~]$ zmprov ms webmail.azdigi.online zimbraRemoteManagementPort 2022
- webmail.azdigi.online: change to
hostnameon your VPS/server. - 2022: replace the ssh port that you have configured to change.
Next, add the following configuration line to the /etc/ssh/sshd_config file to allow user zimbra.
Since you were using the zimbra user before, you need to log out of the user and use the root user to be able to change the sshd_config file configuration.
[zimbra@webmail ~]$ exit
exit
[root@webmail ~]# vi /etc/ssh/sshd_config
# $OpenBSD: sshd_config,v 1.100 2016/08/15 12:32:04 naddy Exp $
# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.
# This sshd was compiled with PATH=/usr/local/bin:/usr/bin
# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options override the
# default value.
# If you want to change the port on a SELinux system, you have to tell
# SELinux about this change.
# semanage port -a -t ssh_port_t -p tcp #PORTNUMBER
#
Port 2022
AllowUsers root admin zimbra # Thêm dòng này vào file.
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::
HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key
:wq
After adding the sshd_config file is complete, save and exit with the command :wq => restart the sshd service.
[root@webmail ~]# systemctl restart sshd
Wishing you success!
If you need assistance, you can contact support in the ways below:
- Hotline 247: 028 888 24768 (Ext 0)
- Ticket/Email: You use the email to register for the service and send it directly to: support@azdigi.com .
