Something is really sideways here: # sshd -T | grep -i -E 'password|pam|authentication|publickey' usepam yes hostbasedauthentication no pubkeyauthentication yes kerberosauthentication no gssapiauthentication no passwordauthentication yes kbdinteractiveauthentication yes challengeresponseauthentication yes permitemptypasswords no authenticationmethods any
-- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1922212 Title: SSHD does not honor configuration files Status in openssh package in Ubuntu: New Bug description: I'm working on Ubuntu 20, x86_64, fully patched. # lsb_release -a Distributor ID: Ubuntu Description: Ubuntu 20.04.2 LTS ... We are seeing reports of failed password-based logins using root: jounralctl -xe ... Apr 01 09:08:21 localhost sshd[239302]: Failed password for root from 49.88.112.77 port 36206 ssh2 Apr 01 09:08:21 localhost sshd[239302]: Failed password for root from 49.88.112.77 port 36206 ssh2 ... There are three attempts every second or two (literally): # journalctl -xe | grep -i -c 'Failed password for root' 324 Our OpenSSH server is configured with both no-password based logins and no-root logins. # ls /etc/ssh/sshd_config.d/ 10_pubkey_auth.conf 20_disable_root_login.conf # cat /etc/ssh/sshd_config.d/10_pubkey_auth.conf # Disable passwords PasswordAuthentication no ChallengeResponseAuthentication no UsePAM no # Enable public key PubkeyAuthentication yes # cat /etc/ssh/sshd_config.d/20_disable_root_login.conf PermitRootLogin no The config files are included last in our /etc/ssh/sshd_config file: # tail -n 3 /etc/ssh/sshd_config # For some reason OpenSSH does not include additional conf files by default. Include /etc/ssh/sshd_config.d/*.conf I dislike modifying /etc/ssh/sshd_config since it will be overwritten by the distro. With that said, I modified it without success. It really annoys me that we can't secure this service. Something looks very broken here. ----- # apt-cache show openssh-server Package: openssh-server Architecture: amd64 Version: 1:8.2p1-4ubuntu0.2 Multi-Arch: foreign Priority: optional Section: net Source: openssh Origin: Ubuntu Maintainer: Ubuntu Developers <ubuntu-devel-disc...@lists.ubuntu.com> Original-Maintainer: Debian OpenSSH Maintainers <debian-...@lists.debian.org> Bugs: https://bugs.launchpad.net/ubuntu/+filebug To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1922212/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
