i banned myself from my remote ssh-server...i need an idea to fix it :)
Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
i banned myself from my remote ssh-server...i need an idea to fix it :)
I connect to my remote machine with ssh. One day i worked on it i saw (with 'tail -f' in the logs), that somebody is trying to brute-force into the machine.
ok, i thought, nothing can happen. you have a good password.
nevertheless i changed the original port from 22 and turned root login off. before i did that on my remote machine, i tried it locally. on the local machine is everything fine.
but since then i cannot login to the remote machine.
i have a firewall on that machine. it is a SUSE machine.
in yast you can choose which service should not be firewalled. sshd was open, before i changed the port. i dont know much about firewalls, but shouldnt the SUSE firewall update automatically?
Well, since you say you use ssh, I'd assume that means you disabled telnet and the "r" commands (rsh, rcp, etc.). But maybe that's a bad assumption and you could still get in that way... (...and if so, you need to review you system security!)
yes. i try it like that 'ssh x.x.x.x -p 245' then it says
'ssh: connect to host x.x.x.x port 245: Connection timed out'
This is a passive response. e.g., the packet was dropped (no reply was sent back to you).
Quote:
Originally Posted by shegman
and on the default port 22 it says, like expected
'ssh: connect to host x.x.x.x port 22: Connection refused'
This is an active response. You got through to your server, but it replied back to you "Sorry, this port is closed or no service is running there".
The passive response could be caused by your firewall rules that say DROP instead of REJECT. Or it could be caused because your server is behind a router and that router is set up to port forward port 22 but not port 245. Or your ISP may be blocking traffic on port 245. That port is normally assigned to something called "link". I have no idea what that service is or if an ISP might be inclined to block it.
If the problem is your router, can you login to the router from the WAN side and add a port forwarding rule? If the problem is your firewall dropping traffic on port 245 you're probably in for some real headaches. Its doing exactly what its supposed to.
Did you set up your sshd alternate port in your system config files? (i.e., will it persist past a system reboot?) If you set it up for the current boot session only, you could try researching cracker websites and attempt to crash your remote computer via some exploit (if you have it setup to automatically reboot after a crash). This would be pretty drastic!
You aren't running your webserver as root, are you? That would be a horrible security breach, but could be your ticket into your locked system. Fix this hole ASAP after getting back in if this is the case with your server....
[edit]
Upon further reflection, I deleted the suggestion that I had put here. A simple, older, and widely known way to compromise an insecure webserver running as userid root. Not an appropriate thing to post however. My apologies for my lack of forethought.
[/edit]
...And hopefully you're not running things like webservers as userid root in the first place! But you sound desperate so I'm suggesting desperate things.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.