Can't connect ssh
by maddy0 from LinuxQuestions.org on (#6N5Y2)
Hello, these are my conf. files:
sshd_config
Include /etc/ssh/sshd_config.d/*.conf
Port 8888
Protocol 2
#Subsystem sftp /usr/lib/openssh/sftp-server
AllowStreamLocalForwarding no
PermitOpen none
PermitTTY no
ClientAliveCountMax 2
ClientAliveInterval 100
MaxStartups 2:5:10
MaxSessions 1
PermitRootLogin no
MaxAuthTries 2
LoginGraceTime 15
PasswordAuthentication yes
PermitEmptyPasswords no
ChallengeResponseAuthentication no
KerberosAuthentication no
GSSAPIAuthentication no
X11Forwarding no
PermitUserEnvironment no
AllowAgentForwarding no
AllowTcpForwarding no
PermitTunnel no
DebianBanner no
UsePAM yes
PrintMotd no
AllowUsers user @MYMACHINEIP
# Allow client to pass locale environment variables
AcceptEnv LANG LC_*
Iptables
Chain INPUT (policy DROP)
num target prot opt source destination
1 f2b-ip-blocklist all -- anywhere anywhere
2 f2b-repeatoffender all -- anywhere anywhere
3 f2b-ip-blocklist all -- anywhere anywhere
4 f2b-repeatoffender all -- anywhere anywhere
5 ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
6 MALICIOUS all -- anywhere anywhere
7 STDIN all -- anywhere anywhere
8 LOG tcp -- anywhere anywhere tcp LOG level warn prefix "tcp.in.dropped "
9 LOG udp -- anywhere anywhere udp LOG level warn prefix "udp.in.dropped "
10 DROP all -- anywhere anywhere ctstate INVALID
11 ACCEPT icmp -- anywhere anywhere icmp echo-request limit: avg 3/min burst 3
12 DROP icmp -- anywhere anywhere icmp echo-request
Chain FORWARD (policy DROP)
num target prot opt source destination
Chain OUTPUT (policy DROP)
num target prot opt source destination
1 ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
2 STDOUT all -- anywhere anywhere
3 LOG udp -- anywhere anywhere udp LOG level warn prefix "udp.out.dropped "
4 LOG tcp -- anywhere anywhere tcp LOG level warn prefix "tcp.out.dropped "
Chain FRIENDLY (2 references)
num target prot opt source destination
1 ACCEPT all -- MYMACHINEIP/24 anywhere /* [known-friendly network] */
2 LOG udp -- anywhere anywhere udp LOG level warn prefix "udp.in.foreign "
3 LOG tcp -- anywhere anywhere tcp LOG level warn prefix "tcp.in.foreign "
4 DROP all -- anywhere anywhere
Chain MALICIOUS (1 references)
num target prot opt source destination
1 DROP all -- anywhere anywhere ctstate INVALID
2 DROP tcp -- anywhere anywhere tcp flags:FIN,SYN/FIN,SYN /* [malicious packet patterns] */
3 DROP tcp -- anywhere anywhere tcp flags:SYN,RST/SYN,RST /* [malicious packet patterns] */
4 DROP tcp -- anywhere anywhere tcp flags:FIN,ACK/FIN /* [malicious packet patterns] */
5 DROP tcp -- anywhere anywhere tcp flags:PSH,ACK/PSH /* [malicious packet patterns] */
6 DROP tcp -- anywhere anywhere tcp flags:ACK,URG/URG /* [malicious packet patterns] */
Chain STDIN (1 references)
num target prot opt source destination
1 FRIENDLY tcp -- anywhere anywhere /* sshd standard port */ tcp dpt:8888
2 FRIENDLY icmp -- anywhere anywhere
Chain STDOUT (1 references)
num target prot opt source destination
1 ACCEPT udp -- anywhere anywhere udp dpt:domain
2 ACCEPT tcp -- anywhere anywhere tcp dpt:http /* allow outbound http */
3 ACCEPT tcp -- anywhere anywhere tcp dpt:https /* allow outbound https */
4 ACCEPT icmp -- anywhere anywhere
Chain f2b-ip-blocklist (2 references)
num target prot opt source destination
1 RETURN all -- anywhere anywhere
2 RETURN all -- anywhere anywhere
Chain f2b-repeatoffender (2 references)
num target prot opt source destination
1 RETURN all -- anywhere anywhere
2 RETURN all -- anywhere anywhere
Fail2ban
jail.local
[sshd]
enabled = true
filter = sshd
logpath = /var/log/auth.log
maxretry = 3
port = ssh
backend=systemd
ssh -v localhost -p 8888
OpenSSH_9.2p1 Debian-2+deb12u2, OpenSSL 3.0.11 19 Sep 2023
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no files
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug1: Connecting to localhost [127.0.0.1] port 8888.
debug1: connect to address 127.0.0.1 port 8888: Connection timed out
debug1: Connecting to localhost [::1] port 8888.
socket: Address family not supported by protocol
ssh: connect to host localhost port 8888: failure
sshd_config
Include /etc/ssh/sshd_config.d/*.conf
Port 8888
Protocol 2
#Subsystem sftp /usr/lib/openssh/sftp-server
AllowStreamLocalForwarding no
PermitOpen none
PermitTTY no
ClientAliveCountMax 2
ClientAliveInterval 100
MaxStartups 2:5:10
MaxSessions 1
PermitRootLogin no
MaxAuthTries 2
LoginGraceTime 15
PasswordAuthentication yes
PermitEmptyPasswords no
ChallengeResponseAuthentication no
KerberosAuthentication no
GSSAPIAuthentication no
X11Forwarding no
PermitUserEnvironment no
AllowAgentForwarding no
AllowTcpForwarding no
PermitTunnel no
DebianBanner no
UsePAM yes
PrintMotd no
AllowUsers user @MYMACHINEIP
# Allow client to pass locale environment variables
AcceptEnv LANG LC_*
Iptables
Chain INPUT (policy DROP)
num target prot opt source destination
1 f2b-ip-blocklist all -- anywhere anywhere
2 f2b-repeatoffender all -- anywhere anywhere
3 f2b-ip-blocklist all -- anywhere anywhere
4 f2b-repeatoffender all -- anywhere anywhere
5 ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
6 MALICIOUS all -- anywhere anywhere
7 STDIN all -- anywhere anywhere
8 LOG tcp -- anywhere anywhere tcp LOG level warn prefix "tcp.in.dropped "
9 LOG udp -- anywhere anywhere udp LOG level warn prefix "udp.in.dropped "
10 DROP all -- anywhere anywhere ctstate INVALID
11 ACCEPT icmp -- anywhere anywhere icmp echo-request limit: avg 3/min burst 3
12 DROP icmp -- anywhere anywhere icmp echo-request
Chain FORWARD (policy DROP)
num target prot opt source destination
Chain OUTPUT (policy DROP)
num target prot opt source destination
1 ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
2 STDOUT all -- anywhere anywhere
3 LOG udp -- anywhere anywhere udp LOG level warn prefix "udp.out.dropped "
4 LOG tcp -- anywhere anywhere tcp LOG level warn prefix "tcp.out.dropped "
Chain FRIENDLY (2 references)
num target prot opt source destination
1 ACCEPT all -- MYMACHINEIP/24 anywhere /* [known-friendly network] */
2 LOG udp -- anywhere anywhere udp LOG level warn prefix "udp.in.foreign "
3 LOG tcp -- anywhere anywhere tcp LOG level warn prefix "tcp.in.foreign "
4 DROP all -- anywhere anywhere
Chain MALICIOUS (1 references)
num target prot opt source destination
1 DROP all -- anywhere anywhere ctstate INVALID
2 DROP tcp -- anywhere anywhere tcp flags:FIN,SYN/FIN,SYN /* [malicious packet patterns] */
3 DROP tcp -- anywhere anywhere tcp flags:SYN,RST/SYN,RST /* [malicious packet patterns] */
4 DROP tcp -- anywhere anywhere tcp flags:FIN,ACK/FIN /* [malicious packet patterns] */
5 DROP tcp -- anywhere anywhere tcp flags:PSH,ACK/PSH /* [malicious packet patterns] */
6 DROP tcp -- anywhere anywhere tcp flags:ACK,URG/URG /* [malicious packet patterns] */
Chain STDIN (1 references)
num target prot opt source destination
1 FRIENDLY tcp -- anywhere anywhere /* sshd standard port */ tcp dpt:8888
2 FRIENDLY icmp -- anywhere anywhere
Chain STDOUT (1 references)
num target prot opt source destination
1 ACCEPT udp -- anywhere anywhere udp dpt:domain
2 ACCEPT tcp -- anywhere anywhere tcp dpt:http /* allow outbound http */
3 ACCEPT tcp -- anywhere anywhere tcp dpt:https /* allow outbound https */
4 ACCEPT icmp -- anywhere anywhere
Chain f2b-ip-blocklist (2 references)
num target prot opt source destination
1 RETURN all -- anywhere anywhere
2 RETURN all -- anywhere anywhere
Chain f2b-repeatoffender (2 references)
num target prot opt source destination
1 RETURN all -- anywhere anywhere
2 RETURN all -- anywhere anywhere
Fail2ban
jail.local
[sshd]
enabled = true
filter = sshd
logpath = /var/log/auth.log
maxretry = 3
port = ssh
backend=systemd
ssh -v localhost -p 8888
OpenSSH_9.2p1 Debian-2+deb12u2, OpenSSL 3.0.11 19 Sep 2023
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no files
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug1: Connecting to localhost [127.0.0.1] port 8888.
debug1: connect to address 127.0.0.1 port 8888: Connection timed out
debug1: Connecting to localhost [::1] port 8888.
socket: Address family not supported by protocol
ssh: connect to host localhost port 8888: failure