Hello! I experimented with going to UFW, after reading the sticky in Security Discussions. After turning it on w/ GUFW, *and even after allowing SSH access using the preprogrammed GUFW rule to allow port 22 from anywhere*, I can sign on once from SSH before being permanently locked out.
The basic problem looks like this: Reboot the machine. Completely remove and then reinstall denyhosts. Remove my laptop's address from /etc/hosts.deny on my desktop. Connect from the laptop to the desktop using ssh (providing my password just once and getting in without problems). And, without doing anything else, look back in my hosts.deny file and my laptop's ipaddress has reappeared in it! Sign out, try to connect again, and I either get an ssh timeout or "ssh_exchange_identification: Connection closed by remote host."
The main purpose of this desktop is to run analyses remotely, so this problem is rendering my machine unusable.
My best guess is that ssh is shifting from port 22 to some other port once the connection is formed and denyhosts then treats the connection as illegitimate and adds the ipaddress to hosts.deny. For example, the auth.log entry for my ssh connection looks like this: Accepted password for slowtrain from myLaptopIPaddress port 55379 ssh2 . I'm just using standard ssh syntax and the firewall won't accept anything coming in other than on port 22, so I can only imagine ssh is moving the connection to this other port. It probably does this normally to allow multiple ssh connections.
Before putting UFW on my machine I didn't have this problem and could connect w/ SSH as much as I liked. On the other hand, I don't know for certain that UFW caused the problem. I've now shut down UFW and reinstalled Firestarter, but the problem persists. On the other hand, maybe something UFW did to some configuration file that remains is making this happen? Thoughts?
Bookmarks