Contenu | Rechercher | Menus

Annonce

Si vous avez des soucis pour rester connecté, déconnectez-vous puis reconnectez-vous depuis ce lien en cochant la case
Me connecter automatiquement lors de mes prochaines visites.

À propos de l'équipe du forum.

Pages : 1

#1 Le 15/10/2023, à 15:49

kewan

ssh connection refused et n'autorise pas la connexion de mon url

Bonjour tout le forum.

Après avoir fait des essais de lancements de scripts au démarrage de mon serveur (avec init.d et systemd), j'ai perdu la connexion ssh avec putty et impossible d'accéder à mon url d'index.

connexion refused pour putty et Ce site est inaccessible192.168.1.99 n'autorise pas la connexion pour le navigateur.

J'ai lancé quelques commandes pour tenter de résoudre mon problème :


systemctl status ssh

● ssh.service - OpenBSD Secure Shell server
     Loaded: loaded (/lib/systemd/system/ssh.service; enabled; vendor preset: enabled)
     Active: active (running) since Sun 2023-10-15 13:27:44 CEST; 4min 7s ago
       Docs: man:sshd(8)
             man:sshd_config(5)
    Process: 809 ExecStartPre=/usr/sbin/sshd -t (code=exited, status=0/SUCCESS)
   Main PID: 860 (sshd)
      Tasks: 1 (limit: 9261)
     Memory: 4.3M
        CPU: 62ms
     CGroup: /system.slice/ssh.service
             └─860 "sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups"

oct. 15 13:27:43 serveuratelier systemd[1]: Starting OpenBSD Secure Shell server...
oct. 15 13:27:44 serveuratelier sshd[860]: Server listening on 0.0.0.0 port 22.
oct. 15 13:27:44 serveuratelier sshd[860]: Server listening on :: port 22.
oct. 15 13:27:44 serveuratelier systemd[1]: Started OpenBSD Secure Shell server.

cat /var/log/auth.log

Oct 15 13:24:34 serveuratelier systemd-logind[812]: New session 1 of user root.
Oct 15 13:24:34 serveuratelier systemd: pam_unix(systemd-user:session): session opened for user root(uid=0) by (uid=0)
Oct 15 13:24:35 serveuratelier login[1220]: ROOT LOGIN  on '/dev/tty1'
Oct 15 13:27:44 serveuratelier systemd-logind[810]: New seat seat0.
Oct 15 13:27:44 serveuratelier systemd-logind[810]: Watching system buttons on /dev/input/event2 (Power Button)
Oct 15 13:27:44 serveuratelier systemd-logind[810]: Watching system buttons on /dev/input/event1 (Power Button)
Oct 15 13:27:44 serveuratelier systemd-logind[810]: Watching system buttons on /dev/input/event0 (Sleep Button)
Oct 15 13:27:44 serveuratelier systemd-logind[810]: Watching system buttons on /dev/input/event4 (Corsair Corsair Gaming K68 Keyboard)
Oct 15 13:27:44 serveuratelier sshd[860]: Server listening on 0.0.0.0 port 22.
Oct 15 13:27:44 serveuratelier sshd[860]: Server listening on :: port 22.
Oct 15 13:28:04 serveuratelier login[1050]: pam_unix(login:session): session opened for user root(uid=0) by LOGIN(uid=0)
Oct 15 13:28:04 serveuratelier systemd-logind[810]: New session 1 of user root.
Oct 15 13:28:04 serveuratelier systemd: pam_unix(systemd-user:session): session opened for user root(uid=0) by (uid=0)
Oct 15 13:28:04 serveuratelier login[1191]: ROOT LOGIN  on '/dev/tty1'
Oct 15 13:31:04 serveuratelier systemd-logind[810]: Watching system buttons on /dev/input/event4 (Corsair Corsair Gaming K68 Keyboard)
Oct 15 13:39:01 serveuratelier CRON[1443]: pam_unix(cron:session): session opened for user root(uid=0) by (uid=0)
Oct 15 13:39:01 serveuratelier CRON[1443]: pam_unix(cron:session): session closed for user root

netstat -plntu | grep ssh

tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      860/sshd: /usr/sbin 
tcp6       0      0 :::22                   :::*                    LISTEN      860/sshd: /usr/sbin

ufw allow ssh

Skipping adding existing rule
Skipping adding existing rule (v6)


ufw status

Status: active

To                         Action      From
--                         ------      ----
Apache                     ALLOW       Anywhere                  
OpenSSH                    ALLOW       Anywhere                  
22                         ALLOW       Anywhere                  
22/tcp                     ALLOW       Anywhere                  
Apache (v6)                ALLOW       Anywhere (v6)             
OpenSSH (v6)               ALLOW       Anywhere (v6)             
22 (v6)                    ALLOW       Anywhere (v6)             
22/tcp (v6)                ALLOW       Anywhere (v6)

ufw status

 [ - ]  apache-htcacheclean
 [ + ]  apache2
 [ + ]  apparmor
 [ + ]  apport
 [ - ]  console-setup.sh
 [ + ]  cron
 [ - ]  cryptdisks
 [ - ]  cryptdisks-early
 [ + ]  dbus
 [ - ]  grub-common
 [ - ]  hwclock.sh
 [ - ]  initialiser_bash_history.sh
 [ + ]  irqbalance
 [ - ]  iscsid
 [ - ]  keyboard-setup.sh
 [ + ]  kmod
 [ - ]  lvm2
 [ - ]  lvm2-lvmpolld
 [ + ]  multipath-tools
 [ + ]  mysql
 [ - ]  open-iscsi
 [ - ]  open-vm-tools
 [ + ]  plymouth
 [ + ]  plymouth-log
 [ + ]  procps
 [ - ]  rsync
 [ - ]  screen-cleanup
 [ + ]  ssh
 [ + ]  udev
 [ + ]  ufw
 [ + ]  unattended-upgrades
 [ - ]  uuidd


la config ssh : nano /etc/ssh/sshd_config

# This is the sshd server system-wide configuration file.  See
# sshd_config(5) for more information.

# This sshd was compiled with PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games

# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented.  Uncommented options override the
# default value.

Include /etc/ssh/sshd_config.d/*.conf

#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::

#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_ecdsa_key
#HostKey /etc/ssh/ssh_host_ed25519_key

# Ciphers and keying
#RekeyLimit default none

# Logging
#SyslogFacility AUTH
#LogLevel INFO

# Authentication:

#LoginGraceTime 2m
PermitRootLogin yes
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10

#PubkeyAuthentication yes

# Expect .ssh/authorized_keys2 to be disregarded by default in future.
#AuthorizedKeysFile	.ssh/authorized_keys .ssh/authorized_keys2

#AuthorizedPrincipalsFile none

#AuthorizedKeysCommand none
#AuthorizedKeysCommandUser nobody

# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes

# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no

# Change to yes to enable challenge-response passwords (beware issues with
# some PAM modules and threads)
KbdInteractiveAuthentication no

# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no

# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes
#GSSAPIStrictAcceptorCheck yes
#GSSAPIKeyExchange no

# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the KbdInteractiveAuthentication and
# PasswordAuthentication.  Depending on your PAM configuration,
# PAM authentication via KbdInteractiveAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and KbdInteractiveAuthentication to 'no'.
UsePAM yes

#AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PermitTTY yes
PrintMotd no
#PrintLastLog yes
#TCPKeepAlive yes
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS no
#PidFile /run/sshd.pid
#MaxStartups 10:30:100
#PermitTunnel no
#ChrootDirectory none
#VersionAddendum none

# no default banner path
#Banner none

# Allow client to pass locale environment variables
AcceptEnv LANG LC_*

# override default of no subsystems
Subsystem	sftp	/usr/lib/openssh/sftp-server

# Example of overriding settings on a per-user basis
#Match User anoncvs
#	X11Forwarding no
#	AllowTcpForwarding no
#	PermitTTY no
#	ForceCommand cvs server

nano /etc/netplan/00-installer-config.yaml

# This is the network config written by 'subiquity'
network:
 version: 2
 ethernets:
    enp2s0:
      dhcp4: false
      addresses: [192.168.1.99/24]
      nameservers:
       addresses: [109.0.66.10, 109.0.66.20]
      routes:
        - to: default
          via: 192.168.1.1

merci pour votre aide

Dernière modification par kewan (Le 15/10/2023, à 17:59)

Hors ligne

#2 Le 15/10/2023, à 18:09

kewan

Re : ssh connection refused et n'autorise pas la connexion de mon url

Ca fonctionne avec mon smartphone en wifi, je me connecte correctement à l'url de mon site 192.168.1.99/index.html

Hors ligne

#3 Le 22/10/2023, à 17:23

kewan

Re : ssh connection refused et n'autorise pas la connexion de mon url

Bonjour,

en faisant des essais pour débannir une adresse IP, j'ai installé fail2ban, visiblement ça a suffit à régler mon problème.

apt-get update
apt-get install fail2ban
fail2ban-client status renvoie 928 fail2ban                [2625]: ERROR   Failed to access socket path: /var/run/fail2ban/fail2ban.sock. Is fail2ban running?
fail2ban-client reload renvoie 934 fail2ban                [2652]: ERROR   Could not find server

Je n'ai rien configuré, juste ces 4 lignes de commande. Est-ce que c'est dû à l'installation de fail2ban, parce que mon adresse IP a peut-être changé, la durée du ban est expirée pour mon ip ?

source :
https://www.it-connect.fr/premiers-pas-avec-fail2ban/
https://www.malekal.com/fail2ban-commen … dresse-ip/

Hors ligne

Pages : 1