Welcome to Centmin Mod Community
Become a Member

sshd_config bug

Discussion in 'Bug Reports' started by Sean, Nov 4, 2015.

Tags:
  1. Sean

    Sean New Member

    16
    2
    3
    Oct 23, 2015
    Ratings:
    +8
    Local Time:
    11:11 AM
    1.8
    not using Maria yet
    Hi,

    I had an issue where a fresh install of 123.08stable is locking me out. At first I thought it was a CSF issue. So, I started 2 ssh sessions logged out of one and could not log back in even with a white listed IP. So I checked ssh and it was dead (still allowing a ssh connection started before install). My /etc/ssh/sshd_config had this at the bottom:

    Example 1.

    UseDNS noClientAliveInterval 3600
    ClientAliveCountMax 120
    UseDNS no
    When it should have been this:

    Example 2.

    ClientAliveInterval 3600
    ClientAliveCountMax 120
    UseDNS no
    I started a new fresh install on a newly launched EC2 and inspected sshd_config before firing up the install and it was fine. After the install sshd_config had the new directives appended to an existing line as in example 1.

    In inc/sshd.inc the following:

    if [[ -z "$CHECKVALUES" ]]; then
    echo "ClientAliveInterval 3600" >> /etc/ssh/sshd_config
    echo "ClientAliveCountMax 120" >> /etc/ssh/sshd_config
    echo "UseDNS no" >> /etc/ssh/sshd_config
    #echo "ServerAliveInterval 120" >> /etc/ssh/sshd_config
    #echo "ServerAliveCountMax 120" >> /etc/ssh/sshd_config
    fi

    Change to
    if [[ -z "$CHECKVALUES" ]]; then
    echo -e "\n \n" >> /etc/ssh/sshd_config
    echo "ClientAliveInterval 3600" >> /etc/ssh/sshd_config
    echo "ClientAliveCountMax 120" >> /etc/ssh/sshd_config
    echo "UseDNS no" >> /etc/ssh/sshd_config
    #echo "ServerAliveInterval 120" >> /etc/ssh/sshd_config
    #echo "ServerAliveCountMax 120" >> /etc/ssh/sshd_config
    fi
    I haven't run this but I think it will do the trick.

    BR,
    Sean

    P.S. This is on AWS.

    Also, I read that on the CSF page that OpenVZ does not support ipset. Just wanted to let you know that it appears to be running.








     
  2. eva2000

    eva2000 Administrator Staff Member

    46,469
    10,555
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +16,388
    Local Time:
    1:11 AM
    Nginx 1.19.x
    MariaDB 5.5/10.x
    Thanks for that will look into the bug !
    FYI, Amazon EC2 runs Xen virtualisation not OpenVZ so IPSET works on Amazon EC2 :)
     
  3. eva2000

    eva2000 Administrator Staff Member

    46,469
    10,555
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +16,388
    Local Time:
    1:11 AM
    Nginx 1.19.x
    MariaDB 5.5/10.x
    strange the last line of my centos 6.7 after centmin mod install looks like
    Code:
    # Example of overriding settings on a per-user basis
    #Match User anoncvs
    #       X11Forwarding no
    #       AllowTcpForwarding no
    #       ForceCommand cvs server
    ClientAliveInterval 3600
    ClientAliveCountMax 120
    UseDNS no
    and it should of only appended once to sshd_config if ClientAliveInterval 3600 was not detected in sshd_config. Looks like for you it appended twice as you had UseDNS no above ClientAliveInterval 3600 ?
     
  4. eva2000

    eva2000 Administrator Staff Member

    46,469
    10,555
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +16,388
    Local Time:
    1:11 AM
    Nginx 1.19.x
    MariaDB 5.5/10.x