FreeBSD Tips & Tricks

If you have trouble connecting from WS_FTP Pro to a FreeBSD host, you probably need to tweak an SSH setting on the FreeBSD server. WS_FTP Pro has a strange bug or something that causes error messages like this to appear in /var/log/auth.log:

Oct 20 10:26:46 www sshd[53342]: fatal: mm_request_receive_expect: read: rtype 48 != type 46

In /etc/ssh/sshd_config find and change the following line:

# If you have this set to 'no', WS_FTP Pro has trouble connecting.
#PasswordAuthentication no

# Set it to 'yes' so that WS_FTP Pro can connect.
PasswordAuthentication yes

This has been tested with FreeBSD 7.0-RELEASE only.

First, install denyhosts:

[consolibyte@www ~]$ cd 
[consolibyte@www ~]$ cd /usr/ports/security/denyhosts/
[consolibyte@www /usr/ports/security/denyhosts]$ sudo make install 

Now, add this line to /etc/rc.conf to make denyhosts start on system boot:

denyhosts_enable="YES"

You'll want to create a hosts.deny file as well:

[consolibyte@www ~]$ sudo touch /etc/hosts.deny

Create an allowed-hosts file which is a list of IP addresses (one per line) that you never want to block (i.e. always allow these IP addresses):

[consolibyte@www ~]$ sudo edit /usr/local/share/denyhosts/data/allowed-hosts

You need to make several edits to your hosts.allow file:

*** THIS IS NOT A COMPLETE hosts.allow FILE, JUST MAKE THESE EDITS TO THE DEFAULT FILE ***

# Comment out this line so you can block hosts
#ALL : ALL : allow

# Add these lines in the SSH section:
sshd : /etc/hosts.deny : deny
sshd : ALL : allow

Now, configure denyhosts by editing /usr/local/etc/denyhosts.conf. Make sure these are set like this:

*** THIS IS NOT A COMPLETE denyhosts.conf FILE, JUST MAKE THESE EDITS TO THE DEFAULT FILE ***

# Mandrake, FreeBSD or OpenBSD:
SECURE_LOG = /var/log/auth.log

# Some BSD (FreeBSD) Unixes:
#HOSTS_DENY = /etc/hosts.allow
HOSTS_DENY = /etc/hosts.deny

# To only record the offending host and nothing else (if using
# an auxilary file to list the hosts).  Refer to:
# http://denyhosts.sourceforge.net/faq.html#aux
BLOCK_SERVICE =

# WORK_DIR: the path that DenyHosts will use for writing data to
# (it will be created if it does not already exist).
#
# Note: it is recommended that you use an absolute pathname
# for this value (eg. /home/foo/denyhosts/data)
#
WORK_DIR = /usr/local/share/denyhosts/data

See: FreeBSD, Postfix, Dovecot, and Virtual Mailboxes **without** MySQL, LDAP, PAM, etc.

Add these lines to your /etc/rc.conf file:

sendmail_enable="NO"
sendmail_submit_enable="NO"
sendmail_outbound_enable="NO"
sendmail_msp_queue_enable="NO"

Your /etc/rc.conf file should be configured as follows:

hostname="www.example.com"
ifconfig_bge1="inet 208.81.124.10  netmask 255.255.255.248"
defaultrouter="208.81.124.9"
ifconfig_bge1_alias0="inet 208.81.124.11 netmask 255.255.255.255 broadcast 208.81.124.11"
ifconfig_bge1_alias1="inet 208.81.124.12 netmask 255.255.255.255 broadcast 208.81.124.12"
ifconfig_bge1_alias2="inet 208.81.124.13 netmask 255.255.255.255 broadcast 208.81.124.13"
ifconfig_bge1_alias3="inet 208.81.124.14 netmask 255.255.255.255 broadcast 208.81.124.14"

Getting the date/time:

$ date
Mon Mar 23 15:14:48 EDT 2009

Setting the date/time (the parameter to date is in the format “yymmddhhmm”):

$ date 0903251525
Wed Mar 25 15:25:00 EDT 2009

As root, type “hostname <new hostname>”, and the hostname will be changed immediately. To make this change permanent across reboots, edit the file '/etc/rc.conf', and add the following line:

hostname="new.host.name"

The '/etc/rc.conf' file is described here:

http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/configtuning-core-configuration.html