Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Need multiple tries to SSH and SFTP

Discussion in 'General Discussion' started by g6260, Dec 20, 2017.

Tags:
  1. g6260

    g6260 Registered

    Joined:
    Dec 26, 2014
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    For some reason, my cPanel server always requires me to SSH or SFTP multiple tries in order to successfully log in.

    Typically it takes me spamming the ssh login command 5-6 times. After I'm logged in, the SSH connection is perfectly stable.

    The same occurs when I use Filezilla with SFTP to interact with the FTP server. When logging in, the connection is refused multiple times, but after a couple tries I get through.

    I have tried logging in from various networks, all with the same problem.

    Whitelisting my IP on the csf firewall does not help.

    Below is the verbose output of the SSH login command I use:

    $ ssh linode -v
    OpenSSH_7.3p1, OpenSSL 1.0.2j 26 Sep 2016
    debug1: Reading configuration data /c/Users/Galen/.ssh/config
    debug1: /c/Users/Galen/.ssh/config line 1: Applying options for **
    debug1: Reading configuration data /etc/ssh/ssh_config
    debug1: Connecting to ** [**.**.**.**] port 22.
    debug1: Connection established.
    debug1: identity file /c/Users/Galen/.ssh/id_rsa type 1
    debug1: key_load_public: No such file or directory
    debug1: identity file /c/Users/Galen/.ssh/id_rsa-cert type -1
    debug1: key_load_public: No such file or directory
    debug1: identity file /c/Users/Galen/.ssh/id_dsa type -1
    debug1: key_load_public: No such file or directory
    debug1: identity file /c/Users/Galen/.ssh/id_dsa-cert type -1
    debug1: key_load_public: No such file or directory
    debug1: identity file /c/Users/Galen/.ssh/id_ecdsa type -1
    debug1: key_load_public: No such file or directory
    debug1: identity file /c/Users/Galen/.ssh/id_ecdsa-cert type -1
    debug1: key_load_public: No such file or directory
    debug1: identity file /c/Users/Galen/.ssh/id_ed25519 type -1
    debug1: key_load_public: No such file or directory
    debug1: identity file /c/Users/Galen/.ssh/id_ed25519-cert type -1
    debug1: Enabling compatibility mode for protocol 2.0
    debug1: Local version string SSH-2.0-OpenSSH_7.3
    ssh_exchange_identification: Connection closed by remote host

    Does anyone have an idea what's causing this? Any suggestions are greatly appreciated.
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    41,516
    Likes Received:
    1,616
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    Do you notice any output to /var/log/secure when the initial attempts fail?

    Thank you.
     
  3. g6260

    g6260 Registered

    Joined:
    Dec 26, 2014
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Thank you for your reply, Michael.

    I've been tailing /var/log/secure while attempting to log in.

    Only the successful logins appear in the log.

    Dec 20 20:25:47 server-1 sshd[10404]: Accepted publickey for root from **.**.**.** port 56039 ssh2
    Dec 20 20:25:47 server-1 sshd[10404]: pam_unix(sshd:session): session opened for user root by (uid=0)
    Dec 20 20:28:12 server-1 sshd[12139]: Received disconnect from **.**.**.**: 11: disconnected by user
    Dec 20 20:28:12 server-1 sshd[12139]: pam_unix(sshd:session): session closed for user root

    If the connection is closed by the remote host, there is no output to the log at all.
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    41,516
    Likes Received:
    1,616
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    Could you open a support ticket using the link in my signature so we can take a closer look?

    Thank you.
     
  5. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    41,516
    Likes Received:
    1,616
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    To update, per the support ticket, it looks as though the culprit was the CSF firewall application:

    Additionally, you may want to consider moving SSH to an alternate port to help prevent brute force attacks. We provide a thread to help with this at:

    [Tutorial] Interested in increasing the security of your server? Read this. (sshd hardening)

    Thank you.
     
Loading...

Share This Page