arbeite an einem Ubuntu 19.04 Digital Ocean Server. Nach dem Update sources.listauf Focal, damit ich die Repositories aktualisieren und Certbot installieren konnte, wurde ich mit der Meldung aus dem Server ausgesperrt Connection refused.
Ich konnte mich über die Digital Ocean Recovery Console anmelden und habe alle SSH-Konfigurationen, authorized_keysDateien, alles überprüft und konnte keinen Fehler finden.
Was ich gefunden habe, war ein SSH-Brute-Force-Angriff auf den Server, also habe ich den Port geändert.
Danach bekomme ich die Meldung, Connection Closedwenn ich versuche, über das Terminal eine Verbindung zum Server herzustellen.
Hier hinterlasse ich ssh_config, sshd_config, sources.list, die Ausgabe der Verbindung mit SSH und die Ausgabe von making apt updatein der Wiederherstellungskonsole.
ssh_config
# This is the ssh client system-wide configuration file. See
# ssh_config(5) for more information. This file provides defaults for
# users, and the values can be changed in per-user configuration files
# or on the command line.
# Configuration data is parsed as follows:
# 1. command line options
# 2. user-specific file
# 3. system-wide file
# Any configuration value is only changed the first time it is set.
# Thus, host-specific definitions should be at the beginning of the
# configuration file, and defaults at the end.
# Site-wide defaults for some commonly used options. For a comprehensive
# list of available options, their meanings and defaults, please see the
# ssh_config(5) man page.
Host *
#bunch of commented options
SendEnv LANG LC_*
HashKnownHosts yes
GSSAPIAuthentication yes
sshd_config
# $OpenBSD: sshd_config,v 1.103 2018/04/09 20:41:22 tj Exp $
# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.
# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options override the
# default value.
Port <PORT>
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_ecdsa_key
#HostKey /etc/ssh/ssh_host_ed25519_key
# Ciphers and keying
#RekeyLimit default none
# Logging
#SyslogFacility AUTH
#LogLevel INFO
# Authentication:
#LoginGraceTime 2m
PermitRootLogin yes
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10
PubkeyAuthentication no
# Expect .ssh/authorized_keys2 to be disregarded by default in future.
#AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2
#AuthorizedPrincipalsFile none
#AuthorizedKeysCommand none
#AuthorizedKeysCommandUser nobody
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes
# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication yes
#PermitEmptyPasswords no
# Change to yes to enable challenge-response passwords (beware issues with
# some PAM modules and threads)
ChallengeResponseAuthentication no
# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no
# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes
#GSSAPIStrictAcceptorCheck yes
#GSSAPIKeyExchange no
# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication. Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin yes
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
UsePAM no
#AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PermitTTY yes
PrintMotd no
#PrintLastLog yes
#TCPKeepAlive yes
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS no
#PidFile /var/run/sshd.pid
#MaxStartups 10:30:100
#PermitTunnel no
#ChrootDirectory none
#VersionAddendum none
# no default banner path
#Banner none
# Allow client to pass locale environment variables
AcceptEnv LANG LC_*
# override default of no subsystems
Subsystem sftp /usr/lib/openssh/sftp-server
# Example of overriding settings on a per-user basis
#Match User anoncvs
# X11Forwarding no
# AllowTcpForwarding no
# PermitTTY no
# ForceCommand cvs server
sources.list, jetzt geändert mit groovy, aber ursprünglich geändert mit focal
## Note, this file is written by cloud-init on first boot of an instance
## modifications made here will not survive a re-bundle.
## if you wish to make changes you can:
## a.) add 'apt_preserve_sources_list: true' to /etc/cloud/cloud.cfg
## or do the same in user-data
## b.) add sources in /etc/apt/sources.list.d
## c.) make changes to template file /etc/cloud/templates/sources.list.tmpl
# See http://help.ubuntu.com/community/UpgradeNotes for how to upgrade to
# newer versions of the distribution.
deb http://mirrors.digitalocean.com/ubuntu/ groovy main restricted
# deb-src http://mirrors.digitalocean.com/ubuntu/ groovy main restricted
## Major bug fix updates produced after the final release of the
## distribution.
deb http://mirrors.digitalocean.com/ubuntu/ groovy-updates main restricted
# deb-src http://mirrors.digitalocean.com/ubuntu/ groovy-updates main restricted
## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu
## team. Also, please note that software in universe WILL NOT receive any
## review or updates from the Ubuntu security team.
deb http://mirrors.digitalocean.com/ubuntu/ groovy universe
# deb-src http://mirrors.digitalocean.com/ubuntu/ groovy universe
deb http://mirrors.digitalocean.com/ubuntu/ groovy-updates universe
# deb-src http://mirrors.digitalocean.com/ubuntu/ groovy-updates universe
## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu
## team, and may not be under a free licence. Please satisfy yourself as to
## your rights to use the software. Also, please note that software in
## multiverse WILL NOT receive any review or updates from the Ubuntu
## security team.
deb http://mirrors.digitalocean.com/ubuntu/ groovy multiverse
# deb-src http://mirrors.digitalocean.com/ubuntu/ groovy multiverse
deb http://mirrors.digitalocean.com/ubuntu/ groovy-updates multiverse
# deb-src http://mirrors.digitalocean.com/ubuntu/ groovy-updates multiverse
## N.B. software from this repository may not have been tested as
## extensively as that contained in the main release, although it includes
## newer versions of some applications which may provide useful features.
## Also, please note that software in backports WILL NOT receive any review
## or updates from the Ubuntu security team.
deb http://mirrors.digitalocean.com/ubuntu/ groovy-backports main restricted universe multiverse
# deb-src http://mirrors.digitalocean.com/ubuntu/ groovy-backports main restricted universe multiverse
## Uncomment the following two lines to add software from Canonical's
## 'partner' repository.
## This software is not part of Ubuntu, but is offered by Canonical and the
## respective vendors as a service to Ubuntu users.
# deb http://archive.canonical.com/ubuntu groovy partner
# deb-src http://archive.canonical.com/ubuntu groovy partner
deb http://old-releases.ubuntu.com/ubuntu groovy-security main restricted
# deb-src http://old-releases.ubuntu.com/ubuntu groovy-security main restricted
deb http://old-releases.ubuntu.com/ubuntu groovy-security universe
# deb-src http://old-releases.ubuntu.com/ubuntu groovy-security universe
deb http://old-releases.ubuntu.com/ubuntu groovy-security multiverse
# deb-src http://old-releases.ubuntu.com/ubuntu groovy-security multiverse
auf dem Server, über die Aufnahmekonsole,sudo apt update
[...]
Err:5 groovy-updates Release
404 Not Found [IP: 172.67.148.71 80]
Err:6 Release
404 Not Found [IP: 172.67.148.71 80]
Hit:7 disco InRelease
Ign:8 disco InRelease
Err:9 disco Release
404 Not Found [IP: 185.125.190.52 80]
[...]
auf dem Kunden,ssh -vvvv -i <key> <user>@<ip>
OpenSSH_8.2p1 Ubuntu-4ubuntu0.5, OpenSSL 1.1.1f 31 Mar 2020
debug1: Reading configuration data /home/ivangk/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no files
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug2: resolve_canonicalize: hostname <IP> is address
debug2: ssh_connect_direct
debug1: Connecting to <IP> [<IP>] port <PORT>.
debug1: Connection established.
[...]
debug3: receive packet: type 6
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug3: send packet: type 50
Connection closed by <IP> port <PORT>
Ich weiß nicht, was die Ursache für dieses Problem sein könnte. Wenn ich es weiß, lsof -i:<PORT>wird der richtige Port, den ich konfiguriert habe, aktiviert und SSH ist über aktiviert systemctl status sshd.