Getting below issue while connecting Azure VM through VSCode but we are able to connect through Putty when we used .ppk file. Getting below error when we used both .ppk & .pem using ssh configin VSCode.
Error: Permission denied(Public key)
Below are the ssh logs:
root#VMWDEPOCEUS001:/var/log# tail -30 auth.log Oct 27 10:19:12 VMWDEPOCEUS001 sshd[3087]: Failed password for invalid user ssh user from 156.163.33.75 port 56425 ssh2 Oct 27 10:19:14 VMWDEPOCEUS001 sshd[3087]: Failed password for invalid user ssh user from 156.163.33.75 port 56425 ssh2 Oct 27 10:19:15 VMWDEPOCEUS001 sshd[3087]: Connection reset by invalid user ssh user 156.163.33.75 port 56425 [preauth] Oct 27 10:23:52 VMWDEPOCEUS001 sshd[3095]: Invalid user ssh user1 from 156.163.33.75 port 56590 Oct 27 10:23:57 VMWDEPOCEUS001 sshd[3095]: Failed none for invalid user ssh user1 from 156.163.33.75 port 56590 ssh2 Oct 27 10:24:00 VMWDEPOCEUS001 sshd[3095]: Failed password for invalid user ssh user1 from 156.163.33.75 port 56590 ssh2 Oct 27 10:24:04 VMWDEPOCEUS001 sshd[3095]: Failed password for invalid user ssh user1 from 156.163.33.75 port 56590 ssh2 Oct 27 10:24:05 VMWDEPOCEUS001 sshd[3095]: Connection reset by invalid user ssh user1 156.163.33.75 port 56590 [preauth] Oct 27 10:25:26 VMWDEPOCEUS001 sshd[3099]: Accepted password for user1 from 156.163.33.75 port 56649 ssh2 Oct 27 10:25:26 VMWDEPOCEUS001 sshd[3099]: pam_unix(sshd:session): session opened for user user1 by (uid=0) Oct 27 10:25:26 VMWDEPOCEUS001 systemd-logind[1238]: New session 6 of user user1. Oct 27 10:25:28 VMWDEPOCEUS001 sshd[3167]: Accepted password for user1 from 156.163.33.75 port 56651 ssh2 Oct 27 10:25:28 VMWDEPOCEUS001 sshd[3167]: pam_unix(sshd:session): session opened for user user1 by (uid=0) Oct 27 10:25:28 VMWDEPOCEUS001 systemd-logind[1238]: New session 7 of user user1. Oct 27 10:27:00 VMWDEPOCEUS001 sshd[3258]: Invalid user ssh user1 from 156.163.33.75 port 26689 Oct 27 10:27:14 VMWDEPOCEUS001 sshd[3258]: pam_unix(sshd:auth): check pass; user unknown Oct 27 10:27:14 VMWDEPOCEUS001 sshd[3258]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=156.163.33.75 Oct 27 10:27:16 VMWDEPOCEUS001 sshd[3258]: Failed password for invalid user ssh user1 from 156.163.33.75 port 26689 ssh2 Oct 27 10:27:30 VMWDEPOCEUS001 sshd[3258]: pam_unix(sshd:auth): check pass; user unknown Oct 27 10:27:33 VMWDEPOCEUS001 sshd[3258]: Failed password for invalid user ssh user1 from 156.163.33.75 port 26689 ssh2 Oct 27 10:27:47 VMWDEPOCEUS001 sshd[3258]: pam_unix(sshd:auth): check pass; user unknown Oct 27 10:27:49 VMWDEPOCEUS001 sshd[3258]: Failed password for invalid user ssh user1 from 156.163.33.75 port 26689 ssh2 Oct 27 10:27:49 VMWDEPOCEUS001 sshd[3258]: Connection reset by invalid user ssh user1 156.163.33.75 port 26689 [preauth] Oct 27 10:27:49 VMWDEPOCEUS001 sshd[3258]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=156.163.33.75 Oct 27 10:31:22 VMWDEPOCEUS001 sshd[3279]: Invalid user ssh user1 from 156.163.33.75 port 56826 Oct 27 10:31:34 VMWDEPOCEUS001 sshd[3279]: pam_unix(sshd:auth): check pass; user unknown Oct 27 10:31:34 VMWDEPOCEUS001 sshd[3279]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=156.163.33.75 Oct 27 10:31:35 VMWDEPOCEUS001 sshd[3279]: Failed password for invalid user ssh user1 from 156.163.33.75 port 56826 ssh2 Oct 27 10:32:09 VMWDEPOCEUS001 sshd[3279]: pam_unix(sshd:auth): check pass; user unknown Oct 27 10:32:10 VMWDEPOCEUS001 sshd[3279]: Failed password for invalid user ssh user1 from 156.163.33.75 port 56826 ssh2
Expectation: Need to connect to Azure Ubuntu (18.04) VM using VSCode config file
I tried to reproduce the same in my environment SSH is connected to Azure Ubuntu (18.04) VM using VSCode successfully.
As per Docs Putty is not supported occurs an error. try to install OpenSSh client
Change your user as root:
sudo -s
Try to install ssh or if already install update it and enable your ssh and check whether your status is active like below
sudo apt-get install ssh
sudo apt-get update
systemctl enable ssh.service
systemctl status ssh.service
Generate a ssh key. Try to avoid ssh -i please use user#hostname while configure ssh host like below.
Check whether u have provided config file host, user and hostname are correct.
When I try to connect, I got the same error and ssh log like below.
To resolve this issue:
First try to change your password using sudo passwd root update the password and enable Password Authentication run sudo nano /etc/ssh/sshd_config it will open nano editor like below.
Once your nano editor change a filesystem permission of you scroll down place your cursor in # press insert insert type PermitRootlogin yes and pubkeyauthentication yes press escape &: x Enter
Restart the SSH service by following this command:
sudo systemctl reload sshd
And try to connect with ssh user#hostname it's work.
If still you are facing issue, please check in root ssh install and update check status is active lie above and in nano editor check
PasswordAuthentication
ChallengeResponseAuthentication
GSSAPIAuthentication yes
GSSAPICleanupCredentials no
UsePAM yes
To know more in detail please refer this link:
SSH Failed Permission Denied by phoenixnap
Connect over SSH with Visual Studio Code
Related
I am unable to restart my apache server to successfully install the SSL certificates.
I get the following error
Job for httpd.service failed because the control process exited with error code. See "systemctl status httpd.service" and "journalctl -xe" for details.
I have tried several articles and the root cause seems to be the following
Mar 29 13:05:09 localhost.localdomain httpd\[1234546\]: (98)Address already in use: AH00072: make_sock: could not bind to address \[::\]:80
Mar 29 13:05:09 localhost.localdomain httpd\[1234546\]: (98)Address already in use: AH00072: make_sock: could not bind to address 0.0.0.0:80
I am able to diagnose the issue and get the following output and is also attached. I am unable to proceed further. Can you please help ?
Server - AlmaLinux 8
Host - IONOS
Server version: Apache/2.4.37 (AlmaLinux)
-- Unit session-62994.scope has finished starting up.
-
-- Unit session-62994.scope has finished starting up.
-
-- The unit session-62994.scope has successfully entered the 'dead' state.
Mar 31 06:07:10 localhost.localdomain dhclient\[1326\]: XMT: Solicit on ens192, interval 110600ms.
Mar 31 06:07:10 localhost.localdomain dhclient\[1326\]: RCV: Advertise message on ens192 from fe80::250:56ff:fe8c:84c6.
Mar 31 06:07:10 localhost.localdomain dhclient\[1326\]: RCV: Advertise message on ens192 from fe80::250:56ff:fe9a:f13a.
Mar 31 06:07:30 localhost.localdomain sshd\[1297516\]: Invalid user sui from 167.99.68.65 port 48488
Mar 31 06:07:30 localhost.localdomain sshd\[1297516\]: pam_unix(sshd:auth): check pass; user unknown
Mar 31 06:07:30 localhost.localdomain sshd\[1297516\]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.68.65
Mar 31 06:07:32 localhost.localdomain sshd\[1297516\]: Failed password for invalid user sui from 167.99.68.65 port 48488 ssh2
Mar 31 06:07:34 localhost.localdomain sshd\[1297516\]: Received disconnect from 167.99.68.65 port 48488:11: Bye Bye \[preauth\]
Mar 31 06:07:34 localhost.localdomain sshd\[1297516\]: Disconnected from invalid user sui 167.99.68.65 port 48488 \[preauth\]
Mar 31 06:07:44 localhost.localdomain unix_chkpwd\[1297520\]: password check failed for user (root)
Mar 31 06:07:44 localhost.localdomain sshd\[1297518\]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.27 user=root
Mar 31 06:07:46 localhost.localdomain sshd\[1297518\]: Failed password for root from 61.177.173.27 port 58626 ssh2
Mar 31 06:07:46 localhost.localdomain unix_chkpwd\[1297521\]: password check failed for user (root)
\[root#localhost \~\]# ss --listening --tcp --numeric --processes
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 128 0.0.0.0:80 0.0.0.0:\* users:(("nginx",pid=1087,fd=10),("nginx",pid=1086,fd=10),("nginx",pid=1084,fd=10))
LISTEN 0 128 0.0.0.0:22 0.0.0.0:\* users:(("sshd",pid=1335,fd=5))
LISTEN 0 128 0.0.0.0:443 0.0.0.0:\* users:(("nginx",pid=1087,fd=11),("nginx",pid=1086,fd=11),("nginx",pid=1084,fd=11))
LISTEN 0 128 \[::\]:22 \[::\]:\* users:(("sshd",pid=1335,fd=7))
LISTEN 0 80 \*:3306 *:* users:(("mysqld",pid=1098,fd=19))
Tried -
apachectl configtest - Result: syntax ok
setenforce 0
I have installed FreeBSD and need to run regularly reverse shell to establish and keep alive SSH connection to the client (no public IP). When running the ssh -R script from the terminal, it works as expected, but when I run it as a cron command, the connection is established and disconnected right after that.
Here is auth.log from the server:
Jan 26 08:50:00 sshd[9696]: Accepted publickey for XXXX from XXX.XXX.XXX.XXX port XXXXX ssh2: RSA SHA256: xxxxxxxxx
Jan 26 08:50:00 sshd[9696]: pam_unix(sshd:session): session opened for user XXXX by (uid=0)
Jan 26 08:50:00 systemd: pam_unix(systemd-user:session): session opened for user XXXX by (uid=0)
Jan 26 08:50:01 systemd-logind[458]: New session 107 of user XXXX.
Jan 26 08:50:01 sshd[9794]: Received disconnect from XXX.XXX.XXX.XXX port XXXXX:11: disconnected by user
Jan 26 08:50:01 sshd[9794]: Disconnected from user XXXX XXX.XXX.XXX.XXX port XXXXX
Jan 26 08:50:01 sshd[9696]: pam_unix(sshd:session): session closed for user XXXX
Jan 26 08:50:01 systemd-logind[458]: Session 107 logged out. Waiting for processes to exit.
Jan 26 08:50:01 systemd-logind[458]: Removed session 107.
Do you have an idea, what causes this behavior and how to fix it?
Solved - see posts above. Thanks
I currently have my raspberry pi port forwarded for SSH connection, so i can access it at work.
Whilst looking at 'journalctl -xe' i have seen tons of failed SSH login requests.
I have changed my raspberry pi to key logins rather than password based. Is there anything else i can do to stop this guy from trying to break in? Or better security to stop him accessing it?
Dec 20 19:46:36 raspberrypi sshd[1929]: Received disconnect from 106.250.183.218 port 20371:11: Bye Bye [preauth]
Dec 20 19:46:36 raspberrypi sshd[1929]: Disconnected from 106.250.183.218 port 20371 [preauth]
Dec 20 19:47:58 raspberrypi sshd[1931]: Received disconnect from 221.194.47.245 port 37247:11: [preauth]
Dec 20 19:47:58 raspberrypi sshd[1931]: Disconnected from 221.194.47.245 port 37247 [preauth]
Dec 20 19:48:50 raspberrypi sshd[1934]: Did not receive identification string from 23.254.161.114 port 51435
Dec 20 19:50:15 raspberrypi sshd[1935]: Did not receive identification string from 195.154.60.109 port 64642
Dec 20 19:50:15 raspberrypi sshd[1936]: Invalid user user from 195.154.60.109 port 64943
Dec 20 19:50:15 raspberrypi sshd[1936]: input_userauth_request: invalid user user [preauth]
Dec 20 19:50:15 raspberrypi sshd[1936]: error: Received disconnect from 195.154.60.109 port 64943:3: com.jcraft.jsch.JSchException: Auth fail [preauth]
Dec 20 19:50:15 raspberrypi sshd[1936]: Disconnected from 195.154.60.109 port 64943 [preauth]
Dec 20 20:02:05 raspberrypi sshd[1997]: Did not receive identification string from 195.154.60.109 port 51264
Dec 20 20:02:06 raspberrypi sshd[1998]: Invalid user user from 195.154.60.109 port 51418
Dec 20 20:02:06 raspberrypi sshd[1998]: input_userauth_request: invalid user user [preauth]
Dec 20 20:02:06 raspberrypi sshd[1998]: error: Received disconnect from 195.154.60.109 port 51418:3: com.jcraft.jsch.JSchException: Auth fail [preauth]
Dec 20 20:02:06 raspberrypi sshd[1998]: Disconnected from 195.154.60.109 port 51418 [preauth]
Dec 20 20:02:31 raspberrypi sshd[2002]: Did not receive identification string from 91.227.47.234 port 53975
Dec 20 20:02:32 raspberrypi sshd[2003]: Invalid user user from 91.227.47.234 port 53982
Dec 20 20:02:32 raspberrypi sshd[2003]: input_userauth_request: invalid user user [preauth]
Dec 20 20:02:32 raspberrypi sshd[2003]: Received disconnect from 91.227.47.234 port 53982:11: Bye Bye [preauth]
Dec 20 20:02:32 raspberrypi sshd[2003]: Disconnected from 91.227.47.234 port 53982 [preauth]
Dec 20 20:03:05 raspberrypi sshd[2023]: Did not receive identification string from 103.79.142.58 port 50841
Dec 20 20:03:08 raspberrypi sshd[2024]: Invalid user user from 103.79.142.58 port 52943
Dec 20 20:03:08 raspberrypi sshd[2024]: input_userauth_request: invalid user user [preauth]
Dec 20 20:03:08 raspberrypi sshd[2024]: error: Received disconnect from 103.79.142.58 port 52943:3: com.jcraft.jsch.JSchException: Auth fail [preauth]
You can also limit the number of attemps with fail2ban.
The default config is fine for ssh server.
sudo apt-get update
sudo apt-get install fail2ban
If you're not looking to disable password access to all accounts, disabling the root login via your sshd_config file (as mentioned by #ramrunner) would definitely cut down on the vast majority of SSH brute force attempts. Nevertheless, this can still leave your other login accounts vulnerable.
One way to mitigate this would be to configure iptables to only allow external SSH attempts from certain IP addresses or IP blocks. If your external work IP address does not change, you could configure iptables to block all external SSH attempts except from your work IP.
SSH brute force attacks can suck the resources from low powered servers with a minimal amount of processors (CPU) and memory (RAM). This could be the case with your raspberry pi.
We developed a solution named am-deny-hosts that helps to block these attacks. It downloads IP address black lists of known SSH attackers and adds them to the /etc/hosts.deny file.
It is released as an open source project on GitHub. You get a set of shell scripts that protects your raspberry PI without taking up a lot of time, CPU, or memory. Whats more we made it very simple to install.
This question might be better migrated to serverfault or security.stackexchange.
As #larsks said, these automated attacks are in vain if you have disabled password logins. Make sure you also have
PermitRootLogin no
in your sshd_config .If you don't want to limit it yourself from iptables as per #larsks link you can install fail2ban.
Finally i have found that running sshd on a non standard port helps with the automated scans too.
Using Python 3.5 i am composing a bit of code to analyze the /var/log/auth.log and discern a few happenings from it. I am on Ubuntu 17.04 with default settings for the output to /var/log/auth.log
I am attempting to quantify a failed login event. However when i inspect the log file. It seems to me that a failed login event is logged multiple times. Is it safe to infer that all the lines below correspond to one failed login attempt as the call goes through the different layers of the system? Or is each line below a separate failed login attempt.
Lines that i am inclined to attribute to one failed login attempt:
Jun 21 20:05:33 node1 sshd[24969]: Failed password for invalid user root from 221.194.47.252 port 43974 ssh2
Jun 21 20:05:38 node1 sshd[24969]: message repeated 2 times: [ Failed password for invalid user root from
221.194.47.252 port 43974 ssh2]
Jun 21 20:05:38 node1 sshd[24969]: Received disconnect from 221.194.47.252 port 43974:11: [preauth]
Jun 21 20:05:38 node1 sshd[24969]: Disconnected from 221.194.47.252 port 43974 [preauth]
Jun 21 20:05:38 node1 sshd[24969]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser=
rhost=221.194.47.252 user=root
Jun 21 20:05:41 node1 sshd[24971]: User root from 221.194.47.252 not allowed because none of user's groups are listed
in AllowGroups
Jun 21 20:05:41 node1 sshd[24971]: input_userauth_request: invalid user root [preauth]
Jun 21 20:05:42 node1 sshd[24971]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser=
rhost=221.194.47.252 user=root
More context:
Jun 21 20:05:33 node1 sshd[24969]: Failed password for invalid user root from 221.194.47.252 port 43974 ssh2
Jun 21 20:05:38 node1 sshd[24969]: message repeated 2 times: [ Failed password for invalid user root from
221.194.47.252 port 43974 ssh2]
Jun 21 20:05:38 node1 sshd[24969]: Received disconnect from 221.194.47.252 port 43974:11: [preauth]
Jun 21 20:05:38 node1 sshd[24969]: Disconnected from 221.194.47.252 port 43974 [preauth]
Jun 21 20:05:38 node1 sshd[24969]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser=
rhost=221.194.47.252 user=root
Jun 21 20:05:41 node1 sshd[24971]: User root from 221.194.47.252 not allowed because none of user's groups are listed
in AllowGroups
Jun 21 20:05:41 node1 sshd[24971]: input_userauth_request: invalid user root [preauth]
Jun 21 20:05:42 node1 sshd[24971]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser=
rhost=221.194.47.252 user=root
Jun 21 20:05:44 node1 sshd[24971]: Failed password for invalid user root from 221.194.47.252 port 42071 ssh2
Jun 21 20:05:48 node1 sshd[24971]: message repeated 2 times: [ Failed password for invalid user root from
221.194.47.252 port 42071 ssh2]
Jun 21 20:05:49 node1 sshd[24971]: Received disconnect from 221.194.47.252 port 42071:11: [preauth]
Jun 21 20:05:49 node1 sshd[24971]: Disconnected from 221.194.47.252 port 42071 [preauth]
Jun 21 20:05:49 node1 sshd[24971]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser=
rhost=221.194.47.252 user=root
Jun 21 20:05:51 node1 sshd[24976]: User root from 221.194.47.252 not allowed because none of user's groups are listed
in AllowGroups
Jun 21 20:05:51 node1 sshd[24976]: input_userauth_request: invalid user root [preauth]
Jun 21 20:05:51 node1 sshd[24976]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser=
rhost=221.194.47.252 user=root
Jun 21 20:05:54 node1 sshd[24976]: Failed password for invalid user root from 221.194.47.252 port 58648 ssh2
Jun 21 20:05:58 node1 sshd[24976]: message repeated 2 times: [ Failed password for invalid user root from
221.194.47.252 port 58648 ssh2]
Jun 21 20:05:59 node1 sshd[24976]: Received disconnect from 221.194.47.252 port 58648:11: [preauth]
Jun 21 20:05:59 node1 sshd[24976]: Disconnected from 221.194.47.252 port 58648 [preauth]
Jun 21 20:05:59 node1 sshd[24976]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser=
rhost=221.194.47.252 user=root
Jun 21 20:06:02 node1 sshd[24980]: User root from 221.194.47.252 not allowed because none of user's groups are listed
in AllowGroups
Jun 21 20:06:02 node1 sshd[24980]: input_userauth_request: invalid user root [preauth]
Jun 21 20:06:02 node1 sshd[24980]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser=
rhost=221.194.47.252 user=root
Should i go by the pid of the sshd process to determine one failed login attempt? I can't go by the port since over one connection per port, multiple failed login attempts can occur and i am trying to be as granular as possible in counting failed login attempts for analysis later.
Any other ideas? My next step is to grep the sshd source or pam to see what i can find.
I was starting the postgresql service by
systemctl start postgresql.service
It was raising an error as below
Job for postgresql.service failed. See "systemctl status postgresql.service" and "journalctl -xn" for details.
Please help how to start the service through command line in linux?
Output for journalctl -xn
osboxes:/home/osboxes # journalctl -xn
-- Logs begin at Wed 2015-04-08 10:08:38 BST, end at Tue 2016-03-22 14:15:07 GMT. --
Mar 22 14:09:03 osboxes wickedd[824]: eno16777760: Notified neighbours about IP address 192.168
Mar 22 14:09:03 osboxes wickedd[824]: route ipv4 0.0.0.0/0 via 192.168.182.2 dev eno16777760 ty
Mar 22 14:09:04 osboxes wickedd[824]: Skipping hostname update, none available
Mar 22 14:15:01 osboxes cron[9120]: pam_unix(crond:session): session opened for user root by (u
Mar 22 14:15:01 osboxes systemd[9121]: pam_unix(systemd-user:session): session opened for user
Mar 22 14:15:01 osboxes CRON[9120]: pam_unix(crond:session): session closed for user root
Mar 22 14:15:01 osboxes systemd[9122]: pam_unix(systemd-user:session): session closed for user
Mar 22 14:15:07 osboxes postgresql[9160]: Initializing PostgreSQL 9.3.11 at location ~postgres/
Mar 22 14:15:07 osboxes postgresql[9160]: ..failed
Mar 22 14:15:07 osboxes postgresql[9160]: You can find a log of the initialisation in ~postgres