Re: ssh access with all ports close.
On 12/10/2020 6:40 AM, latin...@vcn.bc.ca wrote: latincom writes: I am not able to access my server at home using ssh, but i can see in logs, that someone can access my home server! What, exactly, are you seeing? Copy and paste examples. -- John Hasler jhas...@newsguy.com Elmwood, WI USA Dec 9 20:48:58 xxx sshd[4945]: Failed password for invalid user greengo from 49.235.125.17 port 43200 ssh2 Dec 9 20:48:58 xxx sshd[4948]: Invalid user mysql from 13.74.46.65 port 56021 Dec 9 20:48:58 xxx sshd[4948]: pam_unix(sshd:auth): check pass; user unknown Dec 9 20:48:58 xxx sshd[4948]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=13.74.46.65 Dec 9 20:48:59 xxx sshd[4945]: Received disconnect from 49.235.125.17 port 43200:11: Bye Bye [preauth] Dec 9 20:48:59 xxx sshd[4945]: Disconnected from invalid user greengo 49.235.125.17 port 43200 [preauth] Dec 9 20:49:00 xxx sshd[4948]: Failed password for invalid user mysql from 13.74.46.65 port 56021 ssh2 Dec 9 20:49:01 xxx sshd[4948]: Received disconnect from 13.74.46.65 port 56021:11: Bye Bye [preauth] Dec 9 20:49:01 xxx sshd[4948]: Disconnected from invalid user mysql 13.74.46.65 port 56021 [preauth] From (1), I would suggest adding the below three options in /etc/ssh/sshd_config: "MaxAuthTries Specifies the maximum number of authentication attempts permitted per connection. Once the number of failures reaches half this value, additional failures are logged. The default is 6. MaxSessions Specifies the maximum number of open sessions permitted per network connection. The default is 10. MaxStartups Specifies the maximum number of concurrent unauthenticated connections to the SSH daemon. Additional connections will be dropped until authentication succeeds or the LoginGraceTime expires for a connection. The default is 10. Alternatively, random early drop can be enabled by specifying the three colon separated values ''start:rate:full'' (e.g. "10:30:60"). sshd(8) will refuse connection attempts with a probability of ''rate/100'' (30%) if there are currently ''start'' (10) unauthenticated connections. The probability increases linearly and all connection attempts are refused if the number of unauthenticated connections reaches ''full'' (60)." Also adding the below line might be useful: AllowUsers If you have a firewall, try to limit the connection there as well (2). It looks like you are using password auth, if yes, consider using key instead. 1) https://linux.die.net/man/5/sshd_config 2) https://serverfault.com/questions/275669/ssh-sshd-how-do-i-set-max-login-attempts -- John Doe
Re: ssh access with all ports close.
> latincom writes: >> I am not able to access my server at home using ssh, but i can see in >> logs, that someone can access my home server! > > What, exactly, are you seeing? Copy and paste examples. > -- > John Hasler > jhas...@newsguy.com > Elmwood, WI USA > Dec 9 20:48:58 xxx sshd[4945]: Failed password for invalid user greengo from 49.235.125.17 port 43200 ssh2 Dec 9 20:48:58 xxx sshd[4948]: Invalid user mysql from 13.74.46.65 port 56021 Dec 9 20:48:58 xxx sshd[4948]: pam_unix(sshd:auth): check pass; user unknown Dec 9 20:48:58 xxx sshd[4948]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=13.74.46.65 Dec 9 20:48:59 xxx sshd[4945]: Received disconnect from 49.235.125.17 port 43200:11: Bye Bye [preauth] Dec 9 20:48:59 xxx sshd[4945]: Disconnected from invalid user greengo 49.235.125.17 port 43200 [preauth] Dec 9 20:49:00 xxx sshd[4948]: Failed password for invalid user mysql from 13.74.46.65 port 56021 ssh2 Dec 9 20:49:01 xxx sshd[4948]: Received disconnect from 13.74.46.65 port 56021:11: Bye Bye [preauth] Dec 9 20:49:01 xxx sshd[4948]: Disconnected from invalid user mysql 13.74.46.65 port 56021 [preauth]
Re: ssh access with all ports close.
On 2020-12-09 16:33, latin...@vcn.bc.ca wrote: I had a Buster server at home, but the owner of the house close all ports in the router, i can not access it anymore; i rented a server without root access, and transfer the server. There are many vendors who can rent a Debian virtual private server (VPS) to you with root access. I use Linode: https://www.linode.com/ I am not able to access my server at home using ssh, I assume you mean "when connected to the Internet at a remote location, I cannot access my home server using SSH". If all ports on the home router have been closed, then the router is working correctly and that is why you cannot connect. The solution is to carefully configure sshd on your home server, open TCP port 22 in the router, and have the router forward TCP port 22 to your home server. but i can see in logs, that someone can access my home server! I assume you mean "when accessing my home server via the console or via SSH and the home network (LAN), I see in my home server logs that someone has accessed my home server via SSH". Please post the Debian and kernel versions of your home server -- e.g.: $ cat /etc/debian_version ; uname -a Please post your username on your home server -- e.g.: $ whoami Please post the relevant log entries. How can these people access my home server? I am curios! Does somebody know how? If all ports on the home router have been closed, then people can access your home server via the home network (LAN). Please post the sshd configuration file -- e.g.: $ egrep '^[^#]' /etc/ssh/sshd_config David
Re: ssh access with all ports close.
latincom writes: > I am not able to access my server at home using ssh, but i can see in > logs, that someone can access my home server! What, exactly, are you seeing? Copy and paste examples. -- John Hasler jhas...@newsguy.com Elmwood, WI USA
