[SOLVED] ssh_exchange_identification connection reset by peer
Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Introduction to Linux - A Hands on Guide
This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started guide, with exercises at the end of each chapter.
For more advanced trainees it can be a desktop reference, and a collection of the base knowledge needed to proceed with system and network administration. This book contains many real life examples derived from the author's experience as a Linux system and network administrator, trainer and consultant. They hope these examples will help you to get a better understanding of the Linux system and that you feel encouraged to try out things on your own.
Click Here to receive this Complete Guide absolutely free.
You might need to check the contents of /etc/hosts.{deny,allow} and make sure that none of your IPs are blacklisted there. Also, check the contents of ~/.ssh/config just in case you have any custom configs there (ie ssh keys)
The ~/.ssh/config file on your server account might have important info, so I second the suggestion. So would grabbing a copy of the sshd configuration file, which should be in /etc/ssh/sshd_config unless you've changed it. As for the logs, the names depend somewhat on your distro. Which distro do you have on the server and which one on the laptop? You'll want the authentication logs and the system logs for sure. If they fit, grab everything in /var/log/ so you can look around.
Though new versions of OpenSSH ignore tcpd completely and rely on iptables instead. But along those lines, checking the firewall rules would be a good idea.
# $OpenBSD: sshd_config,v 1.80 2008/07/02 02:24:18 djm Exp $
# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.
# This sshd was compiled with PATH=/usr/local/bin:/bin:/usr/bin
# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options change a
# default value.
#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::
# Disable legacy (protocol version 1) support in the server for new
# installations. In future the default will change to require explicit
# activation of protocol 1
Protocol 2
# HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key
# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 1h
#ServerKeyBits 1024
# Logging
# obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH
SyslogFacility AUTHPRIV
#LogLevel INFO
# Authentication:
#LoginGraceTime 2m
PermitRootLogin yes
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10
#RSAAuthentication yes
#PubkeyAuthentication yes
#AuthorizedKeysFile .ssh/authorized_keys
#AuthorizedKeysCommand none
#AuthorizedKeysCommandRunAs nobody
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no
# similar for protocol version 2
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes
# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no
PasswordAuthentication yes
# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes
ChallengeResponseAuthentication no
# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no
#KerberosUseKuserok yes
# GSSAPI options
#GSSAPIAuthentication no
GSSAPIAuthentication yes
#GSSAPICleanupCredentials yes
GSSAPICleanupCredentials yes
#GSSAPIStrictAcceptorCheck yes
#GSSAPIKeyExchange no
# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication. Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
#UsePAM no
UsePAM yes
# Accept locale-related environment variables
AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
AcceptEnv XMODIFIERS
#AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
#X11Forwarding no
X11Forwarding yes
#X11DisplayOffset 10
X11UseLocalhost yes
#PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
#UsePrivilegeSeparation yes
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#ShowPatchLevel no
#UseDNS yes
#PidFile /var/run/sshd.pid
#MaxStartups 10:30:100
#PermitTunnel no
#ChrootDirectory none
# no default banner path
#Banner none
# override default of no subsystems
Subsystem sftp /usr/libexec/openssh/sftp-server
# Example of overriding settings on a per-user basis
#Match User anoncvs
# X11Forwarding no
# AllowTcpForwarding no
# ForceCommand cvs server
this is what i have in my hosts.deny file (this was recommended by a linux expert to protect from unknown hackers)
Code:
#
# hosts.deny This file contains access rules which are used to
# deny connections to network services that either use
# the tcp_wrappers library or that have been
# started through a tcp_wrappers-enabled xinetd.
#
# The rules in this file can also be set up in
# /etc/hosts.allow with a 'deny' option instead.
#
# See 'man 5 hosts_options' and 'man 5 hosts_access'
# for information on rule syntax.
# See 'man tcpd' for information on tcp_wrappers
#
sshd: .cn, .cn.net, .cn.com, .jp, .jp.com, .pl, .com, .ar, .tw
sshd: UNKNOWN
Ok, you're running CentOS 6.5 which is good until November 2020. Running CentOS 6.5 means that you've got a very old version of OpenSSH, but that it will support tcpd. Really, with the advent of "ipchains", and later "iptables", "tpcd" became mostly irrelevant. According to the configuration you posted for "tcpd" you are using the most basic features and those are better done with the firewall. That would be "iptables" or whatever CentOS 6 has for a front-end for "iptables". With SSH you have a reasonable lock on the front door, but the back porch is open except for an unlatched screen door (FTP).
But back to SSH, your login failures should be showing up in /var/log/secure
What does that log say when you try to connect but fail?
Ok, you're running CentOS 6.5 which is good until November 2020. Running CentOS 6.5 means that you've got a very old version of OpenSSH, but that it will support tcpd. Really, with the advent of "ipchains", and later "iptables", "tpcd" became mostly irrelevant. According to the configuration you posted for "tcpd" you are using the most basic features and those are better done with the firewall. That would be "iptables" or whatever CentOS 6 has for a front-end for "iptables". With SSH you have a reasonable lock on the front door, but the back porch is open except for an unlatched screen door (FTP).
But back to SSH, your login failures should be showing up in /var/log/secure
What does that log say when you try to connect but fail?
Hi Turbo
Is it worth updatin the Centos system itself?
Would it cause any problems for my website running backend DB as mysql?
/var/log/secure got this:
Code:
Oct 11 17:17:34 www sshd[20187]: warning: /etc/hosts.allow, line 10: missing newline or line too long
Oct 11 17:17:34 www sshd[20187]: refused connect from host109-148-103-166.range109-148.btcentralplus.com (109.148.103.166)
Oct 11 17:18:07 www sshd[20203]: warning: /etc/hosts.allow, line 10: missing newline or line too long
Oct 11 17:18:07 www sshd[20203]: refused connect from host109-148-103-166.range109-148.btcentralplus.com (109.148.103.166)
Oct 11 17:18:34 www sshd[20206]: warning: /etc/hosts.allow, line 10: missing newline or line too long
Oct 11 17:18:34 www sshd[20206]: refused connect from host109-148-103-166.range109-148.btcentralplus.com (109.148.103.166)
Oct 11 17:18:49 www sshd[20209]: warning: /etc/hosts.allow, line 10: missing newline or line too long
Oct 11 17:18:49 www sshd[20209]: refused connect from host109-148-103-166.range109-148.btcentralplus.com (109.148.103.166)
Oct 11 17:20:27 www sshd[20291]: warning: /etc/hosts.allow, line 10: missing newline or line too long
Oct 11 17:20:27 www sshd[20291]: refused connect from host109-148-103-166.range109-148.btcentralplus.com (109.148.103.166)
Oct 11 17:22:41 www sshd[20332]: warning: /etc/hosts.allow, line 10: missing newline or line too long
Oct 11 17:22:41 www sshd[20332]: refused connect from host109-148-103-166.range109-148.btcentralplus.com (109.148.103.166)
Oct 11 17:24:08 www sshd[20371]: warning: /etc/hosts.allow, line 10: missing newline or line too long
Oct 11 17:24:08 www sshd[20371]: refused connect from host109-148-103-166.range109-148.btcentralplus.com (109.148.103.166)
Oct 11 17:30:40 www sshd[20586]: warning: /etc/hosts.allow, line 10: missing newline or line too long
Oct 11 17:30:40 www sshd[20586]: warning: /etc/hosts.deny, line 14: missing newline or line too long
Oct 11 17:30:41 www sshd[20586]: Invalid user liam from 50.201.67.38
Oct 11 17:30:41 www sshd[20587]: input_userauth_request: invalid user liam
Oct 11 17:30:41 www sshd[20586]: pam_unix(sshd:auth): check pass; user unknown
Oct 11 17:30:41 www sshd[20586]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50-201-67-38-static.hfc.comcastbusiness.net
Oct 11 17:30:41 www sshd[20586]: pam_succeed_if(sshd:auth): error retrieving information about user liam
Oct 11 17:30:43 www sshd[20586]: Failed password for invalid user liam from 50.201.67.38 port 19697 ssh2
Oct 11 17:30:43 www sshd[20586]: pam_unix(sshd:auth): check pass; user unknown
Oct 11 17:30:43 www sshd[20586]: pam_succeed_if(sshd:auth): error retrieving information about user liam
Oct 11 17:30:45 www sshd[20586]: Failed password for invalid user liam from 50.201.67.38 port 19697 ssh2
Oct 11 17:30:45 www sshd[20586]: pam_unix(sshd:auth): check pass; user unknown
Oct 11 17:30:45 www sshd[20586]: pam_succeed_if(sshd:auth): error retrieving information about user liam
Oct 11 17:30:47 www sshd[20589]: warning: /etc/hosts.allow, line 10: missing newline or line too long
Oct 11 17:30:47 www sshd[20589]: refused connect from host109-148-103-166.range109-148.btcentralplus.com (109.148.103.166)
Oct 11 17:30:47 www sshd[20586]: Failed password for invalid user liam from 50.201.67.38 port 19697 ssh2
Oct 11 17:30:47 www sshd[20587]: Connection closed by 50.201.67.38
Oct 11 17:30:47 www sshd[20586]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=50-201-67-38-static.hfc.comcastbusiness.net
Oct 11 17:43:07 www sshd[10291]: pam_unix(sshd:session): session closed for user root
Oct 11 17:45:44 www sshd[21116]: warning: /etc/hosts.allow, line 10: missing newline or line too long
Oct 11 17:45:44 www sshd[21116]: warning: /etc/hosts.deny, line 14: missing newline or line too long
Oct 11 17:45:46 www sshd[21116]: Invalid user james from 65.242.43.109
Oct 11 17:45:46 www sshd[21117]: input_userauth_request: invalid user james
Oct 11 17:45:46 www sshd[21116]: pam_unix(sshd:auth): check pass; user unknown
Oct 11 17:45:46 www sshd[21116]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=65.242.43.109
Oct 11 17:45:46 www sshd[21116]: pam_succeed_if(sshd:auth): error retrieving information about user james
Oct 11 17:45:47 www sshd[21116]: Failed password for invalid user james from 65.242.43.109 port 38408 ssh2
Oct 11 17:45:48 www sshd[21116]: pam_unix(sshd:auth): check pass; user unknown
Oct 11 17:45:48 www sshd[21116]: pam_succeed_if(sshd:auth): error retrieving information about user james
Oct 11 17:45:49 www sshd[21116]: Failed password for invalid user james from 65.242.43.109 port 38408 ssh2
Oct 11 17:45:50 www sshd[21116]: pam_unix(sshd:auth): check pass; user unknown
Oct 11 17:45:50 www sshd[21116]: pam_succeed_if(sshd:auth): error retrieving information about user james
Oct 11 17:45:52 www sshd[21116]: Failed password for invalid user james from 65.242.43.109 port 38408 ssh2
Oct 11 17:45:52 www sshd[21117]: Connection closed by 65.242.43.109
Oct 11 17:45:52 www sshd[21116]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=65.242.43.109
Oct 11 17:46:27 www sshd[21135]: warning: /etc/hosts.allow, line 10: missing newline or line too long
Oct 11 17:46:27 www sshd[21135]: warning: /etc/hosts.deny, line 14: host name/address mismatch: 89.107.124.244 != nisipp3.canmos.ru
Oct 11 17:46:27 www sshd[21135]: warning: /etc/hosts.deny, line 14: missing newline or line too long
Oct 11 17:46:27 www sshd[21135]: Did not receive identification string from 89.107.124.244
Oct 11 17:46:27 www sshd[21136]: warning: /etc/hosts.allow, line 10: missing newline or line too long
Oct 11 17:46:27 www sshd[21136]: warning: /etc/hosts.deny, line 14: host name/address mismatch: 89.107.124.244 != nisipp3.canmos.ru
Oct 11 17:46:27 www sshd[21136]: warning: /etc/hosts.deny, line 14: missing newline or line too long
Oct 11 17:46:30 www sshd[21136]: Address 89.107.124.244 maps to nisipp3.canmos.ru, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT!
Oct 11 17:46:30 www sshd[21136]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.107.124.244 user=root
Oct 11 17:46:32 www sshd[21136]: Failed password for root from 89.107.124.244 port 59373 ssh2
Oct 11 17:46:32 www sshd[21137]: Received disconnect from 89.107.124.244: 11: Bye Bye
Oct 11 18:16:29 www sshd[21942]: warning: /etc/hosts.allow, line 10: missing newline or line too long
Oct 11 18:16:29 www sshd[21942]: warning: /etc/hosts.deny, line 14: missing newline or line too long
Oct 11 18:16:29 www sshd[21942]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=163-172-16-102.rev.poneytelecom.eu user=root
Oct 11 18:16:31 www sshd[21942]: Failed password for root from 163.172.16.102 port 37657 ssh2
Oct 11 18:16:31 www sshd[21943]: Received disconnect from 163.172.16.102: 11: Bye Bye
Oct 11 18:16:31 www sshd[21944]: warning: /etc/hosts.allow, line 10: missing newline or line too long
Oct 11 18:16:31 www sshd[21944]: warning: /etc/hosts.deny, line 14: missing newline or line too long
Oct 11 18:16:32 www sshd[21944]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=163-172-16-102.rev.poneytelecom.eu user=root
Oct 11 18:16:33 www sshd[21944]: Failed password for root from 163.172.16.102 port 51357 ssh2
Oct 11 18:16:33 www sshd[21945]: Received disconnect from 163.172.16.102: 11: Bye Bye
Oct 11 18:16:33 www sshd[21946]: warning: /etc/hosts.allow, line 10: missing newline or line too long
Oct 11 18:16:33 www sshd[21946]: warning: /etc/hosts.deny, line 14: missing newline or line too long
Oct 11 18:16:33 www sshd[21946]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=163-172-16-102.rev.poneytelecom.eu user=root
Oct 11 18:16:35 www sshd[21946]: Failed password for root from 163.172.16.102 port 33535 ssh2
Oct 11 18:16:35 www sshd[21947]: Received disconnect from 163.172.16.102: 11: Bye Bye
Oct 11 18:16:35 www sshd[21948]: warning: /etc/hosts.allow, line 10: missing newline or line too long
Oct 11 18:16:35 www sshd[21948]: warning: /etc/hosts.deny, line 14: missing newline or line too long
Oct 11 18:16:35 www sshd[21948]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=163-172-16-102.rev.poneytelecom.eu user=root
Oct 11 18:16:37 www sshd[21948]: Failed password for root from 163.172.16.102 port 45033 ssh2
Oct 11 18:16:37 www sshd[21949]: Received disconnect from 163.172.16.102: 11: Bye Bye
Oct 11 18:16:37 www sshd[21950]: warning: /etc/hosts.allow, line 10: missing newline or line too long
Oct 11 18:16:37 www sshd[21950]: warning: /etc/hosts.deny, line 14: missing newline or line too long
Oct 11 18:16:38 www sshd[21950]: Invalid user pi from 163.172.16.102
Oct 11 18:16:38 www sshd[21951]: input_userauth_request: invalid user pi
Oct 11 18:16:38 www sshd[21950]: pam_unix(sshd:auth): check pass; user unknown
Oct 11 18:16:38 www sshd[21950]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=163-172-16-102.rev.poneytelecom.eu
Oct 11 18:16:38 www sshd[21950]: pam_succeed_if(sshd:auth): error retrieving information about user pi
Oct 11 18:16:39 www sshd[21950]: Failed password for invalid user pi from 163.172.16.102 port 57511 ssh2
Oct 11 18:16:39 www sshd[21951]: Received disconnect from 163.172.16.102: 11: Bye Bye
Oct 11 18:19:10 www sshd[22018]: warning: /etc/hosts.allow, line 10: missing newline or line too long
Oct 11 18:19:10 www sshd[22018]: refused connect from host86-161-198-208.range86-161.btcentralplus.com (xxx.xxx.xx.xx)
Oct 11 18:19:40 www sshd[22021]: warning: /etc/hosts.allow, line 10: missing newline or line too long
Oct 11 18:19:40 www sshd[22021]: refused connect from host86-161-198-208.range86-161.btcentralplus.com (xxx.xxx.xx.xx)
Oct 11 18:21:09 www sshd[22103]: warning: /etc/hosts.allow, line 10: missing newline or line too long
Oct 11 18:21:09 www sshd[22103]: warning: /etc/hosts.deny, line 14: missing newline or line too long
Oct 11 18:21:10 www sshd[22103]: Invalid user help from 50.201.67.38
Oct 11 18:21:10 www sshd[22104]: input_userauth_request: invalid user help
Oct 11 18:21:10 www sshd[22103]: pam_unix(sshd:auth): check pass; user unknown
Oct 11 18:21:10 www sshd[22103]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50-201-67-38-static.hfc.comcastbusiness.net
Oct 11 18:21:10 www sshd[22103]: pam_succeed_if(sshd:auth): error retrieving information about user help
Oct 11 18:21:12 www sshd[22103]: Failed password for invalid user help from 50.201.67.38 port 1777 ssh2
Oct 11 18:21:12 www sshd[22103]: pam_unix(sshd:auth): check pass; user unknown
Oct 11 18:21:12 www sshd[22103]: pam_succeed_if(sshd:auth): error retrieving information about user help
Oct 11 18:21:14 www sshd[22103]: Failed password for invalid user help from 50.201.67.38 port 1777 ssh2
Oct 11 18:21:14 www sshd[22103]: pam_unix(sshd:auth): check pass; user unknown
Oct 11 18:21:14 www sshd[22103]: pam_succeed_if(sshd:auth): error retrieving information about user help
Oct 11 18:21:15 www sshd[22103]: Failed password for invalid user help from 50.201.67.38 port 1777 ssh2
Oct 11 18:21:15 www sshd[22104]: Connection closed by 50.201.67.38
Oct 11 18:21:15 www sshd[22103]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=50-201-67-38-static.hfc.comcastbusiness.net
Oct 11 18:29:34 www sshd[22288]: warning: /etc/hosts.allow, line 10: missing newline or line too long
Oct 11 18:29:34 www sshd[22288]: refused connect from host86-161-198-208.range86-161.btcentralplus.com (xxx.xxx.xx.xx)
Oct 11 18:29:42 www sshd[22289]: warning: /etc/hosts.allow, line 10: missing newline or line too long
Oct 11 18:29:42 www sshd[22289]: refused connect from host86-161-198-208.range86-161.btcentralplus.com (xxx.xxx.xx.xx)
Oct 11 18:34:09 www sshd[22429]: warning: /etc/hosts.allow, line 10: missing newline or line too long
Oct 11 18:34:09 www sshd[22429]: refused connect from host86-161-198-208.range86-161.btcentralplus.com (xxx.xxx.xx.xx)
Oct 11 18:37:34 www sshd[22525]: warning: /etc/hosts.allow, line 10: missing newline or line too long
Oct 11 18:37:34 www sshd[22525]: warning: /etc/hosts.deny, line 14: missing newline or line too long
Oct 11 18:37:35 www sshd[22525]: Invalid user odoo from 65.242.43.109
Oct 11 18:37:35 www sshd[22526]: input_userauth_request: invalid user odoo
Oct 11 18:37:35 www sshd[22525]: pam_unix(sshd:auth): check pass; user unknown
Oct 11 18:37:35 www sshd[22525]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=65.242.43.109
Oct 11 18:37:35 www sshd[22525]: pam_succeed_if(sshd:auth): error retrieving information about user odoo
Oct 11 18:37:37 www sshd[22525]: Failed password for invalid user odoo from 65.242.43.109 port 38408 ssh2
Oct 11 18:37:37 www sshd[22525]: pam_unix(sshd:auth): check pass; user unknown
Oct 11 18:37:37 www sshd[22525]: pam_succeed_if(sshd:auth): error retrieving information about user odoo
Oct 11 18:37:39 www sshd[22525]: Failed password for invalid user odoo from 65.242.43.109 port 38408 ssh2
Oct 11 18:37:39 www sshd[22525]: pam_unix(sshd:auth): check pass; user unknown
Oct 11 18:37:39 www sshd[22525]: pam_succeed_if(sshd:auth): error retrieving information about user odoo
Oct 11 18:37:41 www sshd[22525]: Failed password for invalid user odoo from 65.242.43.109 port 38408 ssh2
Oct 11 18:37:41 www sshd[22526]: Connection closed by 65.242.43.109
Oct 11 18:37:41 www sshd[22525]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=65.242.43.109
Oct 11 18:57:18 www sshd[23047]: warning: /etc/hosts.allow, line 10: missing newline or line too long
Oct 11 18:57:18 www sshd[23047]: refused connect from host86-161-198-208.range86-161.btcentralplus.com (xxx.xxx.xx.xx)
Oct 11 18:58:12 www sshd[23064]: warning: /etc/hosts.allow, line 10: missing newline or line too long
Oct 11 18:58:12 www sshd[23064]: warning: /etc/hosts.deny, line 14: host name/address mismatch: 222.138.139.252 != hn.kd.ny.adsl
Oct 11 18:58:12 www sshd[23064]: warning: /etc/hosts.deny, line 14: missing newline or line too long
Oct 11 18:58:14 www sshd[23064]: Address 222.138.139.252 maps to hn.kd.ny.adsl, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT!
Oct 11 18:58:14 www sshd[23064]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.138.139.252 user=root
Oct 11 18:58:15 www sshd[23064]: Failed password for root from 222.138.139.252 port 54792 ssh2
Oct 11 18:58:16 www sshd[23066]: warning: /etc/hosts.allow, line 10: missing newline or line too long
Oct 11 18:58:16 www sshd[23066]: refused connect from host86-161-198-208.range86-161.btcentralplus.com (xxx.xxx.xx.xx)
Oct 11 18:58:17 www sshd[23064]: Failed password for root from 222.138.139.252 port 54792 ssh2
Oct 11 18:58:19 www sshd[23064]: Failed password for root from 222.138.139.252 port 54792 ssh2
Oct 11 18:58:19 www sshd[23065]: Connection closed by 222.138.139.252
Oct 11 18:58:19 www sshd[23064]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.138.139.252 user=root
Oct 11 18:59:15 www sshd[23086]: warning: /etc/hosts.allow, line 10: missing newline or line too long
Oct 11 18:59:15 www sshd[23086]: warning: /etc/hosts.deny, line 14: missing newline or line too long
Oct 11 18:59:15 www sshd[23086]: Invalid user test1 from 46.32.53.44
You have errors in your "tcpd" configuration, both in /etc/hosts.allow and /etc/hosts.deny Do you see them there in the log?
I'd make copies of both files and then clear them and see if you can log in after that. Then if you need to block, use the firewall aka "iptables".
CentOS 6 is fine. They do security updates and patch things until November 2020. If you remember to apply them is another matter. There is some new functionality in more recent versions of OpenSSH, but that's not important. There are some improvements with removing old, insecure encryption though so you might check the patch history to see what was done by the CentOS team. But if you have FTP on your machine, your submarine already has a screen door.
You have errors in your "tcpd" configuration, both in /etc/hosts.allow and /etc/hosts.deny Do you see them there in the log?
I'd make copies of both files and then clear them and see if you can log in after that. Then if you need to block, use the firewall aka "iptables".
CentOS 6 is fine. They do security updates and patch things until November 2020. If you remember to apply them is another matter. There is some new functionality in more recent versions of OpenSSH, but that's not important. There are some improvements with removing old, insecure encryption though so you might check the patch history to see what was done by the CentOS team. But if you have FTP on your machine, your submarine already has a screen door.
Thanks Turbo.
Do I update security updates via "yum update" command? how do I disallow FTP? any option?
If you are the only user of FTP, then you can just uninstall it. If you have other users or have scripts that are unfortunate enough to use it, then it requires transition to SFTP first.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
rinting-4.0-amd64
