#1 Le 15/10/2023, à 14:49
- kewan
ssh connection refused et n'autorise pas la connexion de mon url
Bonjour tout le forum.
Après avoir fait des essais de lancements de scripts au démarrage de mon serveur (avec init.d et systemd), j'ai perdu la connexion ssh avec putty et impossible d'accéder à mon url d'index.
connexion refused pour putty et Ce site est inaccessible192.168.1.99 n'autorise pas la connexion pour le navigateur.
J'ai lancé quelques commandes pour tenter de résoudre mon problème :
systemctl status ssh
● ssh.service - OpenBSD Secure Shell server
Loaded: loaded (/lib/systemd/system/ssh.service; enabled; vendor preset: enabled)
Active: active (running) since Sun 2023-10-15 13:27:44 CEST; 4min 7s ago
Docs: man:sshd(8)
man:sshd_config(5)
Process: 809 ExecStartPre=/usr/sbin/sshd -t (code=exited, status=0/SUCCESS)
Main PID: 860 (sshd)
Tasks: 1 (limit: 9261)
Memory: 4.3M
CPU: 62ms
CGroup: /system.slice/ssh.service
└─860 "sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups"
oct. 15 13:27:43 serveuratelier systemd[1]: Starting OpenBSD Secure Shell server...
oct. 15 13:27:44 serveuratelier sshd[860]: Server listening on 0.0.0.0 port 22.
oct. 15 13:27:44 serveuratelier sshd[860]: Server listening on :: port 22.
oct. 15 13:27:44 serveuratelier systemd[1]: Started OpenBSD Secure Shell server.
cat /var/log/auth.log
Oct 15 13:24:34 serveuratelier systemd-logind[812]: New session 1 of user root.
Oct 15 13:24:34 serveuratelier systemd: pam_unix(systemd-user:session): session opened for user root(uid=0) by (uid=0)
Oct 15 13:24:35 serveuratelier login[1220]: ROOT LOGIN on '/dev/tty1'
Oct 15 13:27:44 serveuratelier systemd-logind[810]: New seat seat0.
Oct 15 13:27:44 serveuratelier systemd-logind[810]: Watching system buttons on /dev/input/event2 (Power Button)
Oct 15 13:27:44 serveuratelier systemd-logind[810]: Watching system buttons on /dev/input/event1 (Power Button)
Oct 15 13:27:44 serveuratelier systemd-logind[810]: Watching system buttons on /dev/input/event0 (Sleep Button)
Oct 15 13:27:44 serveuratelier systemd-logind[810]: Watching system buttons on /dev/input/event4 (Corsair Corsair Gaming K68 Keyboard)
Oct 15 13:27:44 serveuratelier sshd[860]: Server listening on 0.0.0.0 port 22.
Oct 15 13:27:44 serveuratelier sshd[860]: Server listening on :: port 22.
Oct 15 13:28:04 serveuratelier login[1050]: pam_unix(login:session): session opened for user root(uid=0) by LOGIN(uid=0)
Oct 15 13:28:04 serveuratelier systemd-logind[810]: New session 1 of user root.
Oct 15 13:28:04 serveuratelier systemd: pam_unix(systemd-user:session): session opened for user root(uid=0) by (uid=0)
Oct 15 13:28:04 serveuratelier login[1191]: ROOT LOGIN on '/dev/tty1'
Oct 15 13:31:04 serveuratelier systemd-logind[810]: Watching system buttons on /dev/input/event4 (Corsair Corsair Gaming K68 Keyboard)
Oct 15 13:39:01 serveuratelier CRON[1443]: pam_unix(cron:session): session opened for user root(uid=0) by (uid=0)
Oct 15 13:39:01 serveuratelier CRON[1443]: pam_unix(cron:session): session closed for user root
netstat -plntu | grep ssh
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 860/sshd: /usr/sbin
tcp6 0 0 :::22 :::* LISTEN 860/sshd: /usr/sbin
ufw allow ssh
Skipping adding existing rule
Skipping adding existing rule (v6)
ufw status
Status: active
To Action From
-- ------ ----
Apache ALLOW Anywhere
OpenSSH ALLOW Anywhere
22 ALLOW Anywhere
22/tcp ALLOW Anywhere
Apache (v6) ALLOW Anywhere (v6)
OpenSSH (v6) ALLOW Anywhere (v6)
22 (v6) ALLOW Anywhere (v6)
22/tcp (v6) ALLOW Anywhere (v6)
ufw status
[ - ] apache-htcacheclean
[ + ] apache2
[ + ] apparmor
[ + ] apport
[ - ] console-setup.sh
[ + ] cron
[ - ] cryptdisks
[ - ] cryptdisks-early
[ + ] dbus
[ - ] grub-common
[ - ] hwclock.sh
[ - ] initialiser_bash_history.sh
[ + ] irqbalance
[ - ] iscsid
[ - ] keyboard-setup.sh
[ + ] kmod
[ - ] lvm2
[ - ] lvm2-lvmpolld
[ + ] multipath-tools
[ + ] mysql
[ - ] open-iscsi
[ - ] open-vm-tools
[ + ] plymouth
[ + ] plymouth-log
[ + ] procps
[ - ] rsync
[ - ] screen-cleanup
[ + ] ssh
[ + ] udev
[ + ] ufw
[ + ] unattended-upgrades
[ - ] uuidd
la config ssh : nano /etc/ssh/sshd_config
# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.
# This sshd was compiled with PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games
# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options override the
# default value.
Include /etc/ssh/sshd_config.d/*.conf
#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_ecdsa_key
#HostKey /etc/ssh/ssh_host_ed25519_key
# Ciphers and keying
#RekeyLimit default none
# Logging
#SyslogFacility AUTH
#LogLevel INFO
# Authentication:
#LoginGraceTime 2m
PermitRootLogin yes
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10
#PubkeyAuthentication yes
# Expect .ssh/authorized_keys2 to be disregarded by default in future.
#AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2
#AuthorizedPrincipalsFile none
#AuthorizedKeysCommand none
#AuthorizedKeysCommandUser nobody
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes
# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no
# Change to yes to enable challenge-response passwords (beware issues with
# some PAM modules and threads)
KbdInteractiveAuthentication no
# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no
# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes
#GSSAPIStrictAcceptorCheck yes
#GSSAPIKeyExchange no
# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the KbdInteractiveAuthentication and
# PasswordAuthentication. Depending on your PAM configuration,
# PAM authentication via KbdInteractiveAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and KbdInteractiveAuthentication to 'no'.
UsePAM yes
#AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PermitTTY yes
PrintMotd no
#PrintLastLog yes
#TCPKeepAlive yes
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS no
#PidFile /run/sshd.pid
#MaxStartups 10:30:100
#PermitTunnel no
#ChrootDirectory none
#VersionAddendum none
# no default banner path
#Banner none
# Allow client to pass locale environment variables
AcceptEnv LANG LC_*
# override default of no subsystems
Subsystem sftp /usr/lib/openssh/sftp-server
# Example of overriding settings on a per-user basis
#Match User anoncvs
# X11Forwarding no
# AllowTcpForwarding no
# PermitTTY no
# ForceCommand cvs server
nano /etc/netplan/00-installer-config.yaml
# This is the network config written by 'subiquity'
network:
version: 2
ethernets:
enp2s0:
dhcp4: false
addresses: [192.168.1.99/24]
nameservers:
addresses: [109.0.66.10, 109.0.66.20]
routes:
- to: default
via: 192.168.1.1
merci pour votre aide
Dernière modification par kewan (Le 15/10/2023, à 16:59)
Hors ligne
#2 Le 15/10/2023, à 17:09
- kewan
Re : ssh connection refused et n'autorise pas la connexion de mon url
Ca fonctionne avec mon smartphone en wifi, je me connecte correctement à l'url de mon site 192.168.1.99/index.html
Hors ligne
#3 Le 22/10/2023, à 16:23
- kewan
Re : ssh connection refused et n'autorise pas la connexion de mon url
Bonjour,
en faisant des essais pour débannir une adresse IP, j'ai installé fail2ban, visiblement ça a suffit à régler mon problème.
apt-get update
apt-get install fail2ban
fail2ban-client status renvoie 928 fail2ban [2625]: ERROR Failed to access socket path: /var/run/fail2ban/fail2ban.sock. Is fail2ban running?
fail2ban-client reload renvoie 934 fail2ban [2652]: ERROR Could not find server
Je n'ai rien configuré, juste ces 4 lignes de commande. Est-ce que c'est dû à l'installation de fail2ban, parce que mon adresse IP a peut-être changé, la durée du ban est expirée pour mon ip ?
source :
https://www.it-connect.fr/premiers-pas-avec-fail2ban/
https://www.malekal.com/fail2ban-commen … dresse-ip/
Hors ligne