Activities

November 2015
M T W T F S S
« Sep   Jan »
 1
2345678
9101112131415
16171819202122
23242526272829
30  

SSH service fails to restart , Not allowed because not listed in AllowUsers

Recently I have created a new user in one of my linux server and try to verify the credentials over ssh . But I used to get ” Permission denied” message even though verified the credentails from the local login itself. So it is something like weird situation and seeing the first time in my life. After checking the ssh log file (/var/log/secure) it is showing some detailed error report as shown below,

Nov 26 00:22:28  sshd[19434]: User prod-write from 18.72.164.78 not allowed because not listed in AllowUsers
Nov 26 00:22:28  sshd[19435]: input_userauth_request: invalid user prod-write
Nov 26 00:22:36  sshd[19434]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=18.72.164.78  user=prod-write
Nov 26 00:22:37  sshd[19434]: Failed password for invalid user prod-write from 18.72.164.78 port 54078 ssh2

I searched the /etc/ssh/sshd_config file and did not see any “AllowUsers” is set over there. Then I tried to update the SSH package and restart the ssh service. But I could not restart the ssh as it is fails while stopping it.

[root@web13 ~]# /etc/init.d/sshd restart
Stopping sshd:                                             [FAILED]
Starting sshd:                                             [  OK  ]

I was seen that from the log((/var/log/secure)) below entries

Nov 26 23:11:43 sshd[2111]: error: Bind to port 22 on 0.0.0.0 failed: Address already in use.
Nov 26 23:11:43 sshd[2111]: fatal: Cannot bind any address.
Nov 26 23:13:31 [2131]: error: Bind to port 22 on 0.0.0.0 failed: Address already in use.

SSH-iissue

So I fall in trouble since I do not have any option to go since ssh is the only way to connect the server and I can not kill that process.

Solution.

I have set a cronjob to restart ssh service on every 5 minutes and verified that it is working. After that I have killed all the ssh process by “killall -9 sshd”. After 4 minutes later I could able to login to the server either over root and the user which I created successfully.

Moral of the story

You can see from the ssh log file, there were lots of connection refusal requests are coming towards the server. This is the only reason while ssh is not being restarted since it is busy with refusing ssh connection. So I had late to identify it sadly ::( So set ssh firewall rules now itself and manage the access.

Cheers !!

Leave a Reply

  

  

  

You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>