All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Fail2ban debacle which was, and is, my fault
I got a little vps from a really nice deal here on lowend.
Ya, I don't know nothing bout vpsing but in my training I installed fail2ban and without knowing what I was doing I banned my IP, thusly meaning I will never log in with sputty or anything other ssh.
SO how it happened was, I simply vi the config file and scrolled down to the fail2ban config file and vi to add my IP to ignore, then restart fail2ban. I'm all feeling proud cause I think I added my IP to never being banned ever. To my surprise after exiting sputty, I was locked out by fail2ban.
In my broken moment of despair, I said F it and shut all the fun down for the night. Thinking maybe tomorrow the thing will fix itself, I recoiled in horror the next day when I still could not sputty in.
In my mind I went over all the shit I did and could only conclude I banned my IP with ignore. See what happens when you don't know what your doing after hours of laboring over setting up the first ever vps
SO, i reset my IP and presto, I was in again.
Begin laughter and insults now.....
Comments
All part of learning. Don't worry we were all there once. Good job on installing fail2ban though .
Like @Mun said, this is perfectly normal. I'd suggest also changing your SSH port and just denying port 22 as this will stop most issues with bots just looking for machines.
Disable root login for ssh and never use easy passwords. Heck don't even use passwords.
I usually use a key to login instead of using password.
I only allow logins from a set of private VPN IP addresses.
You could have just used the SSH login that solusvm provides. It's the konsole option and it accesses the VPS via the host node so even if you've firewalled the VPS you can still login that way. Then you delete the offending firewall rule to get regular SSH access back.
You could also ask your provider to shutdown fail2ban for you. Even unmanaged providers will do this for you if you lock yourself out like this.
Ssh keys are the way to go, with a low timeout too.
Changing port does nothing except keep some log noise down. It's not going to "protect" you just doing that..
The first thing I did was change port 22 and disabled root login. I'll look into this keys thing. Sputty tells me some key number if I trust the login but since I am still learning, I click no on that login option.
I did see port 22 got 147,000 failed logins before changing it. Fail2ban should put the brakes on that now.
I have to review ssh keys since it does sound secure in some way of its own.
It's fine to click yes, it just adds the key to your trusted list / cache.
CONGRATS! You've achieved Boneheaded Sysadmin Mistakes Level 1 and have been awarded a Junior Sysadmin Badge! Bonus: 5000 LowEndPoints
Please choose your next quest:
type 'kill -9 1' instead of 'kill -9 %1'
get typing too fast and instead of doing something like 'ifconfig eth0 down && ifconfig eth0 up' you just start with 'ifconfig eth0 down' and...oh crap, it's off the network
type 'reboot' in the wrong window
put 'rm -rf /${dir} in a script and forget to define ${dir}
write iptables scripts a few times. Bonus: do it on a High End Public Cloud place like Azure or Amazon that doesn't provide a console, forcing you to reinitialize the VM.
CHALLENGE LEVEL: write a backup script that silently fails for months and then attempt a restore
NIGHTMARE CONTINUOUS ASSAULT LEVEL: ssh on port 22, hosted on ChicagoVPS, same root password as in Solus, never change it, defend your box against the hoard!
I've done this more times than I'd like to admit.
Thanks for the nightmares ;_;
That's...a very good idea that sounds like a small headache to setup but then very robust. How many VPN servers do you have? Are they just Nyr's magic OpenVPN setup? Favorite providers?
Man... I have completed all of them.
To access SSH on all my sites/projects, you'd need to be connected through a VPN, which is password protected. You then need to connect through the VPN with a key for a successful connection. Nice n' simple, pretty safe too
Quite a drop in traffic once you change ssh port, it's quite an interesting logs experience.
Now take it to the next level with TOTP based Port Fluxing and pair it with Port Knocking :P
If it was only 'reboot' what I typed in the wrong window sometimes... :-/
Great list of challenges, by the way. I am nearly through it and will now get a box at ChicagoVPS for the ultimate NIGHTMARE CONTINUOUS ASSAULT LEVEL. That will be fun!
I run 3 VPN servers specifically for this purpose, all setup using @Nyr's script initially and then hardened because they do nothing else but act as gateways to my servers (some of which run services accessible only via the VPNs). Providers are the usual dependable crowd, Inception Hosting, Secure Dragon and Ramnode.
What is sputty?
I want to know too.
I was just about to ask the same question
Super Putty.
Empty logs are uninteresting. I'd much rather see the abusive IPs logged by a relatively secure service like sshd. That way I can take action on them before they go after some other future vulnerability, like public web services that can't so easily be kept off of port 80/443. There's nothing quite like the satisfaction of dropping a /8 into the firewall after a bunch of failed logins and knowing you don't have to deal with that part of the Internet again.