Atomicorp

Security for Everyone
https://forums.atomicorp.com/

Cannot access via ssh after reboot

https://forums.atomicorp.com/viewtopic.php?t=1691

Page 1 of 1

Cannot access via ssh after reboot

Posted: Thu Jul 19, 2007 7:48 am
by tomkerswill
Hi everyone,

This is probably something really stupid I'm doing wrong, but I was wondering if anyone can help. I ran asl 2 in fix mode (asl -f), and then rebooted my box. After a few minutes, everything comes up fine, and the sites are accessible. I also get several emails and security alerts from OSSEC, which is great, and suggests everything's working fine.

The only problem is, there's no ssh access. nmap reveals:

21/tcp open ftp
25/tcp open smtp
53/tcp open domain
80/tcp open http
106/tcp open pop3pw
110/tcp open pop3
143/tcp open imap
443/tcp open https
465/tcp open smtps
993/tcp open imaps
995/tcp open pop3s
8443/tcp open https-alt

I *can* access Plesk, but just can't get shell access at all. The only thing that occurs to me is that, in the configuration steps of asl, I didn't specify any whitelist hosts for whom OSSEC rules would not apply. Any advice would be gratefully received!

I'm sure I'll be able to reboot into rescue mode and gain ssh access that way, and that'll be pretty straightforward, so if anybody has any hints or suggestions as to what config files I could change to get ssh up again, that would be really appreciated,

Thanks in advance!

Tom

Posted: Thu Jul 19, 2007 9:30 am
by Highland
Have you tried using Plesk's built in SSH client? Just a thought.

Posted: Thu Jul 19, 2007 12:39 pm
by scott
Yeah you might have shunned yourself if you had a bad login. The default time is 600 seconds.

Theres a whitelist setting that is useful to keep that from happening from your management system(s).

Posted: Thu Jul 19, 2007 12:39 pm
by tomkerswill
Hi Highland,
Ah, thanks for the idea. Unfortunately I did try it :-( --- it's an interesting one, actually - if I click the SSH terminal client, I get a blank window (inside the Plesk frame)... I guess something's going wrong there, though I can't see the logs to find out what :-( --- everthing else on Plesk seems to work fine, just ironically not the SSH terminal... Ah well!
Tom

Posted: Thu Jul 19, 2007 2:05 pm
by breun
If the problem is that the SSH server is not accessible, then firing up Plesk's SSH client isn't going to help much.

Posted: Fri Jul 20, 2007 5:09 am
by tomkerswill
Scott - I don't think that's it, because I tried logging in afresh this morning (without doing anything beforehand), and got connection refused on port 22, even without any login attempts. Port 22 looks like it's closed.

Breun - yes, I suppose so, although since it's accessing it from 127.0.0.1 (I guess) rather than an outside network, the Plesk ssh client could conceivably have worked...

I think I'll reboot into rescue mode and try and work out what is going on from there... very strange - it's just ssh that's affected...

Posted: Fri Jul 20, 2007 5:27 am
by breun
You can run commands on your server if you can setup cronjobs from Plesk. Might be a way to check/disable/start things.

Posted: Fri Jul 20, 2007 6:01 am
by tomkerswill
Ah, thanks Breun - that hadn't occurred to me! I like it... could definitely work!

Posted: Fri Jul 20, 2007 8:52 am
by scott
yeah, works for the badguys too :P

Posted: Tue Jul 24, 2007 5:58 am
by tomkerswill
Thanks for all the help. It turned out to be a dogey sshd_config in the end ... and so that cron trick worked brilliantly - I just copied in a new sshd_config using a cron command... all fine and dandy!
Cheers
Tom
All times are UTC-04:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited