SSH and iRedMail Postfix
SSH and iRedMail Postfix.
SSH login works or not. IP address blocked on Linode firewall for unknown reason.
iRedMail does not accept email for unknown reason at random times and short periods. Minute to minute. Hours or a day goes by before next occurrence.
This morning something new. The Android 6 Email app kept stopping while checking the iRedMail account.
One email went to Office365, secondary email server, at 8:20.
SSH login stopped partway through. See below.
Used LISH to issue restart.
After restart SSH login completed and was blocked right way by the Linode firewall.
Have Fail2Ban and OSSEC installed. Block does not seem to come from them.
LISH, unblock Comcast home IP address.
sudo iptables -L INPUT -v -n | grep "ComcastHomeIPaddress"
Returned: 0 0 DROP all – * * ComcastHomeIPaddress 0.0.0.0/0
sudo iptables -D INPUT -s ComcastHomeIPaddress -j DROP
sudo iptables -D FORWARD -s ComcastHomeIPaddress -j DROP
sudo firewall-cmd --runtime-to-permanent
sudo vim /etc/hosts.allow Still had ComcastHomeIPaddress.
sudo vim /etc/hosts.deny Had ComcastHomeIPaddress. Deleted and saved.
SSH session start to work then.
[Sat Feb 04 09:40:33 davida@zori:~ ] $ sudo cat /var/log/fail2ban.log | grep ComcastHomeIPaddress
2017-02-01 16:16:52,053 fail2ban.filter [8005]: INFO [sshd] Ignore ComcastHomeIPaddress by ip
Service was running.
pflogsumm on 02-02, not 02-03.
trivial-rewrite (total: 13)
5 proxy:mysql:/etc/postfix/mysql/virtualmailboxdomains.cf: tabl…
4 virtualmailboxdomains lookup failure
3 proxy:mysql:/etc/postfix/mysql/transportmapsdomain.cf lookup …
1 transport_maps lookup failure
LISH today:
-rw-r----- 1 root postfix 428 Dec 4 11:44 /etc/postfix/mysql/virtualmailboxdomains.cf
-rw-r----- 1 root postfix 202 Dec 4 11:44 /etc/postfix/mysql/transportmapsdomain.cf
Zori LogWatch for 02-03
Unmatched Entries
WARNING: /etc/ssh/moduli does not exist, using fixed modulus : 14 time(s)
error: Could not load host key: /etc/ssh/sshhostdsa_key : 90 time(s)
LISH:
[Sat Feb 04 09:34:37 davida@zori:~ ] $ ls -l /etc/ssh
total 28
-rw-r–r-- 1 root root 2529 Feb 1 19:47 sshd_config
-rw-r----- 1 root sshkeys 227 Feb 1 16:39 sshhostecdsakey
-rw-r--r-- 1 root root 162 Feb 1 16:39 sshhostecdsa_key.pub
-rw-r----- 1 root sshkeys 387 Feb 1 16:39 sshhosted25519key
-rw-r--r-- 1 root root 82 Feb 1 16:39 sshhosted25519_key.pub
-rw-r----- 1 root sshkeys 1679 Feb 1 16:39 sshhostrsakey
-rw-r--r-- 1 root root 382 Feb 1 16:39 sshhostrsa_key.pub
LISH is hard to use. The way text scrolls up different lines randomly.
Accidentally deleted something during a previous attempt to fix SSH?
3 Replies
[Sat Feb 04 09:01:59] $ ssh -v davida@LinodeIPaddress
OpenSSH_6.7p1 Debian-5+deb8u3, OpenSSL 1.0.1t 3 May 2016
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to LinodeIPaddress [LinodeIPaddress] port 22.
debug1: Connection established.
debug1: identity file /home/david/.ssh/id_rsa type 1
debug1: keyloadpublic: No such file or directory
debug1: identity file /home/david/.ssh/id_rsa-cert type -1
debug1: keyloadpublic: No such file or directory
debug1: identity file /home/david/.ssh/id_dsa type -1
debug1: keyloadpublic: No such file or directory
debug1: identity file /home/david/.ssh/id_dsa-cert type -1
debug1: keyloadpublic: No such file or directory
debug1: identity file /home/david/.ssh/id_ecdsa type -1
debug1: keyloadpublic: No such file or directory
debug1: identity file /home/david/.ssh/id_ecdsa-cert type -1
debug1: keyloadpublic: No such file or directory
debug1: identity file /home/david/.ssh/id_ed25519 type -1
debug1: keyloadpublic: No such file or directory
debug1: identity file /home/david/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.7p1 Debian-5+deb8u3
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1
debug1: match: OpenSSH6.6.1 pat OpenSSH6.6.1* compat 0x04000000
debug1: SSH2MSGKEXINIT sent
debug1: SSH2MSGKEXINIT received
debug1: kex: server->client aes128-ctr
debug1: kex: client->server aes128-ctr
debug1: sending SSH2MSGKEXECDHINIT
debug1: expecting SSH2MSGKEXECDHREPLY
debug1: Server host key: ECDSA d1:e2:0a:ef:80:4f:79:78:4b:06:c3:80:ad:78:6a:bf
debug1: Host '66.228.34.234' is known and matches the ECDSA host key.
debug1: Found key in /home/david/.ssh/known_hosts:1
debug1: SSH2MSGNEWKEYS sent
debug1: expecting SSH2MSGNEWKEYS
debug1: SSH2MSGNEWKEYS received
debug1: SSH2MSGSERVICE_REQUEST sent
debug1: SSH2MSGSERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/david/.ssh/id_rsa
debug1: Server accepts key: pkalg ssh-rsa blen 535
debug1: Authentication succeeded (publickey).
Authenticated to LinodeIPaddress ([LinodeIPaddress]:22).
debug1: channel 0: new [client-session]
debug1: Requesting
debug1: Entering interactive session.
debug1: Sending environment.
debug1: Sending env LANG = en_US.UTF-8
Then later after iptables commands:
debug1: channel 0: free: client-session, nchannels 1
Connection to 66.228.34.234 closed by remote host.
Connection to 66.228.34.234 closed.
Transferred: sent 4424, received 2612 bytes, in 613.6 seconds
Bytes per second: sent 7.2, received 4.3
debug1: Exit status -1
[Sat Feb 04 09:12:24 ] $
14:11:18 sudo postmap /etc/postfix/transport
14:11:31 sudo cat /etc/postfix/transport
[Sat Feb 04 14:28:43 davida@zori:~ ] $ ls -lsh /etc/postfix
16K -rw-r–r--. 1 root root 13K Jun 9 2014 transport
8.0K -rw-r--r-- 1 root root 12K Feb 4 14:11 transport.db
While: /etc/postfix/main.cf
Lookup virtual mail accounts
transport_maps =
proxy:mysql:/etc/postfix/mysql/transportmapsuser.cf
proxy:mysql:/etc/postfix/mysql/transportmapsdomain.cf
senderdependentrelayhost_maps =
proxy:mysql:/etc/postfix/mysql/senderdependentrelayhost_maps.cf
Permissions of .ssh/authorized_keys changed from 700 to 640.
-rw-r–--- 1 davida davida 2223 Feb 1 19:46 .ssh/authorized_keys