Koozali.org: home of the SME Server

ssh

Offline draven

  • ***
  • 53
  • +0/-0
ssh
« on: May 07, 2012, 12:23:33 PM »
Salve a tutti, il mio problema è questo:
ho uno sme server 8 che gestisce sito web e posta elettronica di un dominio registrato con gestione del dns tramite la quale rimando il dominio stesso a un mio indirizzo ip. il server ha due schede di rete di cui una con indirizzo ip pubblico e l'altra indirizzo ip della lan. il server è configurato con accesso remoto ssh abilitato dall'esterno e da sempre io lo usavo così: ssh -l root www.miodominio.it password ed entravo. la stessa ssh la usavo anche come sftp sempre sulla porta 22. ora da qualche giorno il server continua a funzionare normalmente ma se tento l'accesso dall'esterno il demone ssh mi chiede la password, la inserisco e li si ferma. stessa cosa anche su sftp. Vado in sede provo un accesso root in locale sul server e la password è quella. vado in server manager cambio la conf dell'accesso remoto e invece che pubblica la metto solo alla rete locale (tanto ho la vpn ci entro anche dall'esterno, penso) provo da un altro pc della lan ma niente stesso problema. riavvio il demone ssh... niente. Qualcuno può aiutarmi?

Offline Stefano

  • *
  • 10,894
  • +3/-0
Re: ssh
« Reply #1 on: May 07, 2012, 12:34:23 PM »
stato di aggiornamento della macchina?
c'è qualcosa nei log di ssh?
e  in /var/log/messages?

Offline draven

  • ***
  • 53
  • +0/-0
Re: ssh
« Reply #2 on: May 07, 2012, 12:47:28 PM »
il server è 8.0 beta 5, l'sshd è all'ultima versione, l'ho aggiornato dopo che si è presentato il problema pensando di risolvere ma anche li ho fallito.

in messages filtrato con ssh c'è questo:

May  4 12:06:53 galileo esmith::event[2118]: expanding /etc/rssh.conf 
May  4 12:06:56 galileo esmith::event[2118]: expanding /etc/ssh/sshd_config 
May  4 12:07:20 galileo esmith::event[2118]: Running event handler: /etc/e-smith/events/bootstrap-console-save/S65sshd-conf
May  4 12:07:20 galileo esmith::event[2118]: S65sshd-conf=action|Event|bootstrap-console-save|Action|S65sshd-conf|Start|1336126040 312679|End|1336126040 407733|Elapsed|0.095054
May  4 12:08:40 galileo /etc/e-smith/web/panels/manager/cgi-bin/remoteaccess[4008]: /home/e-smith/db/configuration: OLD sshd=service|LoginGraceTime|600|MaxAuthTries|2|PasswordAuthentication|yes|PermitRootLogin|yes|Protocol|2|TCPPort|22|UsePAM|yes|access|private|status|enabled
May  4 12:08:40 galileo /etc/e-smith/web/panels/manager/cgi-bin/remoteaccess[4008]: /home/e-smith/db/configuration: NEW sshd=service|LoginGraceTime|600|MaxAuthTries|2|PasswordAuthentication|yes|PermitRootLogin|yes|Protocol|2|TCPPort|22|UsePAM|yes|access|public|status|enabled
May  4 12:08:40 galileo esmith::event[4009]: expanding /etc/rssh.conf 
May  4 12:08:41 galileo esmith::event[4009]: expanding /etc/ssh/sshd_config 
May  4 12:08:41 galileo esmith::event[4009]: Running event handler: /etc/e-smith/events/remoteaccess-update/S65sshd-conf
May  4 12:08:42 galileo esmith::event[4009]: S65sshd-conf=action|Event|remoteaccess-update|Action|S65sshd-conf|Start|1336126121 991621|End|1336126122 60287|Elapsed|0.068666
May  4 12:08:42 galileo esmith::event[4009]: adjusting supervised sshd (sighup) 
May  4 12:08:42 galileo esmith::event[4009]: adjusting supervised sshd (up) 
May  4 12:30:16 galileo sshd[4545]: error: Bind to port 22 on 0.0.0.0 failed: Address already in use.
May  4 12:30:16 galileo sshd[4545]: fatal: Cannot bind any address.
May  4 12:34:44 galileo esmith::event[4595]: expanding /etc/rssh.conf 
May  4 12:34:45 galileo esmith::event[4595]: expanding /etc/ssh/sshd_config 
May  4 12:34:45 galileo esmith::event[4595]: Running event handler: /etc/e-smith/events/remoteaccess-update/S65sshd-conf
May  4 12:34:45 galileo esmith::event[4595]: S65sshd-conf=action|Event|remoteaccess-update|Action|S65sshd-conf|Start|1336127685 237882|End|1336127685 306518|Elapsed|0.068636
May  4 12:34:45 galileo esmith::event[4595]: adjusting supervised sshd (sighup) 
May  4 12:34:45 galileo esmith::event[4595]: adjusting supervised sshd (up) 
May  7 12:07:18 galileo /etc/e-smith/web/panels/manager/cgi-bin/remoteaccess[3207]: /home/e-smith/db/configuration: OLD sshd=service|LoginGraceTime|600|MaxAuthTries|2|PasswordAuthentication|yes|PermitRootLogin|yes|Protocol|2|TCPPort|22|UsePAM|yes|access|public|status|enabled
May  7 12:07:18 galileo /etc/e-smith/web/panels/manager/cgi-bin/remoteaccess[3207]: /home/e-smith/db/configuration: NEW sshd=service|LoginGraceTime|600|MaxAuthTries|2|PasswordAuthentication|yes|PermitRootLogin|yes|Protocol|2|TCPPort|222|UsePAM|yes|access|public|status|enabled
May  7 12:07:19 galileo esmith::event[3208]: expanding /etc/rssh.conf 
May  7 12:07:20 galileo esmith::event[3208]: expanding /etc/ssh/sshd_config 
May  7 12:07:20 galileo esmith::event[3208]: Running event handler: /etc/e-smith/events/remoteaccess-update/S65sshd-conf
May  7 12:07:20 galileo esmith::event[3208]: S65sshd-conf=action|Event|remoteaccess-update|Action|S65sshd-conf|Start|1336385240 498871|End|1336385240 567545|Elapsed|0.068674
May  7 12:07:20 galileo esmith::event[3208]: adjusting supervised sshd (sighup) 
May  7 12:07:20 galileo esmith::event[3208]: adjusting supervised sshd (up) 
May  7 12:08:40 galileo /etc/e-smith/web/panels/manager/cgi-bin/remoteaccess[3402]: /home/e-smith/db/configuration: OLD sshd=service|LoginGraceTime|600|MaxAuthTries|2|PasswordAuthentication|yes|PermitRootLogin|yes|Protocol|2|TCPPort|222|UsePAM|yes|access|public|status|enabled
May  7 12:08:40 galileo /etc/e-smith/web/panels/manager/cgi-bin/remoteaccess[3402]: /home/e-smith/db/configuration: NEW sshd=service|LoginGraceTime|600|MaxAuthTries|2|PasswordAuthentication|yes|PermitRootLogin|yes|Protocol|2|TCPPort|22|UsePAM|yes|access|public|status|enabled
May  7 12:08:40 galileo esmith::event[3403]: expanding /etc/rssh.conf 
May  7 12:08:41 galileo esmith::event[3403]: expanding /etc/ssh/sshd_config 
May  7 12:08:41 galileo esmith::event[3403]: Running event handler: /etc/e-smith/events/remoteaccess-update/S65sshd-conf
May  7 12:08:41 galileo esmith::event[3403]: S65sshd-conf=action|Event|remoteaccess-update|Action|S65sshd-conf|Start|1336385321 644874|End|1336385321 714890|Elapsed|0.070016
May  7 12:08:41 galileo esmith::event[3403]: adjusting supervised sshd (sighup) 
May  7 12:08:41 galileo esmith::event[3403]: adjusting supervised sshd (up)

per quanto riguarda i log ssh c'è un elenco infinito di tentativi di accesso dall'esterno (e io sono sicuro che sono loro la causa del problema)
non li posto tutti perchè è una cosa immane, posto solo l'ultimo pezzo cioè da quando mi sono accorto del problema:

2012-05-03 04:37:42.604175500 Failed password for root from 60.217.235.5 port 53554 ssh2
2012-05-03 04:37:42.604274500 Connection closed by 60.217.235.5
2012-05-03 06:09:19.873298500 Did not receive identification string from 93.211.158.247
2012-05-03 13:03:46.314606500 Failed password for root from 60.217.235.5 port 52332 ssh2
2012-05-03 13:03:46.314750500 Connection closed by 60.217.235.5
2012-05-03 13:42:57.098736500 Failed password for root from 219.235.240.41 port 43215 ssh2
2012-05-03 13:42:57.098882500 Connection closed by 219.235.240.41
2012-05-03 14:51:20.712184500 Accepted password for root from 172.16.1.242 port 50061 ssh2
2012-05-03 14:53:16.936288500 Accepted password for root from 95.242.44.174 port 60736 ssh2
2012-05-03 14:55:11.539480500 Accepted password for root from 95.242.44.174 port 60760 ssh2
2012-05-03 14:57:44.020543500 Accepted password for root from 95.242.44.174 port 60774 ssh2
2012-05-03 14:59:14.172141500 Accepted password for root from 95.242.44.174 port 60779 ssh2
2012-05-03 15:01:34.230509500 Server listening on 0.0.0.0 port 22.
2012-05-03 15:03:01.904969500 Received signal 15; terminating.
2012-05-03 15:03:50.810582500 Server listening on 0.0.0.0 port 22.
2012-05-03 15:04:19.308408500 Accepted password for root from 95.242.44.174 port 61787 ssh2
2012-05-03 15:04:57.766465500 Accepted password for root from 95.242.44.174 port 61789 ssh2
2012-05-03 15:08:11.081156500 Accepted password for root from 95.242.44.174 port 61796 ssh2
2012-05-03 15:10:11.095195500 Failed password for root from 95.242.44.174 port 61809 ssh2
2012-05-03 15:10:11.095197500 Connection closed by 95.242.44.174
2012-05-03 15:10:58.235083500 Accepted password for root from 95.242.44.174 port 61797 ssh2
2012-05-03 15:11:57.310346500 Failed password for root from 95.242.44.174 port 61810 ssh2
2012-05-03 15:11:57.310446500 Connection closed by 95.242.44.174
2012-05-03 15:13:42.256633500 Accepted password for root from 95.242.44.174 port 61802 ssh2
2012-05-04 09:14:31.717426500 Did not receive identification string from 119.2.119.78
2012-05-04 09:24:33.842379500 reverse mapping checking getaddrinfo for leasedline-119-2-119-78.sdfs.druknet.bt failed - POSSIBLE BREAK-IN ATTEMPT!
2012-05-04 09:24:40.112073500 Invalid user alexis from 119.2.119.78
2012-05-04 09:24:40.112988500 reverse mapping checking getaddrinfo for leasedline-119-2-119-78.sdfs.druknet.bt failed - POSSIBLE BREAK-IN ATTEMPT!
2012-05-04 09:24:40.113139500 input_userauth_request: invalid user alexis
2012-05-04 09:25:02.640292500 reverse mapping checking getaddrinfo for leasedline-119-2-119-78.sdfs.druknet.bt failed - POSSIBLE BREAK-IN ATTEMPT!
2012-05-04 12:02:44.123161500 Received SIGHUP; restarting.
2012-05-04 12:02:44.129658500 Server listening on 172.16.1.7 port 22.
2012-05-04 12:07:34.319262500 Server listening on 172.16.1.7 port 22.
2012-05-04 12:08:42.127841500 Received SIGHUP; restarting.
2012-05-04 12:08:42.134455500 Server listening on 0.0.0.0 port 22.
2012-05-04 12:10:23.318213500 Accepted password for root from 172.16.1.121 port 1075 ssh2
2012-05-04 12:30:16.529601500 Received signal 15; terminating.
2012-05-04 12:30:16.538202500 Server listening on 0.0.0.0 port 22.
2012-05-04 12:33:03.558443500 Accepted password for root from 172.16.1.121 port 1252 ssh2
2012-05-04 12:34:45.373488500 Received SIGHUP; restarting.
2012-05-04 12:34:45.380035500 Server listening on 0.0.0.0 port 22.
2012-05-04 13:15:18.591897500 Failed password for root from 220.172.191.31 port 39731 ssh2
2012-05-04 13:15:18.592106500 Connection closed by 220.172.191.31
2012-05-04 13:15:40.231566500 Failed password for root from 61.7.252.242 port 36107 ssh2
2012-05-04 13:15:40.231651500 Connection closed by 61.7.252.242
2012-05-04 19:27:09.580795500 Failed password for root from 31.222.139.112 port 36241 ssh2
2012-05-04 19:27:09.580937500 Connection closed by 31.222.139.112
2012-05-04 22:44:13.962028500 Failed password for root from 38.100.167.135 port 58664 ssh2
2012-05-04 22:44:13.962078500 Connection closed by 38.100.167.135
2012-05-04 23:26:03.157312500 Failed password for root from 38.100.167.135 port 44065 ssh2
2012-05-04 23:26:03.157373500 Connection closed by 38.100.167.135
2012-05-05 00:08:38.070299500 Failed password for root from 38.100.167.135 port 49869 ssh2
2012-05-05 00:08:38.070397500 Connection closed by 38.100.167.135
2012-05-05 00:51:47.380930500 Failed password for root from 38.100.167.135 port 45170 ssh2
2012-05-05 00:51:47.381089500 Connection closed by 38.100.167.135
2012-05-05 01:35:16.518713500 Failed password for root from 38.100.167.135 port 49793 ssh2
2012-05-05 01:35:16.518825500 Connection closed by 38.100.167.135
2012-05-05 01:51:03.597011500 Did not receive identification string from UNKNOWN
2012-05-05 01:58:04.027831500 Read from socket failed: Connection reset by peer
2012-05-05 02:19:06.536099500 Failed password for root from 38.100.167.135 port 52415 ssh2
2012-05-05 02:19:06.536156500 Connection closed by 38.100.167.135
2012-05-05 03:03:09.642136500 Failed password for root from 38.100.167.135 port 41660 ssh2
2012-05-05 03:03:09.642186500 Connection closed by 38.100.167.135
2012-05-05 03:25:02.527597500 Failed password for root from 60.217.235.5 port 41904 ssh2
2012-05-05 03:25:02.527750500 Write failed: Broken pipe
2012-05-05 03:47:56.316255500 Failed password for root from 38.100.167.135 port 34287 ssh2
2012-05-05 03:47:56.316366500 Write failed: Broken pipe
2012-05-05 03:50:40.892519500 Failed password for root from 60.217.235.5 port 36895 ssh2
2012-05-05 03:50:40.892615500 Write failed: Broken pipe
2012-05-05 04:32:55.207045500 Failed password for root from 38.100.167.135 port 54662 ssh2
2012-05-05 04:32:55.207130500 Write failed: Broken pipe
2012-05-05 05:17:41.424905500 Failed password for root from 38.100.167.135 port 53005 ssh2
2012-05-05 05:17:41.425009500 Write failed: Broken pipe
2012-05-05 06:02:57.650745500 Failed password for root from 38.100.167.135 port 52364 ssh2
2012-05-05 06:02:57.650902500 Write failed: Broken pipe
2012-05-05 06:47:44.406485500 Failed password for root from 38.100.167.135 port 41221 ssh2
2012-05-05 06:47:44.406596500 Write failed: Broken pipe
2012-05-05 16:03:10.364425500 Did not receive identification string from 60.215.8.6
2012-05-05 16:10:07.559618500 Invalid user globus from 60.215.8.6
2012-05-05 16:10:07.593419500 input_userauth_request: invalid user globus
2012-05-05 16:10:10.638402500 Invalid user ambrosia from 60.215.8.6
2012-05-05 16:10:10.638432500 input_userauth_request: invalid user ambrosia
2012-05-05 16:10:13.755180500 Invalid user cadi from 60.215.8.6
2012-05-05 16:10:13.755815500 input_userauth_request: invalid user cadi
2012-05-05 16:10:31.601960500 Connection closed by 60.215.8.6
2012-05-05 16:10:35.421708500 Invalid user bridge from 60.215.8.6
2012-05-05 16:10:35.422370500 input_userauth_request: invalid user bridge
2012-05-05 16:10:43.045237500 Invalid user undernet from 60.215.8.6
2012-05-05 16:10:43.045872500 input_userauth_request: invalid user undernet
2012-05-05 16:11:02.470983500 Invalid user globus from 60.215.8.6
2012-05-05 16:11:02.471776500 input_userauth_request: invalid user globus
2012-05-05 16:11:09.421009500 Read from socket failed: Connection reset by peer
2012-05-05 16:11:24.145690500 Connection closed by 60.215.8.6
2012-05-05 16:11:28.121795500 Invalid user undernet from 60.215.8.6
2012-05-05 16:11:28.122475500 input_userauth_request: invalid user undernet
2012-05-05 16:11:28.327689500 Connection closed by 60.215.8.6
2012-05-05 16:11:30.449109500 Invalid user bridge from 60.215.8.6
2012-05-05 16:11:30.449762500 input_userauth_request: invalid user bridge
2012-05-05 16:11:30.635152500 Connection closed by 60.215.8.6
2012-05-05 21:07:52.823052500 Did not receive identification string from 113.254.180.7
2012-05-05 22:06:23.836567500 Invalid user a from 46.23.72.242
2012-05-05 22:06:23.868744500 input_userauth_request: invalid user a
2012-05-05 23:57:39.942406500 Did not receive identification string from 210.71.174.50
2012-05-07 00:16:16.739779500 Received disconnect from 172.158.35.99: 11: User exit
2012-05-07 12:07:20.636537500 Received SIGHUP; restarting.
2012-05-07 12:07:20.643500500 Server listening on 0.0.0.0 port 222.
2012-05-07 12:08:17.322620500 Did not receive identification string from 172.16.1.241
2012-05-07 12:08:41.784115500 Received SIGHUP; restarting.
2012-05-07 12:08:41.788948500 Server listening on 0.0.0.0 port 22.

Offline Stefano

  • *
  • 10,894
  • +3/-0
Re: ssh
« Reply #3 on: May 07, 2012, 12:52:13 PM »
b5? M A L E

aggiorna asap please, poi rivediamo

cambia inoltre la porta di default di ssh su qualcosa > 1024, è decisamente meglio

Offline draven

  • ***
  • 53
  • +0/-0
Re: ssh
« Reply #4 on: May 07, 2012, 03:08:41 PM »
aggiornato a b7 ora riesco ad entrare ma dall'invio della psw alla visualizzazione del [root@server]# passano circa 5 minuti o_O

Offline Stefano

  • *
  • 10,894
  • +3/-0
Re: ssh
« Reply #5 on: May 07, 2012, 03:18:55 PM »
sei sicuro che a livello infrastrutturale (di rete/connessione) non sia cambiato NULLA?

Offline draven

  • ***
  • 53
  • +0/-0
Re: ssh
« Reply #6 on: May 07, 2012, 03:24:16 PM »
nessuno ha toccato nulla (anche perchè solo io potrei toccare qualcosa) da un bel pò di tempo. perchè me lo chiedi? che idea ti sei fatto?

Offline Stefano

  • *
  • 10,894
  • +3/-0
Re: ssh
« Reply #7 on: May 07, 2012, 03:28:54 PM »
perchè mi capita la stessa cosa (lentezza estrema tra quando inserisco la password e quando ottengo il prompt) su alcune macchine (che non gestisco e non sono SME) ma confrontando i file di conf di ssh con quelli in uso sui "miei" SME non ci sono differenze.. quindi pare essere legato più all'infrastruttura che al servizio

Offline draven

  • ***
  • 53
  • +0/-0
Re: ssh
« Reply #8 on: May 08, 2012, 06:15:21 PM »
l'ultima cosa notata è che se invece di utilizzare ssh per la console la utilizzo per accedere in sftp (aumentando però il timeout del client) riesco ad accedere sempre dopo i soliti 5 minuti ma durante la connessione ricevo queste stringhe:

Stato:   Calcolo scostamento fuso orario del server...
Comando:   mtime ".mysql_history.TMP"
Risposta:   1326305405
Stato:   Differenza di fuso orario: Server: 3600 secondi. Locale: 7200 secondi. Differenza: 3600 secondi.

o_O

Offline Stefano

  • *
  • 10,894
  • +3/-0
Re: ssh
« Reply #9 on: May 08, 2012, 06:19:01 PM »
questo non penso influenzi, ma ti consiglio di verificare le impostazioni del timeserver di SME