SSHD does not honor configuration files
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
openssh (Ubuntu) |
Incomplete
|
Undecided
|
Unassigned |
Bug Description
I'm working on Ubuntu 20, x86_64, fully patched.
# lsb_release -a
Distributor ID: Ubuntu
Description: Ubuntu 20.04.2 LTS
...
We are seeing reports of failed password-based logins using root:
jounralctl -xe
...
Apr 01 09:08:21 localhost sshd[239302]: Failed password for root from 49.88.112.77 port 36206 ssh2
Apr 01 09:08:21 localhost sshd[239302]: Failed password for root from 49.88.112.77 port 36206 ssh2
...
There are three attempts every second or two (literally):
# journalctl -xe | grep -i -c 'Failed password for root'
324
Our OpenSSH server is configured with both no-password based logins and no-root logins.
# ls /etc/ssh/
10_pubkey_
# cat /etc/ssh/
# Disable passwords
PasswordAuth
ChallengeRes
UsePAM no
# Enable public key
PubkeyAuthen
# cat /etc/ssh/
PermitRootLogin no
The config files are included last in our /etc/ssh/
# tail -n 3 /etc/ssh/
# For some reason OpenSSH does not include additional conf files by default.
Include /etc/ssh/
I dislike modifying /etc/ssh/
It really annoys me that we can't secure this service. Something looks very broken here.
-----
# apt-cache show openssh-server
Package: openssh-server
Architecture: amd64
Version: 1:8.2p1-4ubuntu0.2
Multi-Arch: foreign
Priority: optional
Section: net
Source: openssh
Origin: Ubuntu
Maintainer: Ubuntu Developers <email address hidden>
Original-
Bugs: https:/
This gets worse. Adding the following to the tail of /etc/ssh/ sshd_config does not configure the service properly.
PasswordAuth entication no ponseAuthentica tion no tication yes
ChallengeRes
UsePAM no
PubkeyAuthen
PermitRootLogin no
The login attempts are still allowed:
Apr 01 09:31:10 localhost sshd[239597]: pam_unix( sshd:auth) : authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.88.112.77 user=root
Apr 01 09:31:13 localhost sshd[239597]: Failed password for root from 49.88.112.77 port 50368 ssh2
Apr 01 09:31:16 localhost sshd[239597]: Failed password for root from 49.88.112.77 port 50368 ssh2
Apr 01 09:31:19 localhost sshd[239597]: Failed password for root from 49.88.112.77 port 50368 ssh2
Apr 01 09:31:20 localhost sshd[239597]: Received disconnect from 49.88.112.77 port 50368:11: [preauth]
Apr 01 09:31:20 localhost sshd[239597]: Disconnected from authenticating user root 49.88.112.77 port 50368 [preauth]
Apr 01 09:31:20 localhost sshd[239597]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.88.112.77 user=root