Overview
In some situations, administrators may need to change the Kerio Control configuration directly. For example, this needs to be done when there is a need to adjust a setting that is not available in the web administration.
This article explains how you can access the Operating System either via local console or via remote login. It also explains how you can modify or update the configuration.
Process
Accessing the Operating System
To update the configuration directly, you must log in to the Operating System shell environment. You can access the shell either directly from the console or remotely using a Secure Shell tunnel (SSH).
To access the shell via local console:
- In the Kerio Control console, press Alt + F2.
- As the login name, enter
root
. - Enter a local administrator password.
- To close the session, enter
exit
. - Press Alt + F1 to return to the initial screen.
To access the shell via remote login (SSH):
- To remotely access the secure shell, you need a client program, such as PuTTY.
- If you are using Linux or Mac, you can open a Secure Shell tunnel using the terminal.
NOTE: In the default traffic rules configuration, Kerio Control allows remote login only from the Trusted/Local network. - To enable remote login in the web administration:
- Hold the Shift key and go to Status > System Health.
- Click Enable SSH.
- In your Secure Shell program, open a new connection to the Kerio Control server address.
- As the login name, enter
root
. - Enter a local administrator password.
Modifying the Configuration
- To update the configuration, enter:
/opt/kerio/winroute/tinydbclient "update table set variable=value"
- To apply the new configuration, enter:
/etc/boxinit.d/60winroute restart
For example:
- Disabling the 3-way TCP handshake security feature:
/opt/kerio/winroute/tinydbclient "update Firewall set Require3WayHandshake=0"
/etc/boxinit.d/60winroute restart
- Requiring TLS version 1.1 and higher:
/opt/kerio/winroute/tinydbclient "update SSL set DisabledProtocols='SSLv2,SSLv3,TLSv1'"
/etc/boxinit.d/60winroute restart
Please note that if you are accessing Kerio Control via SSH (remote login), depending on the SSH client you use, you may get an error like the one below. Please note that this is expected, as the Kerio Control restart will sever the connection with the SSH client.
Connection to <Kerio_Control_IP> port 22: Broken pipe
Summary
This guide provides a structured approach for administrators to modify configuration parameters in Kerio Control. It outlines methods for accessing the operating system and executing commands to update the system configuration.
FAQ
-
What should I do if I encounter a 'Broken pipe' error when using SSH?
This is a normal occurrence due to the restart of Kerio Control severing the SSH connection with the SSH client. No additional action is required. -
Can I modify any configuration parameter using these steps?
These steps are for modifying any parameters. Some of them may not be available in the Kerio Control admin UI. However, it's crucial to take a backup of any files you want to modify before proceeding with the adjustments. -
Is it safe to modify configuration parameters directly?
As long as you follow our documented procedures and take backups of the files, it should be safe to modify the parameters.