SSH está me recusando (de repente)

Navegue suas respostas
0

Eu tenho um servidor Ubuntu 14.04 que tem atualizações automáticas de segurança ativadas. O SSH é configurado com as seguintes opções 

Port 22
PermitRootLogin no
PasswordAuthentication no

É claro que eu configurei uma chave SSH na minha pasta .ssh do usuário. Eu configurei 10 servidores como este, mas de repente um servidor está me recusando. 

$ ssh -vv [email protected].*.*
OpenSSH_6.2p2, OSSLShim 0.9.8r 8 Dec 2011
debug1: Reading configuration data /Users/tpg/.ssh/config
debug1: /Users/tpg/.ssh/config line 84: Applying options for *
debug1: Reading configuration data /etc/ssh_config
debug1: /etc/ssh_config line 20: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to 149.56.*.* [149.56.*.*] port 22.
debug1: connect to address 149.56.*.* port 22: Connection refused
ssh: connect to host 149.56.*.* port 22: Connection refused

Não tenho console (kvm) apenas uma inicialização de recuperação que eu possa montar o sistema de arquivos e editar arquivos. Então eu editei o arquivo sshd_config para aceitar root e senha, mas ele ainda me recusou.

No modo de recuperação, não consigo reparar pacotes no sistema de arquivos (até onde eu saiba), então não sei como fazer com que este servidor comece a me aceitar novamente. Espero que alguém possa me apontar na direção certa.

Tanto quanto eu sei, eu não tenho ufw instalado (/ lib / ufw não está lá).

edit: fez um nmap no servidor e parece que não há porta 22 aberta. Alguém sabe como eu posso iniciar o servidor sshd sem acesso?

Trecho dos resultados de grep -rn sshd /var/log 

./auth.log:18607:Mar  9 12:58:58 komodoNA sshd[26971]: Connection closed by 181.39.89.146 [preauth]
./auth.log:18616:Mar  9 13:02:10 komodoNA sshd[27172]: Connection closed by 181.39.89.146 [preauth]
./auth.log:18619:Mar  9 13:03:08 komodoNA sshd[27224]: fatal: no matching mac found: client hmac-md5,hmac-sha1 server [email protected],[email protected],[email protected],hmac-sha2-512,hmac-sha2-256,hmac-ripemd160 [preauth]
./auth.log:18620:Mar  9 13:03:08 komodoNA sshd[27225]: fatal: no matching mac found: client hmac-md5,hmac-sha1 server [email protected],[email protected],[email protected],hmac-sha2-512,hmac-sha2-256,hmac-ripemd160 [preauth]
./auth.log:18621:Mar  9 13:03:11 komodoNA sshd[27228]: fatal: no matching mac found: client hmac-md5,hmac-sha1 server [email protected],[email protected],[email protected],hmac-sha2-512,hmac-sha2-256,hmac-ripemd160 [preauth]
./auth.log:18624:Mar  9 13:04:05 komodoNA sshd[27279]: Connection closed by 181.39.89.146 [preauth]
./auth.log:18629:Mar  9 13:06:08 komodoNA sshd[27381]: Invalid user user from 181.39.89.146
./auth.log:18630:Mar  9 13:06:08 komodoNA sshd[27381]: input_userauth_request: invalid user user [preauth]
./auth.log:18631:Mar  9 13:06:08 komodoNA sshd[27381]: Connection closed by 181.39.89.146 [preauth]
./auth.log:18638:Mar  9 13:09:25 komodoNA sshd[27533]: Invalid user user1 from 181.39.89.146
./auth.log:18639:Mar  9 13:09:25 komodoNA sshd[27533]: input_userauth_request: invalid user user1 [preauth]
./auth.log:18640:Mar  9 13:09:25 komodoNA sshd[27533]: Connection closed by 181.39.89.146 [preauth]
./auth.log:18645:Mar  9 13:11:24 komodoNA sshd[27636]: Invalid user user01 from 181.39.89.146
./auth.log:18646:Mar  9 13:11:24 komodoNA sshd[27636]: input_userauth_request: invalid user user01 [preauth]
./auth.log:18647:Mar  9 13:11:24 komodoNA sshd[27636]: Connection closed by 181.39.89.146 [preauth]
./auth.log:18652:Mar  9 13:13:20 komodoNA sshd[27740]: Invalid user user2 from 181.39.89.146
./auth.log:18653:Mar  9 13:13:20 komodoNA sshd[27740]: input_userauth_request: invalid user user2 [preauth]
./auth.log:18654:Mar  9 13:13:20 komodoNA sshd[27740]: Connection closed by 181.39.89.146 [preauth]
./auth.log:18659:Mar  9 13:15:16 komodoNA sshd[27843]: Invalid user user3 from 181.39.89.146
./auth.log:18660:Mar  9 13:15:16 komodoNA sshd[27843]: input_userauth_request: invalid user user3 [preauth]
./auth.log:18661:Mar  9 13:15:16 komodoNA sshd[27843]: Connection closed by 181.39.89.146 [preauth]
./auth.log:18664:Mar  9 13:16:43 komodoNA sshd[27897]: Received disconnect from 59.49.224.224: 11: ok [preauth]
./auth.log:18669:Mar  9 13:17:10 komodoNA sshd[27959]: Invalid user user02 from 181.39.89.146
./auth.log:18670:Mar  9 13:17:10 komodoNA sshd[27959]: input_userauth_request: invalid user user02 [preauth]
./auth.log:18671:Mar  9 13:17:11 komodoNA sshd[27959]: Connection closed by 181.39.89.146 [preauth]
./auth.log:18676:Mar  9 13:19:06 komodoNA sshd[28062]: Invalid user user03 from 181.39.89.146
./auth.log:18677:Mar  9 13:19:06 komodoNA sshd[28062]: input_userauth_request: invalid user user03 [preauth]
./auth.log:18678:Mar  9 13:19:06 komodoNA sshd[28062]: Connection closed by 181.39.89.146 [preauth]
./auth.log:18683:Mar  9 13:21:01 komodoNA sshd[28119]: Invalid user user1 from 181.39.89.146
./auth.log:18684:Mar  9 13:21:01 komodoNA sshd[28119]: input_userauth_request: invalid user user1 [preauth]
./auth.log:18685:Mar  9 13:21:01 komodoNA sshd[28119]: Connection closed by 181.39.89.146 [preauth]
./auth.log:18688:Mar  9 13:22:57 komodoNA sshd[28222]: Invalid user user2 from 181.39.89.146
./auth.log:18689:Mar  9 13:22:57 komodoNA sshd[28222]: input_userauth_request: invalid user user2 [preauth]
./auth.log:18690:Mar  9 13:22:57 komodoNA sshd[28222]: Connection closed by 181.39.89.146 [preauth]
./auth.log:18695:Mar  9 13:24:54 komodoNA sshd[28326]: Invalid user user3 from 181.39.89.146
./auth.log:18696:Mar  9 13:24:54 komodoNA sshd[28326]: input_userauth_request: invalid user user3 [preauth]
./auth.log:18697:Mar  9 13:24:54 komodoNA sshd[28326]: Connection closed by 181.39.89.146 [preauth]
./auth.log:18702:Mar  9 13:26:49 komodoNA sshd[28429]: Invalid user usertest from 181.39.89.146
./auth.log:18703:Mar  9 13:26:49 komodoNA sshd[28429]: input_userauth_request: invalid user usertest [preauth]
./auth.log:18704:Mar  9 13:26:50 komodoNA sshd[28429]: Connection closed by 181.39.89.146 [preauth]
./auth.log:18709:Mar  9 13:28:47 komodoNA sshd[28532]: Invalid user dev from 181.39.89.146
./auth.log:18710:Mar  9 13:28:47 komodoNA sshd[28532]: input_userauth_request: invalid user dev [preauth]
./auth.log:18711:Mar  9 13:28:47 komodoNA sshd[28532]: Connection closed by 181.39.89.146 [preauth]
./auth.log:18714:Mar  9 13:29:55 komodoNA sshd[28586]: fatal: no matching cipher found: client aes128-cbc,blowfish-cbc,3des-cbc server [email protected],[email protected],aes256-ctr,aes128-ctr [preauth]
./auth.log:18715:Mar  9 13:29:58 komodoNA sshd[28588]: fatal: no matching cipher found: client aes128-cbc,blowfish-cbc,3des-cbc server [email protected],[email protected],aes256-ctr,aes128-ctr [preauth]
./auth.log:18718:Mar  9 13:30:01 komodoNA sshd[28590]: Did not receive identification string from 123.31.32.58
./auth.log:18719:Mar  9 13:30:55 komodoNA sshd[28640]: Invalid user mysql from 181.39.89.146
./auth.log:18720:Mar  9 13:30:55 komodoNA sshd[28640]: input_userauth_request: invalid user mysql [preauth]
./auth.log:18721:Mar  9 13:30:55 komodoNA sshd[28640]: Connection closed by 181.39.89.146 [preauth]
./auth.log:18726:Mar  9 13:32:59 komodoNA sshd[28744]: fatal: no matching mac found: client hmac-md5,hmac-sha1 server [email protected],[email protected],[email protected],hmac-sha2-512,hmac-sha2-256,hmac-ripemd160 [preauth]
./auth.log:18729:Mar  9 13:33:02 komodoNA sshd[28795]: fatal: no matching mac found: client hmac-md5,hmac-sha1 server [email protected],[email protected],[email protected],hmac-sha2-512,hmac-sha2-256,hmac-ripemd160 [preauth]

/etc/ssh/sshd_config content: 

root@rescue:/mnt/root# cat /mnt/etc/ssh/sshd_config | egrep -v '^[[:space:]]*#|^[[:space:]]*$|^[[:space:]]*;'
Port 22
Protocol 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_ed25519_key
UsePrivilegeSeparation yes
KeyRegenerationInterval 3600
ServerKeyBits 1024
SyslogFacility AUTH
LogLevel INFO
LoginGraceTime 120
PermitRootLogin no
StrictModes yes
RSAAuthentication yes
PubkeyAuthentication yes
IgnoreRhosts yes
RhostsRSAAuthentication no
HostbasedAuthentication no
PermitEmptyPasswords no
ChallengeResponseAuthentication no
PasswordAuthentication no
X11Forwarding yes
X11DisplayOffset 10
PrintMotd no
PrintLastLog yes
TCPKeepAlive yes
AcceptEnv LANG LC_*
Subsystem sftp /usr/lib/openssh/sftp-server
UsePAM yes
Ciphers [email protected],[email protected],aes256-ctr,aes128-ctr
MACs [email protected],[email protected],[email protected],hmac-sha2-512,hmac-sha2-256,hmac-ripemd160
KexAlgorithms diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1
    
por Alex 09.03.2017 / 21:57

1 resposta

0

Em relação à sua edição. Assumindo que o SSH está inativo,

Você pode, a partir do seu modo de recuperação, verificar os logs e ver por que o SSH não está chegando.

  • Ir para o modo de recuperação
  • Faça login no servidor
  • cd em /var/log
  • execute algo como grep -rn sshd .

Isso deve começar a trazer resultados relacionados ao servidor SSH. Veja se você pode começar a encontrar erros e começar a postar os erros. Se houver um registro de data e hora, veja se você pode encontrar erros desde a última vez que reiniciou o servidor.

Verifique o espaço em disco e que seu usuário não está em nenhuma sub-rotina não permitida. 

DenyUsers <username>
    
por rovr138 09.03.2017 / 23:08
Faça login como usuário unix usando a senha armazenada em htpasswd -SUID- Não é possível executar um arquivo "-rwsr-xr-x" como root