All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
IP blocks on SSH
wemanageit
Member
I ran into a situation yesterday afternoon, which is still not mitigated, ie: back to normal...
I run several rsync scripts to a VPS, and the alarms for failures started...So I decide to SSH in... timeouts there too!
Ok.. what is going on... check some things via HTTP, ok... fine there.... hmm...
Lets check the connection on my end, no problems I was doing other things at the time any way.... Ok.. lets just change VPN nodes for giggles maybe its an issue there.. nope same thing...
Lets drop VPN... BAM instant in, scripts working...
Not acceptable... all traffic is via VPN, period....so lets try some different nodes.. ok.. I try a few nodes in the US, same thing, timeout on SSH, but other access fine... try SSH on a different port, same thing, US nodes blocked. Try it on some foreign nodes, ok that is working...
So I have tickets with the VPS provide, the VPN provider to research.
NO fail2ban is NOT in use.
NO Blocks in solusvm control, it is set to allow any IP, as I can't predict where I may need to access things.
/etc/hosts.deny is EMPTY except for the default comment block
The only change I made was this AM 6/5/14 to check to see if it was a port ISSUE, and tried some other high range port, same circumstances... regardless of port, an SSH connection to this VPS on my main VPN is not possible...The only way to alleviate this is to switch to my backup VPN, but long term that is not my solution.
I've had no problems until yesterday 6/4/14 mid afternoon US Eastern time, my scripts just ran fine, day in and day out...
I am looking for any where else to look on the VPS to rule out the VPS.. No changes have been made, and things have been running smooth for almost a year on it...
/var/log/auth.log shows nothing but the normal logins by me, and my attempts via various nodes of varying VPN nodes..and the normal PITA break in attempts...
I am not releasing names of the VPS provider or VPN, at this time as I don't think that does any one any good. As I have a pretty good feeling that the VPS and VPN hosts are not the issue but one or the others internet connection providers is doing something in routers to block VPN IP, but it is werid only SSH is effected. If I go to http://my.vps.invalid/something/ fine.
VPS: Ubuntu 12.04 ESR fully updated
VPN: OpenVPN based
I really need to get this resolved to move it back to my main VPN provider.
Comments, suggestions???
flames > /dev/null
Thanks in advance for any insights.....
Comments
do traceroute from the VPN to the VPS and the other way too. Then think on the results.
Seems like a firewall issue. You should tcpdump the connection on both client and server. If they don't match, then you know someone in the middle is breaking things for you.
You can also run ssh with -vvv and sshd with -ddd to get more debug information from OpenSSH.
Hope this helps.
Traceroute as suggested, could be a block on provider level.
Once my home IP was blocked to my vps by the providers iptables.
Well I think I found the moneky's with the wondering fingers, and they have since been dispatched!
URRRGH! I hate so called "improvements!" URRRRH!