Vesta Control Panel - Forum

Both I and my nephew have a VPS with the same provider, set up with Debian 7 and Vesta (the only difference is I have x86, he has 64-bit).

I can log in fine on my server with SSH every time. On his server, once he reboots, he seems to be able to log in, but shortly after (maybe half a day) it refuses everything - different users, password and public key authentication. I have tried public key and it fails and falls back to password... which still fails. I know the username and password is correct.

The only thing he's changed from the stock install is that he's bound SSH to a single IP address that is different from his main site's IP address. I have done the same thing on mine, but that works fine.

auth.log shows no activity when it rejects the login. fail2ban has not blocked the IP. We have restarted both fail2ban and sshd repeatedly, no change. SSH is listening on port 22 and it seems to initially connect before rejecting the authentication.

Like I said, rebooting seems to work, but we can't do that every day, there are customers using it.

I would like to see if there's something in the log that explains this, but I don't see it anywhere. Is there another place I can look?

Thanks.

Try to restore the ip to default then If that works then that's the one causing the problem.

Me i just use the ff setup to secure my ssh.

Disallow root password login then i created a new user with sudo privilege and lastly i added allowusers ex. root mysecondaryuser then change the port ip. I think that's enough security already.

Hello, do you have installed denyhosts?. if so, maybe they ban your ip. check this /etc/hosts.deny

Hi all,

Thanks for your responses.

No, fail2ban (and denyhosts) are fine, the system is not rejecting the connection. It's only the *authentication* that is being denied. And I can't see anywhere that the system knows I'm even trying! I.e. no logs, nothing. If I could trace the issue in the logs I would be very happy...

did you trace the IP if it really routes to your box?
or are you using a domainname which may lead to another IP than the one you're expecting, because it is set wrong (typo/forgot to change etc.)?

Falzo wrote:did you trace the IP if it really routes to your box?
or are you using a domainname which may lead to another IP than the one you're expecting, because it is set wrong (typo/forgot to change etc.)?

It definitely goes to the IP assigned to the box, but I wonder if they have a duplicate IP issue at the host's end of things. That's the only reason I can think of for the strangeness going on here. We changed the IP to another one of the provided ones and it seems to be solid at the moment.