Our automated script connects to third party server (using proxy), to get some files over sftp.
It usually works fine. On a random day, I got below error. What could be the root cause.?
sftp> mget TR_ACK*.txt
Bad packet length 1131376238.
ssh_dispatch_run_fatal: Connection to UNKNOWN port 65535: Connection corrupted
Connection closed
Edit: FYI- Our script runs every 5min. The above issue occured at 12:05 min. The run at 12:00 min was also failed as the server was down at 12:00. The server was just up just before the time was 12:05 minutes.
Related
using centos7 and denyhosts 2.9 i noticed some strange behavior.
My config is set to:
DENY_THRESHOLD_INVALID = 3
DENY_THRESHOLD_VALID = 10
Which, in my understanding is like: after 3 failed login attempts of NON-EXISTING users from hosts X, deny that host.
After 10 failed logins attempts from EXISTING users from hosts X, deny that host.
While the latter works just fine, the DENY_THRESHOLD_INVALID = 3 setting does not work.
What i noticed is that the /var/log/secure, that danyhosts parses, does handly logns from non-existing accounts and logins from account that exist but are using the wrong pasword, are handled differently.
Aug 10 12:32:42 ftp sshd[27176]: Invalid user adminx from xxx.128.30.135 port 42800
Aug 10 12:32:42 ftp sshd[27176]: input_userauth_request: invalid user adminx [preauth]
Aug 10 12:32:42 ftp sshd[27176]: Connection closed by xxx.128.30.135 port 42800 [preauth]
vs.
Aug 10 12:33:46 ftp sshd[27238]: Failed password for exchange from xxx.128.30.135 port 42802 ssh2
Does anyone know of denyhosts has problems parsing the /var/log/secure file on centos with non-existing accounts vs. existing accounts that use wrong passwords?
Denyhosts debug log also does not say anything. It seems to ignore the login attempt from non-existend users.
any help would be appreciated. Thanks.
For some strange reason unknown to me, my RPi appears to have been set incorrectly to UTC +65s. The output I receive is the following:
sudo ntpd -gq
ntpd: time set -65.706156s
I have tried stopping and restarting ntp server (no effect).
When I check the sync servers using the following command, I do receive a ping back so it's not a case of the servers not responding, or a firewall issue:
grep -P "^server" /etc/ntp.conf
server 0.debian.pool.ntp.org iburst
server 1.debian.pool.ntp.org iburst
server 2.debian.pool.ntp.org iburst
server 3.debian.pool.ntp.org iburst
ping -c 1 0.debian.pool.ntp.org
PING 0.debian.pool.ntp.org (193.1.219.116) 56(84) bytes of data.
64 bytes from tbag.heanet.ie (193.1.219.116): icmp_req=1 ttl=51 time=18.8 ms
--- 0.debian.pool.ntp.org ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 18.818/18.818/18.818/0.000 ms
I'm at a loss as to how to correct this.
UPDATE:
Running the ntpq -p command yields the following info:
remote refid st t when poll reach delay offset jitter
==============================================================================
*adsl-172-10-0-1 117.70.*.110 4 u 2 64 7 0.617 -0.070 0.109
Is this the ntp server that I'm trying to sync to - because that IP belongs to CHINANET (I don't know how or why).
I also tried to manually set the RPi time, after stopping ntp service, setting the time correctly and restarting the service.
What I noticed was that the time was correctly set for a good 5 seconds, before reverting back to it's 65s offset. So it appears that this is the issue.
Found the solution as described in post 6 of the link:
http://forum.openmediavault.org/index.php/Thread/13035-Raspberry-Pi-NTP-service-not-using-etc-ntp-conf/
Basically, connecting the RPi to the network, the DHCP server acts as the NTP server and creates a copy of the ntp.conf file in the location /var/lib/ntp/ntp.conf.dhcp
This file overrides the default /etc/ntp.conf file, so deleting it and then stopping the ntp service, performing a resync, and then starting the service is the only way to resolve this.
The command for resync is:
sudo ntpdate -b pool.ntp.org
The original issue was that the ntp server was syncing with a CHINANET server and causing a 65s offset, which I suspect is down to a misconfigured DCHP/NTP server on our network.
Slackware OS, trying to setup fetchmail
I have coded this .fetchmailrc file:
set daemon 600 //fetches mail every hour or 60 minutes.
set logfile /root/fetchmail.log
poll 10.200.***.** protocol POP3
user "bob" password "bob" is "bob" here preconnect "date>>/root/fetchmail.log"
ssl
no rewrite
keep
It worked before but now it is failing to retrieve mail, i checked the fetchmail.log file and i get this error:
Thu Nov 5 10:15:32 GMT 2015
fetchmail: connection errors for this poll:
name 0: connection to 10.200.***.**:pop3s [10.200.***.**/995] failed: Connection refused.
fetchmail: POP3 connection to 10.200.***.** failed: Connection refused
fetchmail: Query status=2 (SOCKET)
I've reset the daemons, ended the process and no progress.
I had exactly the same problem on a Mageia 5 Linux. Apparently, I
solved it by redoing network configuration, which the Mageia can do
with a single click on the relevant Configure button in the Network
Center window.
I did not touch my .fetchmailrc file.
I thought I had rsnapshot all setup properly, but after checking my logs the next day I found the following:
[05/Sep/2014:10:34:11] /usr/bin/rsnapshot daily: ERROR: /usr/bin/rsync returned 12 while processing john#192.168.0.102:/media/linuxstorage/docs/
What does return code "12" mean?
To see what was going on, I ran it manually and went off to do other things:
raspberrypi $ sudo rsnapshot daily
Well lo and hehold, it had been sitting there waiting for my password.
john#192.168.0.102's password:
Connection closed by 192.168.0.102
rsync: connection unexpectedly closed (0 bytes received so far) [Receiver]
rsync error: error in rsync protocol data stream (code 12) at io.c(605) [Receiver=3.0.9]
----------------------------------------------------------------------------
rsnapshot encountered an error! The program was invoked with these options:
/usr/bin/rsnapshot daily
----------------------------------------------------------------------------
ERROR: /usr/bin/rsync returned 12 while processing bgrissom#192.168.0.102:/medi/linuxstorage/docs/
I had changed the rsnapshot user from pi to root in /etc/crontab and root was not setup the "ssh without a password" keys for the remote host. All I had to do to fix this is:
raspberrypi $ sudo bash
raspberrypi # ssh-copy-id john#192.168.0.102
The fact: return code "12" means there is something wrong with authentication to remote server.
I ran into this also and seems like this is the most common problem for getting that error:
ERROR: /usr/bin/rsync returned 12 while processing .....
Problem: rsnapshot uses rsync under the hood and can't connect because you probably never actually connected to that remote server.
Solution: You have to connect to that remote server at least once manually through terminal from that machine where rsnapshot is running
with: ssh remote_user#remote_server.domain
so that you confirm the connection and then entry can be made to known_hosts!
After that rsnapshot worked for me.
This time I have another question. This one is related to FTP. We have an ftp server say 127.0.0.2. The application server is on ip say 127.0.0.1. From the application server, we connect to the FTP server every 10 minutes and pull or push certain files in the INWARD and OUTWARD folders respectively.
The ftp server is running linux with the following details:
-bash-3.2$ uname -n
ftpserver.companyname.com
-bash-3.2$ uname
Linux
-bash-3.2$ uname -r
2.6.18-308.13.1.el5
The problem is that the FTP user gets locked automatically on a random basis. Random meaning really random... This instance it is working but within the next 15 seconds it will get locked triggering of an alert and thus requiring user intervention to get it unlocked.
To check when the locking is happening, we wrote a monitoring shell script to check the ftp connection every 15 seconds. This script will only connect to the ftp machine and quit. If everything is ok, it will not do anything but if connection fails it will mail the stake holders with the ftp log.
SCRIPT >>
ftp -niv $FTP_HOST <<END_SCRIPT > $FTP_LOG
quote USER $FTP_USER
quote PASS $FTP_PASSWD
quit
END_SCRIPT
Now if we see the log generated from the script, we can see the below information:
LOG >>
::::: DATE/TIME = Wed Apr 23 17:35:00 UTC 2014 :::::
Step 1 complete : Initialised log file ~/ftp_support_23_Apr_2014.log
Step 2 complete : Completed check for ftp login
FTP connection to 127.0.0.2 is ok.
Step 3 completed. Deleted ftp.log
::::: DATE/TIME = Wed Apr 23 17:35:15 UTC 2014 :::::
Step 1 complete : Initialised log file ~/ftp_support_23_Apr_2014.log
Step 2 complete : Completed check for ftp login
FTP user username is locked on 127.0.0.2.
Step 3 completed. Deleted ftp.log
----- SAME OUTPUT AS ABOVE EVERY 15 SECONDS TILL USER IS UNLOCKED ------
Here the ftp user was unlocked by the SA.
::::: DATE/TIME = Wed Apr 23 17:41:40 UTC 2014 :::::
Step 1 complete : Initialised log file ~/ftp_support_23_Apr_2014.log
Step 2 complete : Completed check for ftp login
FTP connection to 127.0.0.2 is ok.
Step 3 completed. Deleted ftp.log
Now the question that we all have is what could have happened in 15 seconds causing the user to get locked? At 17:35:00 UTC the connection is ok, at 17:35:15 UTC, the connection goes dead. The log which is mailed to the stake holders is as below -
MAILED FTP LOG >>
Connected to 127.0.0.2.
220 (vsFTPd 2.0.5)
530 Please login with USER and PASS.
530 Please login with USER and PASS.
331 Please specify the password.
530 Login incorrect.
221 Goodbye.
Now we know for sure, that the password is read from a encrypted config file and used by the program. If it works every 10 mins, then there is no problem with the program sending the password to the ftp user. And any system user is not typing in the password incorrectly. Hence the question here is what do we need to check at our end?
How do we interpret the 530 Login incorrect. error message? Can anyone suggest what we have to do here? Has the SA changed any setting on the ftp server? What can we ask them to check at OS level or for the ftp service?
If the output of any command is needed or if any running service needs to be checked, let me know.