Hey guys,
I've run into an ssh connection issue and it's been driving me crazy.
Background:
I set up ubuntu server (22.04) on an old PC, and set up SSH server. It's set up for private key authentication and google 2fa.
It's currently in a remote location (7 hours drive away), so I can't access it physically except for someone (non-technical) that can restart the machine.
It was running just fine and allowing ssh connections for a three weeks or so until today when it started experiencing the following:
Issue:
1. It'll disconnect the active ssh session with the following message:
Code:
client_loop: send disconnect: Connection reset
2. The ssh server doesn't allow any subsequent connections with the following error:
Code:
ssh: connect to host <host> port <port>: Connection timed out
3. Restarting the server (or even sleeping it and un-sleeping it) will allow connections again, but after about 10-20 minutes, the issue starts again from #1
Troubleshooting:
1. I tried connecting via another PC and get the same "connection timed out" error
2. noticed a lot of traffic (chinese ip's) probing ssh default port in auth.log, so I changed ssh port from 22 to another open one, thinking it might be some kind of DOS issue
3. added following to sshd_config and restarted the ssh service:
Code:
ClientAliveInterval 600
TCPKeepAlive yes
ClientAliveCountMax 10
4. add the following rules via iptables
Code:
sudo iptables -A INPUT -p tcp --dport <port> -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT
sudo iptables -A OUTPUT -p tcp --sport <port> -m conntrack --ctstate ESTABLISHED -j ACCEPT
Note:
Further troubleshooting can only be done when someone is available to restart the machine which gives me a ~10-20 minute interval to troubleshoot remotely via ssh.