Bulk login attempts on port 22 shutdown our SSH git server access, HTTPs still works thoughnon root ssh...

What are the canonical definitions of vitarka-vicara in the Tripitaka or related literature

A Meal fit for a King

Is Sanskrit really the mother of all languages?

Why does the seven segment display have decimal point at the right?

Fantasy Military Arms and Armor: the Dwarven Grand Armory

Why is に used with this verb?

Life post thesis submission is terrifying - Help!

My Friend James

In-universe, why does Doc Brown program the time machine to go to 1955?

Is there any reason to change the ISO manually?

Are there mathematical concepts that exist in the fourth dimension, but not in the third dimension?

Do we know what "hardness" of Brexit people actually wanted in the referendum, if there had been other choices available?

What would a biological creature need in order to see into the future?

Never make public members virtual/abstract - really?

Who are these people in this satirical cartoon of the Congress of Verona?

Professor refuses to write a recommendation letter to students who haven't written a research paper with him

Round away from zero

How do I stop making people jump at home and at work?

Why don't they build airplanes from 3D printer plastic?

FORMAT returns large row size and data size

Bidirectional Dictionary

How to find better food in airports

What drugs were used in England during the High Middle Ages?

Why is a pressure canner needed when canning?



Bulk login attempts on port 22 shutdown our SSH git server access, HTTPs still works though


non root ssh keyscan I set up openssh-server on local machine without messing my git ssh access to git and gerrit server?SSH Remote Execution - checking server can do it?can't login in new user via ssh 'server refused our key'ssh_dispatch_run_fatal: message authentication code incorrectSSH Configuration Help / Can't tunnelJumphost suddenly reseting first SSH MUX connection attemptsssh_exchange_identification: read: Connection reset by peer ( unable to access the remote server for restarting the SSH service )passwordless ssh to localhost in Ubuntu 16.04






.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ margin-bottom:0;
}







0















Recently we have been seeing a lot of connections from IPs in to our public git server. When this happens, our devs are unable to commit via SSH as the server is very, very slow and I am unable to login via SSH remotely and have to login from the console to resolve the issue. HTTPs to gitlab still works when this happens. System resources are plentiful and I have edited sshd_config to block all port 22 access unless they have a key. I also have IPS setup to block multiple SSH attempts and have fail2ban on the server.



With all that setup, I am unsure how this is creating such an issue for the server. I can resolve the issues by restarting the sshd service and blocking the offending subnets, but why is it messing up SSH so much that it makes the server unusable via SSH? Are all of these attempts somehow using all of the ports and therefore blocking legit access attempts? Below is a copy of the secure log file with an attempt. Note, there is a big time gap from 14:30:18 to 14:30:50.



Sep  4 14:30:17 somegitserver sshd[5924]: Connection from 11.11.11.11 port 62290

Sep  4 14:30:17 somegitserver sshd[5924]: debug1: Client protocol version 2.0; client software version libssh-0.11

Sep  4 14:30:17 somegitserver sshd[5924]: debug1: no match: libssh-0.11

Sep  4 14:30:17 somegitserver sshd[5924]: debug1: Enabling compatibility mode for protocol 2.0

Sep  4 14:30:17 somegitserver sshd[5924]: debug1: Local version string SSH-2.0-OpenSSH_5.3

Sep  4 14:30:17 somegitserver sshd[5941]: debug1: permanently_set_uid: 74/74

Sep  4 14:30:17 somegitserver sshd[5941]: debug1: list_hostkey_types: ssh-rsa,ssh-dss

Sep  4 14:30:17 somegitserver sshd[5941]: debug1: SSH2_MSG_KEXINIT sent

Sep  4 14:30:17 somegitserver sshd[5941]: debug1: SSH2_MSG_KEXINIT received

Sep  4 14:30:17 somegitserver sshd[5941]: debug1: kex: client->server aes128-cbc hmac-sha1 none

Sep  4 14:30:17 somegitserver sshd[5941]: debug1: kex: server->client aes128-cbc hmac-sha1 none

Sep  4 14:30:17 somegitserver sshd[5941]: debug1: expecting SSH2_MSG_KEXDH_INIT

Sep  4 14:30:18 somegitserver sshd[5941]: debug1: SSH2_MSG_NEWKEYS sent

Sep  4 14:30:18 somegitserver sshd[5941]: debug1: expecting SSH2_MSG_NEWKEYS

Sep  4 14:30:18 somegitserver sshd[5941]: debug1: SSH2_MSG_NEWKEYS received

Sep  4 14:30:18 somegitserver sshd[5941]: debug1: KEX done

Sep  4 14:30:18 somegitserver sshd[5941]: debug1: userauth-request for user root service ssh-connection method keyboard-interactive

Sep  4 14:30:50 somegitserver sshd[5944]: debug1: Enabling compatibility mode for protocol 2.0

Sep  4 14:30:51 somegitserver sshd[5941]: debug1: do_cleanup

Sep  4 14:30:51 somegitserver sshd[5945]: debug1: rexec start in 5 out 5 newsock 5 pipe 10 sock 11

Sep  4 14:30:51 somegitserver sshd[5944]: debug1: Local version string SSH-2.0-OpenSSH_5.3

Sep  4 14:30:51 somegitserver sshd[5924]: debug1: do_cleanup

Sep  4 14:30:51 somegitserver sshd[5945]: debug1: inetd sockets after dupping: 3, 3

Sep  4 14:30:51 somegitserver sshd[5961]: debug1: permanently_set_uid: 74/74

Sep  4 14:30:51 somegitserver sshd[5924]: debug1: PAM: cleanup


What am I missing?






ssh git sshd fail2ban







share|improve this question































    0















    Recently we have been seeing a lot of connections from IPs in to our public git server. When this happens, our devs are unable to commit via SSH as the server is very, very slow and I am unable to login via SSH remotely and have to login from the console to resolve the issue. HTTPs to gitlab still works when this happens. System resources are plentiful and I have edited sshd_config to block all port 22 access unless they have a key. I also have IPS setup to block multiple SSH attempts and have fail2ban on the server.



    With all that setup, I am unsure how this is creating such an issue for the server. I can resolve the issues by restarting the sshd service and blocking the offending subnets, but why is it messing up SSH so much that it makes the server unusable via SSH? Are all of these attempts somehow using all of the ports and therefore blocking legit access attempts? Below is a copy of the secure log file with an attempt. Note, there is a big time gap from 14:30:18 to 14:30:50.



    Sep  4 14:30:17 somegitserver sshd[5924]: Connection from 11.11.11.11 port 62290
    
Sep  4 14:30:17 somegitserver sshd[5924]: debug1: Client protocol version 2.0; client software version libssh-0.11
    
Sep  4 14:30:17 somegitserver sshd[5924]: debug1: no match: libssh-0.11
    
Sep  4 14:30:17 somegitserver sshd[5924]: debug1: Enabling compatibility mode for protocol 2.0
    
Sep  4 14:30:17 somegitserver sshd[5924]: debug1: Local version string SSH-2.0-OpenSSH_5.3
    
Sep  4 14:30:17 somegitserver sshd[5941]: debug1: permanently_set_uid: 74/74
    
Sep  4 14:30:17 somegitserver sshd[5941]: debug1: list_hostkey_types: ssh-rsa,ssh-dss
    
Sep  4 14:30:17 somegitserver sshd[5941]: debug1: SSH2_MSG_KEXINIT sent
    
Sep  4 14:30:17 somegitserver sshd[5941]: debug1: SSH2_MSG_KEXINIT received
    
Sep  4 14:30:17 somegitserver sshd[5941]: debug1: kex: client->server aes128-cbc hmac-sha1 none
    
Sep  4 14:30:17 somegitserver sshd[5941]: debug1: kex: server->client aes128-cbc hmac-sha1 none
    
Sep  4 14:30:17 somegitserver sshd[5941]: debug1: expecting SSH2_MSG_KEXDH_INIT
    
Sep  4 14:30:18 somegitserver sshd[5941]: debug1: SSH2_MSG_NEWKEYS sent
    
Sep  4 14:30:18 somegitserver sshd[5941]: debug1: expecting SSH2_MSG_NEWKEYS
    
Sep  4 14:30:18 somegitserver sshd[5941]: debug1: SSH2_MSG_NEWKEYS received
    
Sep  4 14:30:18 somegitserver sshd[5941]: debug1: KEX done
    
Sep  4 14:30:18 somegitserver sshd[5941]: debug1: userauth-request for user root service ssh-connection method keyboard-interactive
    
Sep  4 14:30:50 somegitserver sshd[5944]: debug1: Enabling compatibility mode for protocol 2.0
    
Sep  4 14:30:51 somegitserver sshd[5941]: debug1: do_cleanup
    
Sep  4 14:30:51 somegitserver sshd[5945]: debug1: rexec start in 5 out 5 newsock 5 pipe 10 sock 11
    
Sep  4 14:30:51 somegitserver sshd[5944]: debug1: Local version string SSH-2.0-OpenSSH_5.3
    
Sep  4 14:30:51 somegitserver sshd[5924]: debug1: do_cleanup
    
Sep  4 14:30:51 somegitserver sshd[5945]: debug1: inetd sockets after dupping: 3, 3
    
Sep  4 14:30:51 somegitserver sshd[5961]: debug1: permanently_set_uid: 74/74
    
Sep  4 14:30:51 somegitserver sshd[5924]: debug1: PAM: cleanup


    What am I missing?






    ssh git sshd fail2ban







    share|improve this question



























      0












      0








      0








      Recently we have been seeing a lot of connections from IPs in to our public git server. When this happens, our devs are unable to commit via SSH as the server is very, very slow and I am unable to login via SSH remotely and have to login from the console to resolve the issue. HTTPs to gitlab still works when this happens. System resources are plentiful and I have edited sshd_config to block all port 22 access unless they have a key. I also have IPS setup to block multiple SSH attempts and have fail2ban on the server.



      With all that setup, I am unsure how this is creating such an issue for the server. I can resolve the issues by restarting the sshd service and blocking the offending subnets, but why is it messing up SSH so much that it makes the server unusable via SSH? Are all of these attempts somehow using all of the ports and therefore blocking legit access attempts? Below is a copy of the secure log file with an attempt. Note, there is a big time gap from 14:30:18 to 14:30:50.



      Sep  4 14:30:17 somegitserver sshd[5924]: Connection from 11.11.11.11 port 62290
      
Sep  4 14:30:17 somegitserver sshd[5924]: debug1: Client protocol version 2.0; client software version libssh-0.11
      
Sep  4 14:30:17 somegitserver sshd[5924]: debug1: no match: libssh-0.11
      
Sep  4 14:30:17 somegitserver sshd[5924]: debug1: Enabling compatibility mode for protocol 2.0
      
Sep  4 14:30:17 somegitserver sshd[5924]: debug1: Local version string SSH-2.0-OpenSSH_5.3
      
Sep  4 14:30:17 somegitserver sshd[5941]: debug1: permanently_set_uid: 74/74
      
Sep  4 14:30:17 somegitserver sshd[5941]: debug1: list_hostkey_types: ssh-rsa,ssh-dss
      
Sep  4 14:30:17 somegitserver sshd[5941]: debug1: SSH2_MSG_KEXINIT sent
      
Sep  4 14:30:17 somegitserver sshd[5941]: debug1: SSH2_MSG_KEXINIT received
      
Sep  4 14:30:17 somegitserver sshd[5941]: debug1: kex: client->server aes128-cbc hmac-sha1 none
      
Sep  4 14:30:17 somegitserver sshd[5941]: debug1: kex: server->client aes128-cbc hmac-sha1 none
      
Sep  4 14:30:17 somegitserver sshd[5941]: debug1: expecting SSH2_MSG_KEXDH_INIT
      
Sep  4 14:30:18 somegitserver sshd[5941]: debug1: SSH2_MSG_NEWKEYS sent
      
Sep  4 14:30:18 somegitserver sshd[5941]: debug1: expecting SSH2_MSG_NEWKEYS
      
Sep  4 14:30:18 somegitserver sshd[5941]: debug1: SSH2_MSG_NEWKEYS received
      
Sep  4 14:30:18 somegitserver sshd[5941]: debug1: KEX done
      
Sep  4 14:30:18 somegitserver sshd[5941]: debug1: userauth-request for user root service ssh-connection method keyboard-interactive
      
Sep  4 14:30:50 somegitserver sshd[5944]: debug1: Enabling compatibility mode for protocol 2.0
      
Sep  4 14:30:51 somegitserver sshd[5941]: debug1: do_cleanup
      
Sep  4 14:30:51 somegitserver sshd[5945]: debug1: rexec start in 5 out 5 newsock 5 pipe 10 sock 11
      
Sep  4 14:30:51 somegitserver sshd[5944]: debug1: Local version string SSH-2.0-OpenSSH_5.3
      
Sep  4 14:30:51 somegitserver sshd[5924]: debug1: do_cleanup
      
Sep  4 14:30:51 somegitserver sshd[5945]: debug1: inetd sockets after dupping: 3, 3
      
Sep  4 14:30:51 somegitserver sshd[5961]: debug1: permanently_set_uid: 74/74
      
Sep  4 14:30:51 somegitserver sshd[5924]: debug1: PAM: cleanup


      What am I missing?






      ssh git sshd fail2ban







      share|improve this question














      Recently we have been seeing a lot of connections from IPs in to our public git server. When this happens, our devs are unable to commit via SSH as the server is very, very slow and I am unable to login via SSH remotely and have to login from the console to resolve the issue. HTTPs to gitlab still works when this happens. System resources are plentiful and I have edited sshd_config to block all port 22 access unless they have a key. I also have IPS setup to block multiple SSH attempts and have fail2ban on the server.



      With all that setup, I am unsure how this is creating such an issue for the server. I can resolve the issues by restarting the sshd service and blocking the offending subnets, but why is it messing up SSH so much that it makes the server unusable via SSH? Are all of these attempts somehow using all of the ports and therefore blocking legit access attempts? Below is a copy of the secure log file with an attempt. Note, there is a big time gap from 14:30:18 to 14:30:50.



      Sep  4 14:30:17 somegitserver sshd[5924]: Connection from 11.11.11.11 port 62290
      
Sep  4 14:30:17 somegitserver sshd[5924]: debug1: Client protocol version 2.0; client software version libssh-0.11
      
Sep  4 14:30:17 somegitserver sshd[5924]: debug1: no match: libssh-0.11
      
Sep  4 14:30:17 somegitserver sshd[5924]: debug1: Enabling compatibility mode for protocol 2.0
      
Sep  4 14:30:17 somegitserver sshd[5924]: debug1: Local version string SSH-2.0-OpenSSH_5.3
      
Sep  4 14:30:17 somegitserver sshd[5941]: debug1: permanently_set_uid: 74/74
      
Sep  4 14:30:17 somegitserver sshd[5941]: debug1: list_hostkey_types: ssh-rsa,ssh-dss
      
Sep  4 14:30:17 somegitserver sshd[5941]: debug1: SSH2_MSG_KEXINIT sent
      
Sep  4 14:30:17 somegitserver sshd[5941]: debug1: SSH2_MSG_KEXINIT received
      
Sep  4 14:30:17 somegitserver sshd[5941]: debug1: kex: client->server aes128-cbc hmac-sha1 none
      
Sep  4 14:30:17 somegitserver sshd[5941]: debug1: kex: server->client aes128-cbc hmac-sha1 none
      
Sep  4 14:30:17 somegitserver sshd[5941]: debug1: expecting SSH2_MSG_KEXDH_INIT
      
Sep  4 14:30:18 somegitserver sshd[5941]: debug1: SSH2_MSG_NEWKEYS sent
      
Sep  4 14:30:18 somegitserver sshd[5941]: debug1: expecting SSH2_MSG_NEWKEYS
      
Sep  4 14:30:18 somegitserver sshd[5941]: debug1: SSH2_MSG_NEWKEYS received
      
Sep  4 14:30:18 somegitserver sshd[5941]: debug1: KEX done
      
Sep  4 14:30:18 somegitserver sshd[5941]: debug1: userauth-request for user root service ssh-connection method keyboard-interactive
      
Sep  4 14:30:50 somegitserver sshd[5944]: debug1: Enabling compatibility mode for protocol 2.0
      
Sep  4 14:30:51 somegitserver sshd[5941]: debug1: do_cleanup
      
Sep  4 14:30:51 somegitserver sshd[5945]: debug1: rexec start in 5 out 5 newsock 5 pipe 10 sock 11
      
Sep  4 14:30:51 somegitserver sshd[5944]: debug1: Local version string SSH-2.0-OpenSSH_5.3
      
Sep  4 14:30:51 somegitserver sshd[5924]: debug1: do_cleanup
      
Sep  4 14:30:51 somegitserver sshd[5945]: debug1: inetd sockets after dupping: 3, 3
      
Sep  4 14:30:51 somegitserver sshd[5961]: debug1: permanently_set_uid: 74/74
      
Sep  4 14:30:51 somegitserver sshd[5924]: debug1: PAM: cleanup


      What am I missing?






      ssh git sshd fail2ban




      ssh git sshd fail2ban






      share|improve this question













      share|improve this question











      share|improve this question




      share|improve this question










      asked 30 mins ago









      saleetzosaleetzo

      3034 silver badges15 bronze badges




      3034 silver badges15 bronze badges

























          0






          active

          oldest

          votes














          Your Answer








          StackExchange.ready(function() {
          var channelOptions = {
          tags: "".split(" "),
          id: "106"
          };
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function() {
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled) {
          StackExchange.using("snippets", function() {
          createEditor();
          });
          }
          else {
          createEditor();
          }
          });

          function createEditor() {
          StackExchange.prepareEditor({
          heartbeatType: 'answer',
          autoActivateHeartbeat: false,
          convertImagesToLinks: false,
          noModals: true,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: null,
          bindNavPrevention: true,
          postfix: "",
          imageUploader: {
          brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
          contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
          allowUrls: true
          },
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          });


          }
          });














          draft saved

          draft discarded


















          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f539079%2fbulk-login-attempts-on-port-22-shutdown-our-ssh-git-server-access-https-still-w%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown

























          0






          active

          oldest

          votes








          0






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes
















          draft saved

          draft discarded




















































          Thanks for contributing an answer to Unix & Linux Stack Exchange!


          • Please be sure to answer the question. Provide details and share your research!

          But avoid



          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.


          To learn more, see our tips on writing great answers.




          draft saved


          draft discarded














          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f539079%2fbulk-login-attempts-on-port-22-shutdown-our-ssh-git-server-access-https-still-w%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown





















































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown

































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown







          -

          Popular posts from this blog

          Hudson River Historic District Contents Geography History The district today Aesthetics Cultural...

          Image
          Contributing propertyKeeper of the RegisterHistoric districtHistory of the National Register of Historic PlacesNational Park ServiceProperty typesAlbanyBuffaloNew RochelleBronxBrooklynQueensStaten IslandManhattanBelow 14th St.14th–59th St.59th–110th St.Above 110th St.Minor islandsNiagara FallsPeekskill PoughkeepsieRhinebeckRochesterSyracuseYonkers National Historic Landmarks in New York (state)Historic districts on the National Register of Historic Places in New York (state)Hudson RiverNational Register of Historic Places in Dutchess County, New YorkHyde Park, New YorkRed Hook, New YorkRhinebeck, New YorkTivoli, New YorkAnnandale-on-Hudson, New YorkHistoric districts in Columbia County, New YorkHistoric districts in Dutchess County, New YorkHistoric American Buildings Survey in New York (state) such districtcontiguous United StatesHudson RiverStaatsburgGermantownDutchessColumbiacountiesU.S. stateNew YorktownsClermontRed HookRhinebeckHyde ParkhamletsAnnandaleBarrytownRhinecliffTivoliB...
          Read more

          The number designs the writing. Feandra Aversely Definition: The act of ingrafting a sprig or shoot of one...

          Image
          The number designs the writing. Feandra Aversely Definition: The act of ingrafting a sprig or shoot of one tree into another without cutting it from the parent stock called also inarching and grafting by approach Dirty Enlarge 다음 기대 자네 쪽 Behavior Murky Desire Snow Time Honk Horse 초 연구원 창구 일식 Disagreeable Pinch Puppet Popeye Aladdin Brother Bear Two and a Half Men 유행 겨울철 쪽 턱 The quality corresponds the ragged competition. Virtuoso Cough Definition: The situation and structure of the secretory vessels in plants Produce Happy Isaac Newton 대하다 인원 사냥 초등학생 The wound individualizes the moaning increase. Zooumlgeny Definition: The act of impinging Rhythm Chin The Wizard of Oz Drum 직후 침 분리되다 온돌 Crestboot Adhesive Windy Yodacloud Definition: An oven in which glazed pottery is fired also called glaze kiln or glaze Shrill Kick King of the Hill 서서히 김치 곧다ip 겪다 냄새 치르다 색깔 떨어뜨리다 줍다 이튿날 한가운데 감히 인간적 죽 수건 출판사 채 야하다 갈비 출입국 The destruction refers the heat. Boln Paint Digestion Turn Many P...
          Read more

          Ayherre Geografie Demografie Externe links Navigatiemenu43° 23′ NB, 1° 15′ WL43° 23′ NB, 1°...

          Image
          Gemeente in Pyrénées-Atlantiques FransePyrénées-AtlantiquesNouvelle-AquitaineBayonneINSEE-tellingen 43° 23′ NB, 1° 15′ WL Ayherre Uit Wikipedia, de vrije encyclopedie Naar navigatie springen Naar zoeken springen Ayherre Gemeente in Frankrijk Situering Regio Nouvelle-Aquitaine Departement Pyrénées-Atlantiques (64) Arrondissement Bayonne Kanton La Bastide-Clairence Coördinaten 43° 23′ NB, 1° 15′ WL Algemeen Oppervlakte 27,3 km² Inwoners (1 jan. 2011) 987 (36,2 inw./km²) Hoogte 20 - 465 m Overig Postcode 64240 INSEE-code 64086 Foto's Portaal     Frankrijk Ayherre is een gemeente in het Franse departement Pyrénées-Atlantiques (regio Nouvelle-Aquitaine) en telt 955 inwoners (2005). De plaats maakt deel uit van het arrondissement Bayonne. Geografie De oppervlakte van Ayherre bedraagt 27,3 km², de bevolkingsdichth...
          Read more