Resolved ssh don't work anymore + ERROR: W:Failed to fetch http://updates.atomicorp.com

[AxelKirk]

Hi,
I'm new in plesk.
I just spend a week to change password of each dedibox we have so I go through secure mode many time.
Now that's over, each time we login, it work correctly.
But I don't know why, ssh connection don't work anymore (ftp work).
That's my first issue.

My version
OS: ‪Ubuntu 14.04.5 LTS
Product: Plesk Onyx 17.8.11 Update #39 , last updated at Feb 9, 2019 06:31 AM

My second problem : i get a email from one of my dedibox :

Hello, root
Some problems occurred with the System Updates tool on your server sd-111956.dedibox.fr. Please resolve them manually.

Reason: 2019-02-12 06:29:01 INFO: pum is called with arguments: ['--list', '--repo-info', '--json']
2019-02-12 06:30:09 ERROR: W:Failed to fetch http://updates.atomicorp.com/channels/tortix-common/debian/dists/trusty/main/binary-amd64/Packages 500 Internal Server Error [IP: 192.95.31.85 80]
, W:Failed to fetch http://updates.atomicorp.com/channels/tortix-common/debian/dists/trusty/main/binary-i386/Packages 500 Internal Server Error [IP: 192.95.31.85 80]
, E:Some index files failed to download. They have been ignored, or old ones used instead.
2019-02-12 06:30:09 ERROR: Exited with returncode 1.​

Have you some idea how to solve it ?
Thanks by advance

​

 

[AxelKirk]

I just forget to said that my ssh error is : "access denied"

 

[AxelKirk]

Here my ssh_config :

Host *
# ForwardAgent no
# ForwardX11 no
# ForwardX11Trusted yes
# RhostsRSAAuthentication no
# RSAAuthentication yes
# PasswordAuthentication yes
# HostbasedAuthentication no
# GSSAPIAuthentication no
# GSSAPIDelegateCredentials no
# GSSAPIKeyExchange no
# GSSAPITrustDNS no
# BatchMode no
# CheckHostIP yes
# AddressFamily any
# ConnectTimeout 0
# StrictHostKeyChecking ask
# IdentityFile ~/.ssh/identity
# IdentityFile ~/.ssh/id_rsa
# IdentityFile ~/.ssh/id_dsa
# Port 22
# Protocol 2,1
# Cipher 3des
# Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc
# MACs hmac-md5,hmac-sha1,[email protected],hmac-ripemd160
# EscapeChar ~
# Tunnel no
# TunnelDevice any:any
# PermitLocalCommand no
# VisualHostKey no
# ProxyCommand ssh -q -W %h:%p gateway.example.com
# RekeyLimit 1G 1h
SendEnv LANG LC_*
HashKnownHosts yes
GSSAPIAuthentication yes
GSSAPIDelegateCredentials no

 

[AxelKirk]

sshd_config ;

# Package generated configuration file

# See the sshd_config(5) manpage for details



# What ports, IPs and protocols we listen for

Port 22

# Use these options to restrict which interfaces/protocols sshd will bind to

#ListenAddress ::

#ListenAddress 0.0.0.0

Protocol 2

# HostKeys for protocol version 2

HostKey /etc/ssh/ssh_host_rsa_key

HostKey /etc/ssh/ssh_host_dsa_key

HostKey /etc/ssh/ssh_host_ecdsa_key

HostKey /etc/ssh/ssh_host_ed25519_key

#Privilege Separation is turned on for security

UsePrivilegeSeparation yes



# Lifetime and size of ephemeral version 1 server key

KeyRegenerationInterval 3600

ServerKeyBits 1024



# Logging

SyslogFacility AUTH

LogLevel INFO



# Authentication:

LoginGraceTime 120

PermitRootLogin without-password

StrictModes yes



RSAAuthentication yes

PubkeyAuthentication yes

#AuthorizedKeysFile %h/.ssh/authorized_keys



# Don't read the user's ~/.rhosts and ~/.shosts files

IgnoreRhosts yes

# For this to work you will also need host keys in /etc/ssh_known_hosts

RhostsRSAAuthentication no

# similar for protocol version 2

HostbasedAuthentication no

# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication

#IgnoreUserKnownHosts yes



# To enable empty passwords, change to yes (NOT RECOMMENDED)

PermitEmptyPasswords no



# Change to yes to enable challenge-response passwords (beware issues with

# some PAM modules and threads)

ChallengeResponseAuthentication no



# Change to no to disable tunnelled clear text passwords

#PasswordAuthentication yes



# Kerberos options

#KerberosAuthentication no

#KerberosGetAFSToken no

#KerberosOrLocalPasswd yes

#KerberosTicketCleanup yes



# GSSAPI options

#GSSAPIAuthentication no

#GSSAPICleanupCredentials yes



X11Forwarding yes

X11DisplayOffset 10

PrintMotd no

PrintLastLog yes

TCPKeepAlive yes

#UseLogin no



#MaxStartups 10:30:60

#Banner /etc/issue.net



# Allow client to pass locale environment variables

AcceptEnv LANG LC_*



Subsystem sftp /usr/lib/openssh/sftp-server



# Set this to 'yes' to enable PAM authentication, account processing,

# and session processing. If this is enabled, PAM authentication will

# be allowed through the ChallengeResponseAuthentication and

# PasswordAuthentication. Depending on your PAM configuration,

# PAM authentication via ChallengeResponseAuthentication may bypass

# the setting of "PermitRootLogin without-password".

# If you just want the PAM account and session checks to run without

# PAM authentication, then enable this but set PasswordAuthentication

# and ChallengeResponseAuthentication to 'no'.

UsePAM yes

 

[Monty]

Regarding your SSH problem:
* Read the auth log /var/log/auth.log and check what's written there at the time when you tried to connect. This will tell you what the problem is
* Also, make sure your SSH key is listed in the file ~/.ssh/authorized_keys of the user you are trying to connect with

Regarding your second problem:
Error was: 500 Internal Server Error [IP: 192.95.31.85 80]
=> This means: The atomic repo server responded with an HTTP 500 error when you tried to connect to it. Not your fault. Something appeared to be wrong on the remote server. It looks like the issue is solved now, I don't see any error 500 anymore when I connect to http://updates.atomicorp.com/channels/tortix-common/debian/dists/trusty/main/binary-amd64/Packages

 

[AxelKirk]

With these logs do you think it's an attack :



Feb 12 12:10:11 sd-111960 sshd[4280]: reverse mapping checking getaddrinfo for 177-103-179-6.dsl.telesp.net.br [177.103.179.6] failed - POSSIBLE BREAK-IN ATTEMPT!

Feb 12 12:10:11 sd-111960 sshd[4280]: Invalid user postgres from 177.103.179.6

Feb 12 12:10:11 sd-111960 sshd[4280]: input_userauth_request: invalid user postgres [preauth]

Feb 12 12:10:11 sd-111960 sshd[4280]: pam_unix(sshd:auth): check pass; user unknown

Feb 12 12:10:11 sd-111960 sshd[4280]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.103.179.6

Feb 12 12:10:14 sd-111960 sshd[4280]: Failed password for invalid user postgres from 177.103.179.6 port 62915 ssh2

Feb 12 12:10:14 sd-111960 sshd[4280]: Received disconnect from 177.103.179.6: 11: Bye Bye [preauth]

Feb 12 12:10:15 sd-111960 sshd[4282]: Invalid user xvf from 83.132.134.123

Feb 12 12:10:15 sd-111960 sshd[4282]: input_userauth_request: invalid user xvf [preauth]

Feb 12 12:10:15 sd-111960 sshd[4282]: pam_unix(sshd:auth): check pass; user unknown

Feb 12 12:10:15 sd-111960 sshd[4282]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=a83-132-134-123.cpe.netcabo.pt

Feb 12 12:10:17 sd-111960 sshd[4282]: Failed password for invalid user xvf from 83.132.134.123 port 47711 ssh2

Feb 12 12:10:17 sd-111960 sshd[4282]: Received disconnect from 83.132.134.123: 11: Bye Bye [preauth]

Feb 12 12:11:01 sd-111960 CRON[4289]: pam_unix(cron:session): session opened for user root by (uid=0)

Feb 12 12:11:01 sd-111960 CRON[4289]: pam_unix(cron:session): session closed for user root

Feb 12 12:11:10 sd-111960 sshd[4320]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.85.42.88 user=root

Feb 12 12:11:11 sd-111960 sshd[4322]: Invalid user submitter from 5.196.70.107

Feb 12 12:11:11 sd-111960 sshd[4322]: input_userauth_request: invalid user submitter [preauth]

Feb 12 12:11:11 sd-111960 sshd[4322]: pam_unix(sshd:auth): check pass; user unknown

Feb 12 12:11:11 sd-111960 sshd[4322]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=ns379769.ip-5-196-70.eu

Feb 12 12:11:13 sd-111960 sshd[4320]: Failed password for root from 112.85.42.88 port 46592 ssh2

Feb 12 12:11:13 sd-111960 sshd[4322]: Failed password for invalid user submitter from 5.196.70.107 port 36446 ssh2

Feb 12 12:11:13 sd-111960 sshd[4322]: Received disconnect from 5.196.70.107: 11: Bye Bye [preauth]

Feb 12 12:11:15 sd-111960 sshd[4320]: Failed password for root from 112.85.42.88 port 46592 ssh2

Feb 12 12:11:18 sd-111960 sshd[4320]: Failed password for root from 112.85.42.88 port 46592 ssh2

Feb 12 12:11:18 sd-111960 sshd[4320]: Received disconnect from 112.85.42.88: 11: [preauth]

Feb 12 12:11:18 sd-111960 sshd[4320]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.85.42.88 user=root

Feb 12 12:11:55 sd-111960 sshd[4324]: Invalid user vps from 206.189.72.217

Feb 12 12:11:55 sd-111960 sshd[4324]: input_userauth_request: invalid user vps [preauth]

Feb 12 12:11:55 sd-111960 sshd[4324]: pam_unix(sshd:auth): check pass; user unknown

Feb 12 12:11:55 sd-111960 sshd[4324]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=tasked.me

Feb 12 12:11:57 sd-111960 sshd[4324]: Failed password for invalid user vps from 206.189.72.217 port 50636 ssh2

Feb 12 12:11:57 sd-111960 sshd[4324]: Received disconnect from 206.189.72.217: 11: Bye Bye [preauth]

Feb 12 12:12:01 sd-111960 CRON[4326]: pam_unix(cron:session): session opened for user root by (uid=0)

Feb 12 12:12:01 sd-111960 CRON[4326]: pam_unix(cron:session): session closed for user root

Feb 12 12:12:19 sd-111960 sshd[4357]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.85.42.88 user=root

Feb 12 12:12:20 sd-111960 sshd[4357]: Failed password for root from 112.85.42.88 port 22460 ssh2

Feb 12 12:12:23 sd-111960 sshd[4357]: Failed password for root from 112.85.42.88 port 22460 ssh2

Feb 12 12:12:24 sd-111960 sshd[4359]: Invalid user suelette from 163.172.46.73

Feb 12 12:12:24 sd-111960 sshd[4359]: input_userauth_request: invalid user suelette [preauth]

Feb 12 12:12:24 sd-111960 sshd[4359]: pam_unix(sshd:auth): check pass; user unknown

Feb 12 12:12:24 sd-111960 sshd[4359]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=mail.panelweb.eu

Feb 12 12:12:25 sd-111960 sshd[4357]: Failed password for root from 112.85.42.88 port 22460 ssh2

Feb 12 12:12:26 sd-111960 sshd[4357]: Received disconnect from 112.85.42.88: 11: [preauth]

Feb 12 12:12:26 sd-111960 sshd[4357]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.85.42.88 user=root

Feb 12 12:12:26 sd-111960 sshd[4359]: Failed password for invalid user suelette from 163.172.46.73 port 54620 ssh2

Feb 12 12:12:26 sd-111960 sshd[4359]: Received disconnect from 163.172.46.73: 11: Normal Shutdown, Thank you for playing [preauth]

Feb 12 12:13:01 sd-111960 CRON[4364]: pam_unix(cron:session): session opened for user root by (uid=0)

Feb 12 12:13:02 sd-111960 CRON[4364]: pam_unix(cron:session): session closed for user root

Feb 12 12:13:07 sd-111960 sshd[4395]: Invalid user pulse from 83.132.134.123

Feb 12 12:13:07 sd-111960 sshd[4395]: input_userauth_request: invalid user pulse [preauth]

Feb 12 12:13:07 sd-111960 sshd[4395]: pam_unix(sshd:auth): check pass; user unknown

Feb 12 12:13:07 sd-111960 sshd[4395]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=a83-132-134-123.cpe.netcabo.pt

Feb 12 12:13:09 sd-111960 sshd[4395]: Failed password for invalid user pulse from 83.132.134.123 port 59361 ssh2

Feb 12 12:13:09 sd-111960 sshd[4395]: Received disconnect from 83.132.134.123: 11: Bye Bye [preauth]

Feb 12 12:13:25 sd-111960 sshd[4398]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.85.42.88 user=root

Feb 12 12:13:26 sd-111960 sshd[4398]: Failed password for root from 112.85.42.88 port 45767 ssh2

Feb 12 12:13:30 sd-111960 sshd[4398]: message repeated 2 times: [ Failed password for root from 112.85.42.88 port 45767 ssh2]

Feb 12 12:13:31 sd-111960 sshd[4398]: Received disconnect from 112.85.42.88: 11: [preauth]

Feb 12 12:13:31 sd-111960 sshd[4398]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.85.42.88 user=root

Feb 12 12:13:51 sd-111960 sshd[4401]: reverse mapping checking getaddrinfo for 177-103-179-6.dsl.telesp.net.br [177.103.179.6] failed - POSSIBLE BREAK-IN ATTEMPT!

Feb 12 12:13:51 sd-111960 sshd[4401]: Invalid user jira from 177.103.179.6

Feb 12 12:13:51 sd-111960 sshd[4401]: input_userauth_request: invalid user jira [preauth]

Feb 12 12:13:51 sd-111960 sshd[4401]: pam_unix(sshd:auth): check pass; user unknown

Feb 12 12:13:51 sd-111960 sshd[4401]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.103.179.6

Feb 12 12:13:52 sd-111960 sshd[4401]: Failed password for invalid user jira from 177.103.179.6 port 52141 ssh2

Feb 12 12:13:53 sd-111960 sshd[4401]: Received disconnect from 177.103.179.6: 11: Bye Bye [preauth]

Feb 12 12:14:01 sd-111960 CRON[4403]: pam_unix(cron:session): session opened for user root by (uid=0)

Feb 12 12:14:01 sd-111960 CRON[4403]: pam_unix(cron:session): session closed for user root

Feb 12 12:14:31 sd-111960 sshd[4442]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.85.42.88 user=root

Feb 12 12:14:31 sd-111960 sshd[4444]: Invalid user sybase from 206.189.72.217

Feb 12 12:14:31 sd-111960 sshd[4444]: input_userauth_request: invalid user sybase [preauth]

Feb 12 12:14:31 sd-111960 sshd[4444]: pam_unix(sshd:auth): check pass; user unknown

Feb 12 12:14:31 sd-111960 sshd[4444]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=tasked.me

Feb 12 12:14:32 sd-111960 sshd[4446]: Invalid user archiva from 163.172.46.73

Feb 12 12:14:32 sd-111960 sshd[4446]: input_userauth_request: invalid user archiva [preauth]

Feb 12 12:14:32 sd-111960 sshd[4446]: pam_unix(sshd:auth): check pass; user unknown

Feb 12 12:14:32 sd-111960 sshd[4446]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=mail.panelweb.eu

Feb 12 12:14:32 sd-111960 sshd[4442]: Failed password for root from 112.85.42.88 port 20535 ssh2

Feb 12 12:14:33 sd-111960 sshd[4444]: Failed password for invalid user sybase from 206.189.72.217 port 46218 ssh2

Feb 12 12:14:33 sd-111960 sshd[4444]: Received disconnect from 206.189.72.217: 11: Bye Bye [preauth]

Feb 12 12:14:34 sd-111960 sshd[4446]: Failed password for invalid user archiva from 163.172.46.73 port 36734 ssh2

Feb 12 12:14:34 sd-111960 sshd[4446]: Received disconnect from 163.172.46.73: 11: Normal Shutdown, Tha

 

[Monty]

Yes, if you don't firewall your SSH port 22 then you will see loads of connection attempts. So that's normal and not related to your problem. I'd recommend to firewall your server and only allow SSH connections from trusted IPs.

Anyway, back to your problem: Search in the log for _your_ connection attempt (your IP, your username and the timestamp when you tried to connect)

 

[AxelKirk]

Ok thanks I will try to solve that first.
Many thanks for your help !

 

[AxelKirk]

Ok so now I have modified my hosts.deny and hosts.allow, so no more attack issue.


Now, concerning my ssh authentification, on plesk interface my admin is root but I have to log it with admin.

So I try both of them in terminal to connect with ssh to my dedibox --> acces denied .

Then I go look at the log : (88.191.54.165 is my IP)

Feb 12 15:36:07 sd-111960 sshd[3926]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=88.191.54.165 user=root
Feb 12 15:36:09 sd-111960 sshd[3926]: Failed password for root from 88.191.54.165 port 51855 ssh2
Feb 12 15:36:16 sd-111960 sshd[3926]: message repeated 3 times: [ Failed password for root from 88.191.54.165 port 51855 ssh2]
Feb 12 15:36:18 sd-111960 sshd[3926]: Connection closed by 88.191.54.165 [preauth]
Feb 12 15:36:18 sd-111960 sshd[3926]: PAM 3 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=88.191.54.165 user=root
Feb 12 15:36:18 sd-111960 sshd[3926]: PAM service(sshd) ignoring max retries; 4> 3
Feb 12 15:36:23 sd-111960 sshd[3963]: Invalid user admin from 88.191.54.165
Feb 12 15:36:23 sd-111960 sshd[3963]: input_userauth_request: invalid user admin[preauth]
Feb 12 15:36:25 sd-111960 sshd[3963]: pam_unix(sshd:auth): check pass; user unknown
Feb 12 15:36:25 sd-111960 sshd[3963]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=88.191.54.165
Feb 12 15:36:27 sd-111960 sshd[3963]: Failed password for invalid user admin from 88.191.54.165 port 51863 ssh2
Feb 12 15:36:27 sd-111960 sshd[3963]: pam_unix(sshd:auth): check pass; user unknown
Feb 12 15:36:29 sd-111960 sshd[3963]: Failed password for invalid user admin from 88.191.54.165 port 51863 ssh2
Feb 12 15:36:29 sd-111960 sshd[3963]: pam_unix(sshd:auth): check pass; user unknown
Feb 12 15:36:31 sd-111960 sshd[3963]: Failed password for invalid user admin from 88.191.54.165 port 51863 ssh2
Feb 12 15:36:32 sd-111960 sshd[3963]: pam_unix(sshd:auth): check pass; user unknown
Feb 12 15:36:33 sd-111960 sshd[3963]: Failed password for invalid user admin from 88.191.54.165 port 51863 ssh2
Feb 12 15:36:36 sd-111960 sshd[3963]: Connection closed by 88.191.54.165 [preauth]
Feb 12 15:36:36 sd-111960 sshd[3963]: PAM 3 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=88.191.54.165
Feb 12 15:36:36 sd-111960 sshd[3963]: PAM service(sshd) ignoring max retries; 4> 3

If I understand correclty, it says that my 'root' user is good but wrong password and my 'admin' user doesn't exist .
But I have in my plesk the root user as in this picture : (when I want to log as root I have to fullfill username: admin password: myrootpassword)
​

 

[Monty]

Your screenshot displays Plesk users, ie. users that are allowed to log on via Web to the Plesk GUI. These are not system users, you can't log on with those via SSH.
You can only use system users (ie. users that exist on the OS, usually in /etc/passwd) to log in.

So you will have to use the password of the user "root" of your OS to log on via SSH. This user is not visible in Plesk and cannot be managed via Plesk.
Or use an unprivileged user and use "sudo" or "su" to manage your server.

 

[AxelKirk]

I understand completly what you are saying.

What I done recently as I forgot my plesk user password :

Launch secure mode ,
Find partition to mount
Mount partition
Chroot to this partition
>passwd root
change the root passwd
Then connect to plesk interface and change a second time the root password
But it is true that I didn't go back to change the root OS password
I will try that tomorrow.

Thanks for your help

 

[AxelKirk]

Ok so I :

Launch secure mode ,
Find partition to mount
Mount partition
Chroot to this partition
>passwd root
Disconnect from secure mode
Try ssh with new password --> don't work --> log say wrong password

I do the same manipulation with another user admin account and it work,
I don't know why it doesn't work with root, but anyway my problems are solved

 

[Monty]

Maybe your server does not allow root logins via SSH, check this: How to enable ssh root access on Ubuntu 14.04

 

[AxelKirk]

In fact
PermitRootLogin without-password isn't commented
I will do that.
Thanks for your help , I will not borrow you anymore