FSL Support Access IP Changing

Between October 25 and November 4th we will be moving our Washington, DC office. One of the consequences of this move will be that we will be losing the dedicated IP address for dc1.fsl.com [74.93.209.150], the server that we use to login and support DefenderMX and BarricadeMX servers at your site.

Several months ago we sent out the information on the server that will be replacing dc1.fsl.com a while back and asked that you allow us to access your FSL server(s) from gw.fsl.com [69.63.143.54]. This server is located in a very secure data center in Baltimore MD.

To provide your systems  with timely support,  before we move, we now ask that you allow non-root access for our support username, fsl, from gw.fsl.com [69.63.143.54] and our new backup login server, repo2.fslupdate.com [69.63.142.92] through any Firewalls, Routers and Firewall software.

After November 3 2016, you can remove our access from dc1.fsl.com [74.93.209.150].

We would prefer to login as user fsl using secure ssh keys and gain root access, when needed, by using sudo. If you are not familiar with sudo, please refer to this link.

We will be happy to setup the user and sudo for you if we have access to your DefenderMX and BarricadeMX servers, just send a request to support@fsl.com and include the contact information for the the person(s) who will be coordinating the changes that need to be made to your systems.

For those of you who want to configure the systems yourselves. the necessary  steps to give us secure access are:


1.  Make sure that we can connect through and Firewall / Routers from:

2.  If necessary, add the user fsl

See if the user fsl already exist on you system. login to your system as root and run:

cd ~fsl

If the fsl user exists you should be taken to user fsl’s home directory. If the directory does not exist you’ll need to login as user root and run:

useradd fsl

You should be asked to create a password. Create a secure password and enter that password (twice) and then the user fsl, along with their home directory, will be created. Save the password for your records but we should not need it since we will login using secure ssh keys.

3. Install sudo if necessary. Login to the server as root.

Then issue the following command:

which sudo

if sudo is installed the `which sudo` command will return:

/usr/bin/sudo

if  sudo is not installed the `which sudo` command will return something similar to:

/usr/bin/which: no sudo in /usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/NX/bin:/root/bin)

Install sudo with the following command:

yum -y install sudo

4. Configure sudo to allow user fsl to gain root privileges. login to your system as root and run:

visudo

This will open and lock the /etc/sudousers file. After the lines:

# Allow root to run any commands anywhere
root    ALL=(ALL)       ALL


Add the line:


fsl    ALL=(ALL)       ALL

And save the file.

5. Here is a link to our Authorized Keys. Right-Click to download and copy the file or it’s contents to  /tmp/authorized_keys, then login to the server as root and run:

cat /tmp/authorized_keys  >> ~/fsl/.ssh/authorized_keys
chown -R fsl.fsl ~fsl/.ssh
chmod  700  ~fsl/.ssh/
chmod 700 ~fsl/.ssh/authorized_keys/

After you have changed the configuration please open a ticket with support@fsl.com so we can verify that we have access to your server.

And please contact support@fsl.com if you have any questions, concerns or problems with this  request.

Steve

Steve Swaney
202 595-7760 ext 601
www.fsl.com

About the Author