Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Google compute engine - getting blocked after accessing SSH a few times

I have a google compute engine VM, running ubuntu, and utilising Laravel Forge.

I seem to get blocked by the VM after accessing SSH a few times (2-4), even if I'm logging in correctly. Restarting the VM unblocks me.

I first noticed the issue as I was having trouble logging into SSH, after a few attempts it would become unreachable. My website hosted on it also wouldn't resolve. After restarting the vm, I could try log into ssh again and my website works. This happened a couple time before I figured out how to correctly log in with SSH.

Next, trying to log in to the database with HeidiSQL, which uses plink, I log in fine. But it seems to keep reconnecting via SSH every time I do something, and after 2-4 of these reconnects, I get the same problem with the VM being unreachable by SSH and my website hosted on it being down.

Using SQLyog, which seems to maintain the one SSH connection, rather than constantly reconnecting like HeidiSQL, I have no problems.

When my website is down, I use those "down for everyone or just me" websites to see if it is down, and apparently it's just down for me, so I must be getting blocked.

So I guess my questions are: 1. Is this normal? 2. Can I unblock myself without restarting the VM? 3. Can I make blocking occur in a less strict way? 4. Why does HeidiSQL keep reconnecting via SSH rather than maintaining the one connection like SQLyog seems to?

like image 584
Tesla Avatar asked Nov 08 '14 02:11

Tesla


People also ask

How do I enable SSH on Google cloud?

In the Google Cloud console, go to the VM instances page. In the list of VMs, click the arrow_drop_down drop-down next to the SSH button of the VM that you want to connect to. Click Open in browser window using provided private SSH key. The SSH-in-browser window opens.

How do I SSH into compute engine GCP?

Connect through a browser from the GCP MarketplaceFind and select your project in the project list. Select the “Compute -> Compute Engine” menu item. Locate your server instance and select the SSH button.

What does Gcloud compute SSH do?

You use the gcloud compute ssh command to connect to your VM. Compute Engine sets a username and creates a persistent SSH key pair with the following configurations: Your username is set as the username in your local machine.

Why is my SSH key not working in my Google VM?

After the new key pair expired, Compute Engine deleted your ~/.ssh/authorized_keys file in the VM, which included your manually added SSH key. To resolve this issue, try one of the following: Connect to your VM using the Google Cloud Console or the gcloud command-line tool. For more information, see Connecting to VMs.

How do I connect to a Google VM using SSH?

Connect to your VM using the Google Cloud Console or the gcloud command-line tool. For more information, see Connecting to VMs. Re-add your SSH key to metadata.

Why can't I SSH into my Virtual Machine?

You connected using a third-party tool and your SSH command is misconfigured. If you connect using the ssh command but don't specify a path to your private key or you specify an incorrect path to your private key, your VM refuses your connection. To resolve this issue, try one of the following:

Why can’t i log in to SSH?

The issue that prevents you from logging in might be limited to your user account. For example, the permissions on the ~/.ssh/authorized_keys file on the instance might not be set correctly for the user.


1 Answers

You have encountered sshguard, which is enabled by default on the GCE Ubuntu images (at least on the 14.10 image, where I encountered it myself). There is a whitelist file at /etc/sshguard/whitelist.

The sshguard default configuration on my VM has a "dangerousness" threshold of 40. Most "attacks" that sshguard detects incur dangerousness of 10, so getting blocked after 4 reconnects sounds about right.

The attack signatures are listed here: http://www.sshguard.net/docs/reference/attack-signatures/

I would bet that you are connecting from an IP that has an invalid reverse DNS configuration (I was). Four connects like that and the default config blocks you for 20 minutes.

like image 53
Marko Karppinen Avatar answered Sep 28 '22 08:09

Marko Karppinen