Solved SSHD won't start: Corrupt authorized_key file

Lamia

Active Member

Reaction score: 31
Messages: 182

I added a public key to authorized keys for my PC and reloaded->restarted sshd. Since then my sshd won't run. NMAP no longer shows that the non-default port is available/opened. I have restarted the PC a number of times but no luck. I cannot login via ssh VPS. I deleted some keys and added one, which actually looked weird before added it.

My inkling is to boot to rescue mode, mount home, and may be etc, remove the key and restart the PC. I am wanting you to guide me on what and how to mount the partitions/dirs. I would want to know how to revert back; so, a complete guide with commands to restore my PC will be appreciated. I have tried mounting/unmounting at the rescue mode before but I want to be more cautious than before.
 

aragats

Daemon

Reaction score: 470
Messages: 1,130

I added a public key to authorized keys for my PC and reloaded->restarted sshd
Where did you added it in? In ~/.ssh/authorized_keys?
What do you see when you (re)start sshd in /var/log/auth.log
 

ShelLuser

Son of Beastie

Reaction score: 1,693
Messages: 3,512

Also don't rely on something as crude as nmap. Just run # sockstat -4l on the host to see exactly which ports are currently being used. It might be a configuration error, in which case you should be able to see something mentioned in /var/log/messages or /var/log/auth.
 
OP
OP
Lamia

Lamia

Active Member

Reaction score: 31
Messages: 182

Where did you added it in? In ~/.ssh/authorized_keys?
YES!
What do you see when you (re)start sshd in /var/log/auth.log
Since I restarted the sshd & PC, I no longer have access to it. I cannot not connect via ssh. All services are running but not the sshd (at least its port in no longer available). Every attempt to connect shows timeout.
 
OP
OP
Lamia

Lamia

Active Member

Reaction score: 31
Messages: 182

Also don't rely on something as crude as nmap. Just run # sockstat -4l on the host to see exactly which ports are currently being used. It might be a configuration error, in which case you should be able to see something mentioned in /var/log/messages or /var/log/auth.
Sure! sockstat -4l if I am on ternimal of the PC.
Since I restarted the sshd & PC, I no longer have access to it. I cannot not connect via ssh. All services are running but not the sshd (at least its port in no longer available). Every attempt to connect shows connection timeout.
 
OP
OP
Lamia

Lamia

Active Member

Reaction score: 31
Messages: 182

Fixed!
SSHguard blacklisted my IP address. I had to remove the IP address via the rescue mode. My ISP rotates the Public IP addresses so that makes it difficult for me to enter a range of IP addresses as allowed_ips.

Thanks to you all.
 

aragats

Daemon

Reaction score: 470
Messages: 1,130

You could write a couple of scripts in both VPS and your home PC to let the server know your current IP address.
IMO the easiest way is accessing a particular web page with a cron task from your home PC, i.e. a very long URL on your VPS (if you have a web server running).
I'm using that approach to have a simple dynamic DNS.
 
OP
OP
Lamia

Lamia

Active Member

Reaction score: 31
Messages: 182

You could write a couple of scripts in both VPS and your home PC to let the server know your current IP address.
IMO the easiest way is accessing a particular web page with a cron task from your home PC, i.e. a very long URL on your VPS (if you have a web server running).
I'm using that approach to have a simple dynamic DNS.
I would like that, particularly now that I am using a vpn_via_ssh and wanting my client IP address to be automatically updated on the server.
I know that a few VPN providers over a deamon that periodically push updates _IP address changes - to their servers.
You mind sharing it with me?
 

aragats

Daemon

Reaction score: 470
Messages: 1,130

My VPS runs apache with php anyway, so I use this simple php script below which runs a shell script to update dns/maradns db.
Of course, your task is slightly different, so you'll need to create the corresponding shell script.
Code:
<?php
$secreturl = "d8e8fca2dc0f896fd7cb4cb0031ba249";
$ipupdatecmd = "/usr/local/etc/maradns/update.ip";
$request = "null";

$ipaddress = $_SERVER["REMOTE_ADDR"];
if (isset($_GET['request']))
    $request = $_GET["request"];

if ($request == $secreturl)
    $res = shell_exec("$ipupdatecmd $ipaddress");
?>
Then in your home PC you can periodically run
fetch -o test http://myvps.com/?request=d8e8fca2dc0f896fd7cb4cb0031ba249
or
curl -X GET http://myvps.com/?request=d8e8fca2dc0f896fd7cb4cb0031ba249
or whatever web client you may like (www/links, www/w3m etc).

Of course, this is not perfect and can be improved in various ways, e.g. you can change $secreturl after every request etc.
 
Top