[Mandriva] sshd ne démarre plus au bootRésolu/Fermé

Question

Bonjour,

voici mon souci, depuis un certain temps, sur la Mandriva,  et du jour au lendemain j'ai le message suivant : 
error: Bind to port 22 on 192.168.1.2 failed: Cannot assign requested address

je constate que cela est dû suite à une modification de mon fichier "sshd_config" comme suit :
Port 22
#Protocol 2,1
Protocol 2
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::
ListenAddress 192.168.1.2

mon fichier /var/log/messages :
Apr 12 19:20:29 mandriva sshd[4008]: Server listening on 0.0.0.0 port 22.
Apr 12 21:32:34 mandriva sshd[4008]: Received signal 15; terminating.
Apr 13 15:53:10 mandriva sshd[4028]: Server listening on 0.0.0.0 port 22.
Apr 13 20:08:53 mandriva sshd[4028]: Received signal 15; terminating.
Apr 13 20:08:54 mandriva sshd[6248]: Server listening on 192.168.1.2 port 22.
Apr 13 23:05:24 mandriva sshd[6248]: Received signal 15; terminating.
Apr 14 07:44:50 mandriva sshd[3900]: error: Bind to port 22 on 192.168.1.2 failed: Cannot assign requested address.
Apr 14 07:44:50 mandriva sshd[3900]: fatal: Cannot bind any address.
Apr 14 17:54:04 mandriva sshd[3958]: error: Bind to port 22 on 192.168.1.2 failed: Cannot assign requested address.
Apr 14 17:54:04 mandriva sshd[3958]: fatal: Cannot bind any address.
Apr 15 07:22:23 mandriva sshd[3979]: error: Bind to port 22 on 192.168.1.2 failed: Cannot assign requested address.
Apr 15 07:22:23 mandriva sshd[3979]: fatal: Cannot bind any address.

pourtant les informations du fichier sshd_config sont les mêmes pour la debian, la gentoo et la fedora et je n'ai pas ce message d'erreur.


pourtant lorsque je relance le service en console :
[root@mandriva log]# /sbin/service sshd status
sshd est mort, mais le sous-système reste verrouillé
[root@mandriva log]# /sbin/service sshd restart
Arrêt de sshd :                                                 [  OK  ]
Lancement de sshd :                                             [  OK  ]
[root@mandriva log]#

et /var/log/messages :
May 13 07:12:37 mandriva sshd[6030]: Server listening on 192.168.1.2 port 22.


Alors pourquoi avec la Mandriva ????? Bug ????

merci.

peut-être quelques pistes :
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/216847
https://www.hugedomains.com/domain_profile.cfm?d=hagybrandon&e=com

bob031 · Answer

bon, je n'ai pas encore trouvé le pourquoi ....

autre petit souci, j'ai eu droit à une attaque de type brute force. 
[root@mandriva log]# grep Invalid auth.log
May 11 21:04:24 mandriva sshd[7212]: Invalid user admin from 88.33.202.155
May 11 21:04:36 mandriva sshd[7216]: Invalid user stud from 88.33.202.155
May 11 21:04:42 mandriva sshd[7218]: Invalid user trash from 88.33.202.155
May 11 21:04:52 mandriva sshd[7220]: Invalid user aaron from 88.33.202.155
May 11 21:04:58 mandriva sshd[7222]: Invalid user gt05 from 88.33.202.155
May 11 21:05:04 mandriva sshd[7224]: Invalid user william from 88.33.202.155
May 11 21:05:11 mandriva sshd[7226]: Invalid user stephanie from 88.33.202.155
May 11 21:05:49 mandriva sshd[7238]: Invalid user gary from 88.33.202.155
May 11 21:06:02 mandriva sshd[7243]: Invalid user guest from 88.33.202.155
May 11 21:06:08 mandriva sshd[7245]: Invalid user test from 88.33.202.155
May 11 21:06:14 mandriva sshd[7247]: Invalid user oracle from 88.33.202.155
May 11 21:09:01 mandriva sshd[7398]: Invalid user lab from 88.33.202.155
May 11 21:09:14 mandriva sshd[7413]: Invalid user oracle from 88.33.202.155
May 11 21:09:20 mandriva sshd[7415]: Invalid user svn from 88.33.202.155
May 11 21:09:26 mandriva sshd[7418]: Invalid user iraf from 88.33.202.155
May 11 21:09:33 mandriva sshd[7420]: Invalid user swsoft from 88.33.202.155
May 11 21:09:39 mandriva sshd[7422]: Invalid user production from 88.33.202.155
May 11 21:09:45 mandriva sshd[7424]: Invalid user guest from 88.33.202.155
May 11 21:09:51 mandriva sshd[7426]: Invalid user gast from 88.33.202.155
May 11 21:09:58 mandriva sshd[7428]: Invalid user gast from 88.33.202.155
May 11 21:10:04 mandriva sshd[7430]: Invalid user oliver from 88.33.202.155
May 11 21:10:10 mandriva sshd[7432]: Invalid user sirsi from 88.33.202.155
May 11 21:10:16 mandriva sshd[7434]: Invalid user nagios from 88.33.202.155
May 11 21:10:26 mandriva sshd[7436]: Invalid user nagios from 88.33.202.155
May 11 21:10:32 mandriva sshd[7438]: Invalid user nagios from 88.33.202.155
May 11 21:10:38 mandriva sshd[7440]: Invalid user nagios from 88.33.202.155
May 11 21:10:45 mandriva sshd[7443]: Invalid user backuppc from 88.33.202.155
May 11 21:10:51 mandriva sshd[7445]: Invalid user wolfgang from 88.33.202.155
May 11 21:10:57 mandriva sshd[7448]: Invalid user vmware from 88.33.202.155
May 11 21:11:03 mandriva sshd[7450]: Invalid user stats from 88.33.202.155
May 11 21:11:10 mandriva sshd[7452]: Invalid user kor from 88.33.202.155
[root@mandriva log]#

je sais le pourquoi je pense, j'avais commis une grosse bévue dans mes règles iptables
les quelques règles élémentaires de sécurité que j'avais introduites ont fonctionné.

pourtant je m'interroge sur fail2ban que j'avais installé et correctement configuré (enfin je crois), et qui ne m'indique aucun message dans les logs.

merci.



quelques infos glânées :
System: Monitoring the fail2ban log
https://www.the-art-of-web.com/system/fail2ban-log/

quelques idées :
http://ubuntuforums.org/showthread.php?t=444157

quelques commandes utiles :
# netstat -tulpn | grep :22
# /usr/sbin/sshd -t

bob031 · Answer

je commence à voir la "lumière" ... [root@mandriva log]# grep ERROR fail2ban.log 2008-04-13 20:40:14,195 fail2ban.actions.action: ERROR touch returned 200 2008-04-13 23:05:24,979 fail2ban.actions.action: ERROR rm -f returned 200 2008-04-14 07:44:55,790 fail2ban.actions.action: ERROR touch returned 200 2008-04-14 12:49:30,278 fail2ban.actions.action: ERROR rm -f returned 200 2008-04-14 12:49:35,168 fail2ban.actions.action: ERROR touch returned 200 2008-04-14 12:53:45,941 fail2ban.actions.action: ERROR rm -f returned 200 2008-04-14 12:53:51,213 fail2ban.actions.action: ERROR touch returned 200 2008-04-14 12:56:39,752 fail2ban.actions.action: ERROR rm -f returned 200 2008-04-14 12:56:44,281 fail2ban.actions.action: ERROR touch returned 200 les dates dans fail2ban.log et /var/log/messages sont identiques : 2008-04-13 je pense que je n'ai pas bien compris "faire écouter ssh que sur une interface donnée" (option ListenAddress) je vais remettre : ListenAddress 0.0.0.0 et voir ce que cela donne !

bob031 · Answer

ok ! avec : ListenAddress 0.0.0.0 sshd démarre au boot ! concernant fail2ban : j'ai le sentiment que l'IP n'est pas bannie, puisque je ne vois pas de message m'indiquant que cela a été fait ! de plus j'ai toujours ceci : 2008-05-13 06:15:41,615 fail2ban.actions.action: ERROR touch returned 200 2008-05-13 09:40:21,046 fail2ban.actions.action: ERROR rm -f returned 200 2008-05-13 12:03:57,944 fail2ban.actions.action: ERROR touch returned 200 pas très clair tout ça .....je ne suis pas prêt de voir la "lumière" ! :-))

bob031 · Answer

Bouaaaaaaaaaaaaaaaaa ! bon ben tout semble fonctionner correctement ! sshd : ok mais je comprend pas pourquoi "ListenAddress 192.168.1.2" ne fonctionne pas ! fail2ban : mon pote du 88.33.202.155 a bien été banni ! [root@mandriva ~]# fail2ban-regex /var/log/auth.log /etc/fail2ban/filter.d/sshd.conf Running tests ============= Use regex file : /etc/fail2ban/filter.d/sshd.conf Use log file : /var/log/auth.log Results ======= Failregex: [1] Authentication failure for .* from [2] Failed [-/\w+]+ for .* from [3] ROOT LOGIN REFUSED .* FROM [4] [iI](?:llegal|nvalid) user .* from Number of matches: [1] 0 match(es) [2] 0 match(es) [3] 0 match(es) [4] 31 match(es) Addresses found: [1] [2] [3] [4] 88.33.202.155 (Sun May 11 21:04:24 2008) 88.33.202.155 (Sun May 11 21:04:36 2008) 88.33.202.155 (Sun May 11 21:04:42 2008) 88.33.202.155 (Sun May 11 21:04:52 2008) 88.33.202.155 (Sun May 11 21:04:58 2008) 88.33.202.155 (Sun May 11 21:05:04 2008) 88.33.202.155 (Sun May 11 21:05:11 2008) 88.33.202.155 (Sun May 11 21:05:49 2008) 88.33.202.155 (Sun May 11 21:06:02 2008) 88.33.202.155 (Sun May 11 21:06:08 2008) 88.33.202.155 (Sun May 11 21:06:14 2008) 88.33.202.155 (Sun May 11 21:09:01 2008) 88.33.202.155 (Sun May 11 21:09:14 2008) 88.33.202.155 (Sun May 11 21:09:20 2008) 88.33.202.155 (Sun May 11 21:09:26 2008) 88.33.202.155 (Sun May 11 21:09:33 2008) 88.33.202.155 (Sun May 11 21:09:39 2008) 88.33.202.155 (Sun May 11 21:09:45 2008) 88.33.202.155 (Sun May 11 21:09:51 2008) 88.33.202.155 (Sun May 11 21:09:58 2008) 88.33.202.155 (Sun May 11 21:10:04 2008) 88.33.202.155 (Sun May 11 21:10:10 2008) 88.33.202.155 (Sun May 11 21:10:16 2008) 88.33.202.155 (Sun May 11 21:10:26 2008) 88.33.202.155 (Sun May 11 21:10:32 2008) 88.33.202.155 (Sun May 11 21:10:38 2008) 88.33.202.155 (Sun May 11 21:10:45 2008) 88.33.202.155 (Sun May 11 21:10:51 2008) 88.33.202.155 (Sun May 11 21:10:57 2008) 88.33.202.155 (Sun May 11 21:11:03 2008) 88.33.202.155 (Sun May 11 21:11:10 2008) Date template hits: 31 hit: Month Day Hour:Minute:Second 0 hit: Weekday Month Day Hour:Minute:Second Year 0 hit: Year/Month/Day Hour:Minute:Second 0 hit: Day/Month/Year:Hour:Minute:Second 0 hit: Year-Month-Day Hour:Minute:Second 0 hit: TAI64N 0 hit: Epoch Success, the total number of match is 31 However, look at the above section 'Running tests' which could contain important information. [root@mandriva ~]# source : http://www.fail2ban.org/wiki/index.php/MANUAL_0_8#Testing un détail omis : j'utilise postfix ! FIN !

[Mandriva] sshd ne démarre plus au boot

4 réponses

Discussions similaires

Newsletters