Join the community today
Register Now

sshd_config bug

Discussion in 'Bug Reports' started by Sean, Nov 4, 2015.

Tags:
  1. Sean

    Sean New Member

    16
    2
    3
    Oct 23, 2015
    Ratings:
    +8
    Local Time:
    6:01 PM
    1.8
    not using Maria yet
    Hi,

    I had an issue where a fresh install of 123.08stable is locking me out. At first I thought it was a CSF issue. So, I started 2 ssh sessions logged out of one and could not log back in even with a white listed IP. So I checked ssh and it was dead (still allowing a ssh connection started before install). My /etc/ssh/sshd_config had this at the bottom:

    Example 1.

    UseDNS noClientAliveInterval 3600
    ClientAliveCountMax 120
    UseDNS no
    When it should have been this:

    Example 2.

    ClientAliveInterval 3600
    ClientAliveCountMax 120
    UseDNS no
    I started a new fresh install on a newly launched EC2 and inspected sshd_config before firing up the install and it was fine. After the install sshd_config had the new directives appended to an existing line as in example 1.

    In inc/sshd.inc the following:

    if [[ -z "$CHECKVALUES" ]]; then
    echo "ClientAliveInterval 3600" >> /etc/ssh/sshd_config
    echo "ClientAliveCountMax 120" >> /etc/ssh/sshd_config
    echo "UseDNS no" >> /etc/ssh/sshd_config
    #echo "ServerAliveInterval 120" >> /etc/ssh/sshd_config
    #echo "ServerAliveCountMax 120" >> /etc/ssh/sshd_config
    fi

    Change to
    if [[ -z "$CHECKVALUES" ]]; then
    echo -e "\n \n" >> /etc/ssh/sshd_config
    echo "ClientAliveInterval 3600" >> /etc/ssh/sshd_config
    echo "ClientAliveCountMax 120" >> /etc/ssh/sshd_config
    echo "UseDNS no" >> /etc/ssh/sshd_config
    #echo "ServerAliveInterval 120" >> /etc/ssh/sshd_config
    #echo "ServerAliveCountMax 120" >> /etc/ssh/sshd_config
    fi
    I haven't run this but I think it will do the trick.

    BR,
    Sean

    P.S. This is on AWS.

    Also, I read that on the CSF page that OpenVZ does not support ipset. Just wanted to let you know that it appears to be running.








     
    • Informative Informative x 1
  2. eva2000

    eva2000 Administrator Staff Member

    30,161
    6,785
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,136
    Local Time:
    8:01 AM
    Nginx 1.13.x
    MariaDB 5.5
    Thanks for that will look into the bug !
    FYI, Amazon EC2 runs Xen virtualisation not OpenVZ so IPSET works on Amazon EC2 :)
     
  3. eva2000

    eva2000 Administrator Staff Member

    30,161
    6,785
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,136
    Local Time:
    8:01 AM
    Nginx 1.13.x
    MariaDB 5.5
    strange the last line of my centos 6.7 after centmin mod install looks like
    Code:
    # Example of overriding settings on a per-user basis
    #Match User anoncvs
    #       X11Forwarding no
    #       AllowTcpForwarding no
    #       ForceCommand cvs server
    ClientAliveInterval 3600
    ClientAliveCountMax 120
    UseDNS no
    and it should of only appended once to sshd_config if ClientAliveInterval 3600 was not detected in sshd_config. Looks like for you it appended twice as you had UseDNS no above ClientAliveInterval 3600 ?
     
  4. eva2000

    eva2000 Administrator Staff Member

    30,161
    6,785
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,136
    Local Time:
    8:01 AM
    Nginx 1.13.x
    MariaDB 5.5