KVM host: refusing connection on ports 22 & 9090
-
Nothing in logs?
-
@Obsolesce said in KVM host: refusing connection on ports 22 & 9090:
@FATeknollogee said in KVM host: refusing connection on ports 22 & 9090:
This past weekend one of my KVM hosts has started acting funny.
It's refusing connections on ports 22 & 9090.I was able to use the new Relay feature on MeshCentral 2 to connect via LAN but this connection only stays on for 15 secs then disconnects.
Pls throw some crazy ideas my way!!
What do the logs say?
Both posted at same time lol...
-
What logs? I can't connect unless I go hookup a keyboard & monitor.
-
@FATeknollogee said in KVM host: refusing connection on ports 22 & 9090:
What logs? I can't connect unless I go hookup a keyboard & monitor.
Right - that's why I asked about iDRAC or iLo.
-
@FATeknollogee Might be a pain in the ass but if you have no other way of connecting?
-
-
The Inotify errors are to do with file system. you want ssh logs. /var/log/auth.log
-
@StuartJordan no such /var/log/auth
I do have /var/log/secure -
@FATeknollogee Sorry I'm used to Debian based distro, yep that sounds right if using fedora. you can also check with journal command:
journalctl -r /usr/sbin/sshd
-
Do you have fail2Ban set up on your KVM host?
-
@black3dynamite said in KVM host: refusing connection on ports 22 & 9090:
Do you have fail2Ban set up on your KVM host?
No
-
Looking through the logs, nothing looks out of place.
-
@FATeknollogee said in KVM host: refusing connection on ports 22 & 9090:
@black3dynamite said in KVM host: refusing connection on ports 22 & 9090:
Do you have fail2Ban set up on your KVM host?
No
You definitely want that.
-
@scottalanmiller said in KVM host: refusing connection on ports 22 & 9090:
@FATeknollogee said in KVM host: refusing connection on ports 22 & 9090:
@black3dynamite said in KVM host: refusing connection on ports 22 & 9090:
Do you have fail2Ban set up on your KVM host?
No
You definitely want that.
For what? If ssh is only strong cert auth that leaves 9090 for Cockpit. Is there a good 9090 config for failtoban?
-
The box is behind a firewall & port 22 is only open to a specific IP.
-
@Obsolesce said in KVM host: refusing connection on ports 22 & 9090:
For what?
Security. Otherwise you leave yourself open to brute force attacks. Or even just brute force attempts. Still uses your bandwidth.
-
@Obsolesce said in KVM host: refusing connection on ports 22 & 9090:
that leaves 9090 for Cockpit.
This is true, but automated attacks against Cockpit are way, way more rare. It's a fraction of the attack surface out of the gate.
-
Still looking for a fix!!
-
Does anyone use Door Knocking anymore?
-
Is it just these ports? is anything else dropping at the same time that your are unaware of on this host? have you tried accessing the host using putty on another machine?
