Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Need multiple tries to SSH and SFTP

Discussion in 'General Discussion' started by g6260, Dec 20, 2017.

Tags:
  1. g6260

    g6260 Registered

    Joined:
    Dec 26, 2014
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    For some reason, my cPanel server always requires me to SSH or SFTP multiple tries in order to successfully log in.

    Typically it takes me spamming the ssh login command 5-6 times. After I'm logged in, the SSH connection is perfectly stable.

    The same occurs when I use Filezilla with SFTP to interact with the FTP server. When logging in, the connection is refused multiple times, but after a couple tries I get through.

    I have tried logging in from various networks, all with the same problem.

    Whitelisting my IP on the csf firewall does not help.

    Below is the verbose output of the SSH login command I use:

    $ ssh linode -v
    OpenSSH_7.3p1, OpenSSL 1.0.2j 26 Sep 2016
    debug1: Reading configuration data /c/Users/Galen/.ssh/config
    debug1: /c/Users/Galen/.ssh/config line 1: Applying options for **
    debug1: Reading configuration data /etc/ssh/ssh_config
    debug1: Connecting to ** [**.**.**.**] port 22.
    debug1: Connection established.
    debug1: identity file /c/Users/Galen/.ssh/id_rsa type 1
    debug1: key_load_public: No such file or directory
    debug1: identity file /c/Users/Galen/.ssh/id_rsa-cert type -1
    debug1: key_load_public: No such file or directory
    debug1: identity file /c/Users/Galen/.ssh/id_dsa type -1
    debug1: key_load_public: No such file or directory
    debug1: identity file /c/Users/Galen/.ssh/id_dsa-cert type -1
    debug1: key_load_public: No such file or directory
    debug1: identity file /c/Users/Galen/.ssh/id_ecdsa type -1
    debug1: key_load_public: No such file or directory
    debug1: identity file /c/Users/Galen/.ssh/id_ecdsa-cert type -1
    debug1: key_load_public: No such file or directory
    debug1: identity file /c/Users/Galen/.ssh/id_ed25519 type -1
    debug1: key_load_public: No such file or directory
    debug1: identity file /c/Users/Galen/.ssh/id_ed25519-cert type -1
    debug1: Enabling compatibility mode for protocol 2.0
    debug1: Local version string SSH-2.0-OpenSSH_7.3
    ssh_exchange_identification: Connection closed by remote host

    Does anyone have an idea what's causing this? Any suggestions are greatly appreciated.
     
  2. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    45,532
    Likes Received:
    1,966
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello,

    Do you notice any output to /var/log/secure when the initial attempts fail?

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. g6260

    g6260 Registered

    Joined:
    Dec 26, 2014
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Thank you for your reply, Michael.

    I've been tailing /var/log/secure while attempting to log in.

    Only the successful logins appear in the log.

    Dec 20 20:25:47 server-1 sshd[10404]: Accepted publickey for root from **.**.**.** port 56039 ssh2
    Dec 20 20:25:47 server-1 sshd[10404]: pam_unix(sshd:session): session opened for user root by (uid=0)
    Dec 20 20:28:12 server-1 sshd[12139]: Received disconnect from **.**.**.**: 11: disconnected by user
    Dec 20 20:28:12 server-1 sshd[12139]: pam_unix(sshd:session): session closed for user root

    If the connection is closed by the remote host, there is no output to the log at all.
     
  4. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    45,532
    Likes Received:
    1,966
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello,

    Could you open a support ticket using the link in my signature so we can take a closer look?

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    45,532
    Likes Received:
    1,966
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello,

    To update, per the support ticket, it looks as though the culprit was the CSF firewall application:

    Additionally, you may want to consider moving SSH to an alternate port to help prevent brute force attacks. We provide a thread to help with this at:

    [Tutorial] Interested in increasing the security of your server? Read this. (sshd hardening)

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice