Hi, please I need help for an issue with ClearOS
I am new wiht this OS, I just bought a HP Proliant Gen10 that come with ClearOS installed
I get to configurated all and installed an application and a database, anbd work perfectly
I use SSH and FTP to configurate and upload files to the server
I needed to connect to the Server remotely so I opened the port 20, 21 and 22 (FTP and SSH) to work on the server updating the application I installed, but i get several connect attempts to the server so I closed them again, but now I can not get SSH or FTP even from a machine on the same LAN. As soon as I open a putty SSH window and logged in wiht root or other user the connection is lost and I get logged off inmediatelly
I checked the notifications report on the webconfig and it show me the user logged in and the user logged out automatically
Can someone help me I tried openning the ports again and the result is the same, so I can not logged in or upload files with the FTP (same thing happens)
Please, am I lossing some configuration or permission?
Thanks
I am new wiht this OS, I just bought a HP Proliant Gen10 that come with ClearOS installed
I get to configurated all and installed an application and a database, anbd work perfectly
I use SSH and FTP to configurate and upload files to the server
I needed to connect to the Server remotely so I opened the port 20, 21 and 22 (FTP and SSH) to work on the server updating the application I installed, but i get several connect attempts to the server so I closed them again, but now I can not get SSH or FTP even from a machine on the same LAN. As soon as I open a putty SSH window and logged in wiht root or other user the connection is lost and I get logged off inmediatelly
I checked the notifications report on the webconfig and it show me the user logged in and the user logged out automatically
Can someone help me I tried openning the ports again and the result is the same, so I can not logged in or upload files with the FTP (same thing happens)
Please, am I lossing some configuration or permission?
Thanks
In SSH Server
Share this post:
Responses (12)
-
Accepted Answer
You don't indicate the type of system you are using to login from. If it is a system using the ssh command, then the following should provide useful information. On the few Windows machines here, cygwin is installed so they can be administered using linux commands ***
# ssh -l root -vvv your.clearos.ip
You should also be able to log in from the clearos console, stop sshd using systemctl, then start sshd manually using multiple -d options to get debug output on the console...
All of the ssh problems here have been resolved after a resolution of any of the following issues...
1) Incorrect permissions for the ~/.ssh directory or contents
2) Inappropriate options in the /etc/ssh/sshd_config file
3) Forgetting to give the user a shell using the Shell Extension app in Webconfig
Note also that the use of DSA keys in rhel/centos/clearos 7.x openssh is deprecated, so if you need to use them, then options are required to be added to either or both ssh/sshd config files...
*** this is extremely useful when the the windows graphics screen locks up ignoring mouse and keyboard input - mostly windows is still running, so you can login using ssh and then shutdown the system gracefully using "shutdown -h now" or reboot using "shutdown -r now", rather than holding down the power-on button... -
Accepted Answer
I have no idea on this one. You can google around. I tried looking for "ssh closes on login" and found posts like this - but don't go changing things like PAM settings. In order to get access to your system you may need to boot into recovery mode. The documentation is incomplete for v7 here and is better for v6 here. Alternatively you can boot from any live CD (I use Porteus but it is a slightly strange distro).
Form those links I'd look for /bin/false or /sbin/nologin in the /etc/passwd file for root.
As you have webconfig access, are you able to install the Shell Extension app and give a user SSH access? I suspect, even if you can, the usser won't get su or sudo access.
[edit]
Note, if you use a recovery disk or live cd/usb, the files you need to check are not the actual /etc/passwd or whatever files. Those are form the sustem you booted from. You need to navigate to where your recovery system has mounted your ClearOS disk.
[/edit] -
Accepted Answer
-
Accepted Answer
Hi Nick,
it is not a password issue, because if it was that way I can not access to the webconfig
I did the ssh login yesterday and get this from the logs
Secure
Nov 8 14:09:52 server sshd[12498]: Accepted password for root from 192.168.1.51 port 50267 ssh2
Nov 8 14:09:52 server sshd[12498]: pam_unix(sshd:session): session opened for user root by (uid=0)
Nov 8 14:09:52 server sshd[12498]: pam_unix(sshd:session): session closed for user root
Message
Nov 8 14:09:52 server systemd: Created slice User Slice of root.
Nov 8 14:09:52 server systemd: Starting User Slice of root.
Nov 8 14:09:52 server systemd-logind: New session 211 of user root.
Nov 8 14:09:52 server systemd: Started Session 211 of user root.
Nov 8 14:09:52 server systemd: Starting Session 211 of user root.
Nov 8 14:09:52 server systemd-logind: Removed session 211.
Nov 8 14:09:52 server systemd: Removed slice User Slice of root.
Nov 8 14:09:52 server systemd: Stopping User Slice of root.
Those are from the exact moment I logged in and the server kick me out
At the system log there is nothing on the time
Thanks for your help -
Accepted Answer
-
Accepted Answer
-
Accepted Answer
Hi Nick
First of all, thank you so much to taking time helping me
As I said, I have access to the webconfig, so I did what you indicated me (I am including the SSH, Firewall, and Network configuration)
I did the looking for the message, system and secure (by the way it begins to fail on November 4) so I found on messages log this:
Nov 4 12:27:11 server systemd: sshd.service: main process exited, code=killed, status=9/KILL
Nov 4 12:27:11 server systemd: Unit sshd.service entered failed state.
Nov 4 12:27:11 server systemd: sshd.service failed.
Nov 4 12:27:53 server systemd: sshd.service holdoff time over, scheduling restart.
Nov 4 18:21:45 server webconfig: Redirecting to /bin/systemctl stop sshd.service
Nov 4 18:21:55 server webconfig: Redirecting to /bin/systemctl start sshd.service
at the secure I found repeated message like this:
Nov 4 21:48:09 server sshd[19303]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Nov 4 21:48:11 server sshd[19303]: Failed password for root from 68.183.125.253 port 55672 ssh2
Nov 4 21:48:11 server sshd[19303]: Received disconnect from 68.183.125.253 port 55672:11: Bye Bye [preauth]
Nov 4 21:48:11 server sshd[19303]: Disconnected from 68.183.125.253 port 55672 [preauth]
Nov 4 21:48:12 server sshd[19305]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.125.253 user=root
but like you can see this IP is not from my location, these are attempts to access the server
Is there something else I can do?
Thank you again -
Accepted Answer
Can you navigate to Webconfig > Network > Infrastructure > SSH Server and check it is running and make a screendump of the settings.
Then install the Log Viewer from the Marketplace, if you don't have it, and try to connect to ssh then have a look at your logs through Webconfig > Reports > Performance and Resources > Log Viewer and look in the secure log. Filter for ssh.
You can try all the principal logs (messages, secure and system) and filter by time by putting something like:
in the filter. You need to type it in rather than copy from the screen which removes spaces. In the date there are 2 spaces between the v and 7. Look for any obvious errors and authentication rejections. You can also use the search feature but you'll have to play with it. You'd need to quote the date search.Nov 7 12:3
Especially once filtered by date and a bit of time (perhaps just the hour), you can then export the results of the query and use a text editor (e.g.Notepad++) to look at the logs in slow time. -
Accepted Answer
Yes I have access to the webconfig, it is the only thing i can access, that is why I know that I am getting logging in and logging out, becuase the reports. And, 'no' ... I didnt disable root logins in the webconfig. So I am really worried, cause without access to the console (SSH or directly) I cant do anything. I even try to get a backup of older configuration, but it didnt work either. -
Accepted Answer
-
Accepted Answer
Hi my friend,
Thank you for your help, I tried what you said
- I get the interface : enp2s0f0
- Exit to the text console
- press Alt + F2 and get the request the user and password
- and the problem again, as soon as I put the root and the password correct the system login me and logged me out again
So, I am in the same situation
Please do you have any other suggestion, I am losing my mind with this
Thanks -
Accepted Answer
Opening SSH to the internet will get lots of hostile login attempts. Even changing ports does not totally help. If you require external access, longer term I suggest you use OpenVPN to connect to the server then you can SSH to the server as if you are on your LAN.
How did you close the ports? Through the webconfig? Does your Webconfig still work? Can you get to the console? From the console you can get to a command line but mine is broken for the moment. If you have the graphical console note the name of your LAN interface - probably enp2s0f0 of enp2s0f1. Then exit to a text console then you get an option to go alt+f2 for a shell terminal. At the command line, can you then type:
This will insert a temporary firewall rule. If you play with the firewall in the Webconfig you will lose this rule and have to reapply it.iptables -I INPUT -s your_LAN_interface -j ACCEPT
Then see if you can get into PuTTY. If you can, please give the output to:iptables -nvL
[edit]
As a thought, if you are using the Attack Detector, you could have locked out your IP by incorrect passwords. You can test that by trying to log on from another PC. If it is the Attack Detector the ban will be lifted in 24H, and you may want to consider whitelisting your LAN (see its documentation).
[/edit]
Please login to post a reply
You will need to be logged in to be able to post a reply. Login using the form on the right or register an account if you are new here.
Register Here »