Niltze, all- Well, doing my part in the security of the Web :p
I run Apache web server in a GCE VM [different email account than this one] and decided to acquire an SSL certificate which I successfully installed under Debian Wheezy a few days ago. For added security, I pass-phrased-protected the SSL certificate so that when I restart the web server I need to input my pass phrase. I had no issues whatsoever until today that I did an: apt-get dist-upgrade for a newer kernel. Upon doing a reboot I found out that my port 22 is closed but my web server ports 80 and 443 are open. I used nmap to scan for my open ports as well as the tcping utility. Accordingly, I get the message connection refused whenever I use gcloud or ssh to attempt to log into my GCE instance. After using gcutil and gcloud to reset my GCE instance -- multiple times -- the outcome was the same. Accordingly I did: gcloud compute instances get-serial-port-output myInstance Below is the last message of the output that indicates that GCE Debian Wheezy instance needs the passphrase before proceeding further (and starting sshd): ---------------------------------------------------------------------------------------- ... Oct 19 07:53:51 myInstance acpid: 1 rule loaded Oct 19 07:53:51 myInstance acpid: waiting for events: event logging is off [....] Starting web server: apache2Apache/2.2.22 mod_ssl/2.2.22 (Pass Phrase Dialog) Some of your private key files are encrypted for security reasons. In order to read them you have to provide the pass phrases. Server myInstance.x.xyz-host.internal:443 (RSA) Enter pass phrase: -------------------------------------------------------------------------------------- I tried detaching the disk to subsequently mount onto another instance but the command fails with: -------------------------------------------------------------------------------- ERROR: (gcloud.compute.instances.detach-disk) There was a problem modifying the resource: - Hot-remove of the root disk is not supported. ------------------------------------------------------------------------------- Now, gcutil and gcloud utilities can reset (reboot) the instance but can not shut it down completely (that I'm aware) -- which would allow me to detach the disk. Is there a way to provide (as parameter) the passphrase that the web server requires to start apache2 and thus continue/complete the boot process to start ssh server so that port 22 will be opened? Best Professional Regards -- Jose R R http://www.metztli-it.com --------------------------------------------------------------------------------------------- NEW Apache OpenOffice 4.1.1! Download for GNU/Linux, Mac OS, Windows. --------------------------------------------------------------------------------------------- Daylight Saving Time in USA & Canada ends: Sunday, November 02, 2014 --------------------------------------------------------------------------------------------- -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: https://lists.debian.org/CAM12Q5Ti_w8-GQ2LJbN1f9P-nzH1U_HRbmdEVOk=hu+azhi...@mail.gmail.com
