Home of the Squeezebox™ & Transporter® network music players.
Page 8 of 13 FirstFirst ... 678910 ... LastLast
Results 71 to 80 of 129
  1. #71
    Babelfish's Best Boy mherger's Avatar
    Join Date
    Apr 2005
    Location
    Switzerland
    Posts
    19,960

    IMPORTANT: Stop forwarding your LMS ports to theinternet!

    > Ok, figured it might be something like that. Not an easy problem to
    > solve. In this circumstance it would be better to receive a page back
    > that says *why* the request was blocked and where to look to allow it
    > rather than a 403. Anonymise the hell out of the response of course so
    > people can't reasonably guess it's an LMS instance.


    That's kind of an oxymoron, isn't it? Tell the user what to do to open
    the door, but not tell the attacker what system it is?...

    --

    Michael

  2. #72
    Senior Member Jeff07971's Avatar
    Join Date
    Aug 2011
    Location
    London, England
    Posts
    1,015
    Quote Originally Posted by mherger View Post
    > This unfortunately might be a very common problem as a VPN server is
    > often the GW (Mine is both, IPSEC and SSL)


    I doubt it'll be anywhere near "common". Please let me know if it causes
    you a problem.

    --

    Michael
    Hi Michael

    No I don't think it'll be a problem for me, my LMS is via a HTTPs (pasworded) proxy or by VPN only so don't even need to turn the password on

    Thanks anyway

    Jeff
    Players: SliMP3,Squeezebox3 x3,Receiver,SqueezeLiteX,PiCorePlayer x3,Wandboard
    Server: LMS Version: Latest Nightly on Centos 7 VM on ESXi 6.5.0U1 on Dell T320
    Plugins: AutoRescan/BBCiPlayer/PowerSave/PowerSwitchIII/Squeezecloud/Spotty/Player Groups
    Remotes: iPeng9/Orangesqueeze/PC/Jivelite/SqueezeLiteX
    Music: 522GB,1660 albums with 23087 songs by 5204 artists mostly FLACs

    Want a webapp ? See http://forums.slimdevices.com/showth...Webapp-for-LMS

  3. #73
    Senior Member
    Join Date
    Apr 2013
    Location
    UK
    Posts
    1,176
    Quote Originally Posted by mherger View Post
    >That's kind of an oxymoron, isn't it? Tell the user what to do to open the door, but not tell the attacker what system it is?...
    Yes, I know. Thought that as I wrote it. But a change to default behaviour really should be documented and even this is a vast improvement over just being wide open, even if an attacker knows what's there if they can't get anything back from it (not even a password prompt) there's little they can do to get into it.


    Transcoded from Matt's brain by Tapatalk
    Last edited by drmatt; 2018-01-13 at 03:10.
    --
    Hardware: 3x Touch, 1x Radio, 2x Receivers, 1 HP Microserver NAS with Debian+LMS 7.9.0
    Music: ~1300 CDs, as 450 GB of 16/44k FLACs. No less than 3x 24/44k albums..

  4. #74
    Senior Member
    Join Date
    Nov 2010
    Location
    Hertfordshire, UK
    Posts
    2,701
    Quote Originally Posted by mherger View Post
    > As I understand it from some of the previous discussion, something has
    > been added to a recent LMS to require a password to change settings if
    > coming from the router/gateway address. Is that right? If so, which
    > password is that?


    I tried to explain this before... If you have a password set, then
    you're all fine. If you haven't, then you won't be able to access the
    settings from the outside. LMS won't ask for a password unless you've
    set it yourself.

    --

    Michael
    I managed to get my remote access working again (a while since I had used it and some bits and bobs have changed). Using SSH (port 22) and public key. With Squeeze Commander I could still change the audio settings of players, even though I have no CLI password set. Is this what you would expect?

    Setting a password would be problematic for some of my plugins, like the UPnP bridge.
    LMS 7.9.1 on VortexBox Midi box, Xubuntu 17.10, FLACs 16->24 bit, 44.1->192kbps. Touch & EDO. 2nd Touch standard.
    LMS plugin UPnP/DLNA Bridge to MF M1 CLiC (to A308CR amp & ESLs) & Marantz CR603 UPnP renderers.
    Alternatively Minimserver & Upplay to same & to upmpdcli/mpd PC renderers.
    Squeezelite to Meridian USB Explorer DAC to PC speakers/headphones.
    Wireless Xubuntu 17.10 laptop firefox/upplay or Android 'phone with Squeeze-Commander/BubbleUPnP controls LMS/Minimserver.

  5. #75
    Senior Member
    Join Date
    Apr 2005
    Location
    UK/London
    Posts
    873
    Quote Originally Posted by PasTim View Post
    I managed to get my remote access working again (a while since I had used it and some bits and bobs have changed). Using SSH (port 22) and public key. With Squeeze Commander I could still change the audio settings of players, even though I have no CLI password set. Is this what you would expect?
    What does your LMS system see as your IP address when you connect in via that route?
    I don't remember if LMS logs it ... but you could SSH to the LMS server and type
    set | grep -i ssh
    on a pCP server (and I suspect other Linux platforms) you will see the IP address of this SSH session.
    Paul Webster
    http://dabdig.blogspot.com
    Author Radio France (FIP etc) plugin

  6. #76
    Senior Member
    Join Date
    Nov 2010
    Location
    Hertfordshire, UK
    Posts
    2,701
    Quote Originally Posted by Paul Webster View Post
    What does your LMS system see as your IP address when you connect in via that route?
    I don't remember if LMS logs it ... but you could SSH to the LMS server and type
    set | grep -i ssh
    on a pCP server (and I suspect other Linux platforms) you will see the IP address of this SSH session.
    It's an external IP address that I don't recognise - it isn't an internal one, nor the external IP address of my router/gateway.

    I have tried looking at the standard web page in the mobile browser, and can still see all the settings and have changed one or two advanced plugin settings.

    I'm running Logitech Media Server Version: 7.9.1 - 1515659378 @ Thu Jan 11 09:26:58 UTC 2018
    LMS 7.9.1 on VortexBox Midi box, Xubuntu 17.10, FLACs 16->24 bit, 44.1->192kbps. Touch & EDO. 2nd Touch standard.
    LMS plugin UPnP/DLNA Bridge to MF M1 CLiC (to A308CR amp & ESLs) & Marantz CR603 UPnP renderers.
    Alternatively Minimserver & Upplay to same & to upmpdcli/mpd PC renderers.
    Squeezelite to Meridian USB Explorer DAC to PC speakers/headphones.
    Wireless Xubuntu 17.10 laptop firefox/upplay or Android 'phone with Squeeze-Commander/BubbleUPnP controls LMS/Minimserver.

  7. #77
    Senior Member
    Join Date
    Apr 2005
    Location
    UK/London
    Posts
    873
    Quote Originally Posted by PasTim View Post
    I'm running Logitech Media Server Version: 7.9.1 - 1515659378 @ Thu Jan 11 09:26:58 UTC 2018
    I noticed the changes in the secureSettings branch in github.
    I don't think it is in the daily build yet.
    Paul Webster
    http://dabdig.blogspot.com
    Author Radio France (FIP etc) plugin

  8. #78
    Senior Member
    Join Date
    Nov 2010
    Location
    Hertfordshire, UK
    Posts
    2,701
    Quote Originally Posted by Paul Webster View Post
    I noticed the changes in the secureSettings branch in github.
    I don't think it is in the daily build yet.
    I see. I think I misunderstood 'stable release' to mean beyond the 9.1 beta daily updates, rather than just in github.
    LMS 7.9.1 on VortexBox Midi box, Xubuntu 17.10, FLACs 16->24 bit, 44.1->192kbps. Touch & EDO. 2nd Touch standard.
    LMS plugin UPnP/DLNA Bridge to MF M1 CLiC (to A308CR amp & ESLs) & Marantz CR603 UPnP renderers.
    Alternatively Minimserver & Upplay to same & to upmpdcli/mpd PC renderers.
    Squeezelite to Meridian USB Explorer DAC to PC speakers/headphones.
    Wireless Xubuntu 17.10 laptop firefox/upplay or Android 'phone with Squeeze-Commander/BubbleUPnP controls LMS/Minimserver.

  9. #79
    Senior Member JJZolx's Avatar
    Join Date
    Apr 2005
    Location
    Colorado
    Posts
    11,483
    Quote Originally Posted by mherger View Post
    > As I understand it from some of the previous discussion, something has
    > been added to a recent LMS to require a password to change settings if
    > coming from the router/gateway address. Is that right? If so, which
    > password is that?


    I tried to explain this before... If you have a password set, then
    you're all fine. If you haven't, then you won't be able to access the
    settings from the outside. LMS won't ask for a password unless you've
    set it yourself.
    How do you determine that the connection is coming from "outside"? If someone is doing port forwarding in order to make the LMS server available to the internet, wouldn't the connection appear to come from the router on the same subnet?

  10. #80
    Senior Member
    Join Date
    Apr 2013
    Location
    UK
    Posts
    1,176
    Quote Originally Posted by JJZolx View Post
    How do you determine that the connection is coming from "outside"? If someone is doing port forwarding in order to make the LMS server available to the internet, wouldn't the connection appear to come from the router on the same subnet?
    I think you answered your own question, read back up the thread.


    Transcoded from Matt's brain by Tapatalk
    --
    Hardware: 3x Touch, 1x Radio, 2x Receivers, 1 HP Microserver NAS with Debian+LMS 7.9.0
    Music: ~1300 CDs, as 450 GB of 16/44k FLACs. No less than 3x 24/44k albums..

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •