Unable to stay logged in via SSH using PuTTY

WebHostPro

• October 06, 2017 14:19

The last two servers I set up after I installed cPanel they now kick me out of SSH through PUTTY. The really strange part is it's only with putty, WinSCP connects fine, WHM connects fine. Mind is totally blown here, any ideas? I have my IP in the host allow section, in the firewall, and have tried it from three networks. It's only with the last two servers I have set up. Thanks, Charles

• 

  cPanelMichael

  • October 06, 2017 21:02

  Hello, Do you notice any output to the /var/log/secure log file when this happens? Here's a StackOverflow thread you may find helpful: How can I automatically stop putty disconnecting Thank you.

  0
• 

  WebHostPro

  • October 11, 2017 18:30

  It does have two IP constantly blocked every minute for days which makes me think it's either compromised or it locked itself up to protect against an attack. Oct 11 14:20:41 lv17 polkitd[522]: Registered Authentication Agent for unix-process:3087:89358 (system bus name :1.138 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8) Oct 11 14:20:42 lv17 polkitd[522]: Unregistered Authentication Agent for unix-process:3087:89358 (system bus name :1.138, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8) (disconnected from bus) There is thousands of these: Oct 11 14:21:15 lv17 sshd[3155]: refused connect from 61.177.172.51 (61.177.172.51) Oct 11 14:21:56 lv17 sshd[3194]: refused connect from 61.177.172.51 (61.177.172.51) This is me: Oct 11 14:22:00 lv17 sshd[3177]: Accepted password for root from 22.222.22.222 port 51079 ssh2 Oct 11 14:22:01 lv17 sshd[3177]: pam_unix(sshd:session): session opened for user root by (uid=0) Just disconnects right away: Oct 11 14:22:01 lv17 sshd[3177]: pam_unix(sshd:session): session closed for user root Oct 11 14:22:38 lv17 sshd[3371]: refused connect from 61.177.172.51 (61.177.172.51)

  0
• 

  cPanelMichael

  • October 11, 2017 18:34

  Hello, You may want to try implementing some configuration changes for added security to see if that makes a difference. You can find a thread with some general guidelines at: [Tutorial] Interested in increasing the security of your server? Read this. (sshd hardening) In particular, restricting access to specific IP addresses is a good first step to rule out the brute force attempt as the cause of the issue. Thank you.

  0
• 

  WebHostPro

  • October 11, 2017 18:56

  Nope, thanks for trying though. Strange if I bounce off another server I can SSH in. I also am blocked out WHM now even though my IP is in the Whitelist for CSF. I'm starting to think this is a cphulk issue. How can I disable that from command? I ran: /scripts/restartsrv_cphulkd --stop; /scripts/restartsrv_cphulkd --start No luck, than this and still no luck :( /usr/local/cpanel/bin/cphulk_pam_ctl --disable

  0
• 

  cPanelMichael

  • October 11, 2017 18:59

  I'm starting to think this is a cphulk issue. How can I disable that from command?

  
  Hello, You can review the cPHulk logs at: /usr/local/cpanel/logs/cphulkd.log Information on how to enable or disable it from the command line is documented at:

  0
• 

  WebHostPro

  • October 11, 2017 19:12

  I'll throw in a ticket, no biggie. Thanks for trying.

  0

Please sign in to leave a comment.