[pfSense] Accès impossible en ssh (EN COURS...)

Applications, problèmes de configuration réseau
Avatar de l’utilisateur
L_Indien
Chu Ko Nu
Messages : 388
Inscription : dim. 14 nov. 2010, 09:47
Localisation : En mouvement perpétuel...

[pfSense] Accès impossible en ssh (EN COURS...)

Message par L_Indien »

Bonsoir le Forum,

Je suis un peu à sec...

Je fais simple :
  • d'un côté : j'ai la bbox, ensuite pfSense qui fait office de serveur dhcp également.
  • de l'autre côté : un serveur de fichiers, un portable et le poste sous Archlinux. Sur le poste sous Arch, il y a Arch et j'ai fait des essais avec une machine virtuelle.
Les adresses IP sont les suivantes :
  • pfSense : 192.168.2.1
  • Archlinux : 192.168.2.40
  • Portable : 192.168.2.115
  • Machine virtuelle sous Fedora (accès par pont au réseau) : 192.168.2.111 et 192.168.2.47
Sous Arch, je n'arrive pas à me connecter en ssh à pfSense. Le message d'erreur est le suivant :

Code : Tout sélectionner

Connection closed by 192.168.2.1 port 22
Les adresses terminant par .111 et .115 sont fournies par pfSense à des machines « invités » qui viennent se brancher sur le réseau.
Les autres adresses sont fournis par pfSense à des postes de « confiance ».

Les « invités » ne peuvent pas se connecter en ssh.
Les postes de « confiance », peuvent se connecter en ssh.

Jusqu'ici, tout va bien...

J'arrive à me connecter à pfSense depuis Archlinux samedi matin. Tout va bien.
Je fais une mise à jour d'Arch, et depuis... Impossible de me connecter, avec le message d'erreur mentionné plus haut.

J'ai fait des tests en machine virtuelle (avec l'adresse se terminant en .47), nickel.
J'ai affecté une autre adresse IP à Archlinux (depuis pfSense), et ça fonctionne. Pour le test, j'ai fait simple : 192.168.2.4

J'ai également affecté l'adresse .40 à la machine virtuelle, et ça fonctionne également (Arch avait pendant ce temps l'adresse 192.168.2.4)

Mais par contre, Archlinux avec l'adresse 192.168.2.40 : IMPOSSIBLE...

Si vous avez une idée ou 2 je suis preneur.

Bonne soirée.
Différence entre windows et linux
Linux est multi-tâches, windows est multi-taches.
L'Indien de la Douche - Soutient L'April
laurent85
Elfe
Messages : 951
Inscription : mar. 16 oct. 2018, 21:05

Re: [pfSense] Accès impossible en ssh (EN COURS...)

Message par laurent85 »

Bonjour,
Regarde dans les logs de psSense.
Avatar de l’utilisateur
L_Indien
Chu Ko Nu
Messages : 388
Inscription : dim. 14 nov. 2010, 09:47
Localisation : En mouvement perpétuel...

Re: [pfSense] Accès impossible en ssh (EN COURS...)

Message par L_Indien »

Bonjour Laurent85,

Je te remercie pour ton retour.

Je viens de récupérer les logs de pfSense :

Code : Tout sélectionner

Mar  7 17:46:36 pfSense login[7516]: login on ttyv0 as root
Mar  7 17:47:10 pfSense shutdown[54583]: halt by root: 
Mar  7 21:35:32 pfSense login[1731]: login on ttyv0 as root
Mar  7 13:46:06 pfSense login[14006]: login on ttyv0 as root
Mar  7 13:47:19 pfSense php-fpm[338]: /index.php: webConfigurator authentication error for user 'pfsense' from: 192.168.1.100
Mar  7 13:47:19 pfSense sshguard[16395]: Attack from "192.168.1.100" on service unknown service with danger 10.
Mar  7 13:47:28 pfSense php-fpm[338]: /index.php: Successful login for user 'admin' from: 192.168.1.100 (Local Database)
Mar  7 14:58:50 pierrafeu login[19337]: login on ttyv0 as root
Mar  7 15:01:59 pierrafeu php-fpm[338]: /index.php: Successful login for user 'admin' from: 192.168.2.10 (Local Database)
Mar  7 17:10:32 pierrafeu shutdown[86881]: power-down by root: 
Mar  7 17:16:01 pierrafeu login[6356]: login on ttyv0 as root
Mar  7 17:16:37 pierrafeu php-fpm[338]: /index.php: Successful login for user 'admin' from: 192.168.2.60 (Local Database)
Mar  7 17:43:51 pierrafeu shutdown[50431]: power-down by root: 
Mar  7 17:47:34 pierrafeu login[2255]: login on ttyv0 as root
Mar  7 17:48:11 pierrafeu php-fpm[338]: /index.php: Successful login for user 'admin' from: 192.168.2.60 (Local Database)
Mar  7 17:48:26 pierrafeu shutdown[90400]: power-down by root: 
May 21 19:31:00 pierrafeu login[63783]: login on ttyv0 as root
May 22 07:20:15 pierrafeu php-fpm[338]: /index.php: Successful login for user 'admin' from: 192.168.2.40 (Local Database)
May 22 07:24:35 pierrafeu login[46221]: login on ttyv0 as root
May 22 07:25:25 pierrafeu php-fpm[484]: /system_update_settings.php: Successful login for user 'admin' from: 192.168.2.40 (Local Database)
May 22 07:53:02 pierrafeu php-fpm[483]: /index.php: Successful login for user 'admin' from: 192.168.2.40 (Local Database)
May 22 10:56:53 pierrafeu php-fpm[483]: /index.php: Successful login for user 'admin' from: 192.168.2.40 (Local Database)
May 22 10:58:58 pierrafeu sshd[95437]: Server listening on :: port 22.
May 22 10:58:58 pierrafeu sshd[95437]: Server listening on 0.0.0.0 port 22.
May 22 11:01:05 pierrafeu login[48118]: login on ttyv0 as root
May 22 11:01:11 pierrafeu sshd[95437]: Received signal 15; terminating.
May 22 11:01:12 pierrafeu sshd[24844]: Server listening on :: port 22.
May 22 11:01:12 pierrafeu sshd[24844]: Server listening on 0.0.0.0 port 22.
May 22 11:01:41 pierrafeu sshd[24868]: Accepted keyboard-interactive/pam for admin from 192.168.2.40 port 57896 ssh2
May 22 16:32:22 pierrafeu sshd[24868]: Received disconnect from 192.168.2.40 port 57896:11: disconnected by user
May 22 16:32:22 pierrafeu sshd[24868]: Disconnected from user admin 192.168.2.40 port 57896
May 23 06:33:02 pierrafeu sshd[21986]: error: PAM: Authentication error for admin from 192.168.2.40
May 23 06:33:02 pierrafeu sshguard[7618]: Attack from "192.168.2.40" on service SSH with danger 10.
May 23 06:33:05 pierrafeu sshd[21986]: error: PAM: Authentication error for admin from 192.168.2.40
May 23 06:33:05 pierrafeu sshguard[7618]: Attack from "192.168.2.40" on service SSH with danger 10.
May 23 06:34:11 pierrafeu php-fpm[70395]: /system.php: Successful login for user 'admin' from: 192.168.2.40 (Local Database)
May 23 06:34:47 pierrafeu sshd[32145]: Invalid user a from 192.168.2.40 port 54610
May 23 06:34:47 pierrafeu sshguard[7618]: Attack from "192.168.2.40" on service SSH with danger 10.
May 23 06:34:47 pierrafeu sshguard[7618]: Blocking "192.168.2.40/32" for 120 secs (3 attacks in 105 secs, after 1 abuses over 105 secs.)
May 23 06:34:47 pierrafeu sshd[32145]: Fssh_packet_write_wait: Connection from invalid user a 192.168.2.40 port 54610: Permission denied [preauth]
May 23 06:38:29 pierrafeu php-fpm[54384]: /index.php: Successful login for user 'admin' from: 192.168.2.40 (Local Database)
May 23 06:38:31 pierrafeu sshd[1670]: Connection closed by authenticating user admin 192.168.2.40 port 54618 [preauth]
May 23 06:38:31 pierrafeu sshguard[7618]: Attack from "192.168.2.40" on service SSH with danger 2.
May 23 06:41:08 pierrafeu sshd[24844]: Received signal 15; terminating.
May 23 06:42:34 pierrafeu sshd[14502]: Server listening on :: port 22.
May 23 06:42:34 pierrafeu sshd[14502]: Server listening on 0.0.0.0 port 22.
May 23 06:45:35 pierrafeu sshd[14502]: Received signal 15; terminating.
May 23 06:46:45 pierrafeu php-fpm[54384]: /index.php: Successful login for user 'admin' from: 192.168.2.40 (Local Database)
May 23 06:47:02 pierrafeu sshd[27664]: Server listening on :: port 22.
May 23 06:47:02 pierrafeu sshd[27664]: Server listening on 0.0.0.0 port 22.
May 23 06:50:44 pierrafeu sshd[27664]: Received signal 15; terminating.
May 23 06:50:58 pierrafeu php-fpm[54384]: /index.php: Successful login for user 'admin' from: 192.168.2.40 (Local Database)
May 23 06:51:31 pierrafeu sshd[449]: Server listening on :: port 22.
May 23 06:51:31 pierrafeu sshd[449]: Server listening on 0.0.0.0 port 22.
May 23 06:52:36 pierrafeu sshd[24992]: Connection closed by authenticating user admin 192.168.2.40 port 54624 [preauth]
May 23 06:52:36 pierrafeu sshguard[92199]: Attack from "192.168.2.40" on service SSH with danger 2.
May 23 06:53:27 pierrafeu sshd[48876]: error: PAM: Authentication error for admin from 192.168.2.40
May 23 06:53:27 pierrafeu sshguard[92199]: Attack from "192.168.2.40" on service SSH with danger 10.
May 23 06:59:17 pierrafeu sshd[449]: Received signal 15; terminating.
May 23 06:59:17 pierrafeu sshd[13385]: Server listening on :: port 22.
May 23 06:59:17 pierrafeu sshd[13385]: Server listening on 0.0.0.0 port 22.
May 23 09:46:26 pierrafeu sshd[18655]: Invalid user admon from 192.168.2.111 port 33951
May 23 09:46:26 pierrafeu sshguard[19591]: Attack from "192.168.2.111" on service SSH with danger 10.
May 23 09:46:26 pierrafeu sshd[18655]: Postponed keyboard-interactive for invalid user admon from 192.168.2.111 port 33951 ssh2 [preauth]
May 23 09:46:27 pierrafeu sshd[18655]: Connection closed by invalid user admon 192.168.2.111 port 33951 [preauth]
May 23 09:46:27 pierrafeu sshguard[19591]: Attack from "192.168.2.111" on service SSH with danger 2.
May 23 09:47:49 pierrafeu sshd[44041]: error: PAM: Authentication error for admin from 192.168.2.111
May 23 09:47:49 pierrafeu sshguard[19591]: Attack from "192.168.2.111" on service SSH with danger 10.
May 23 10:52:35 pierrafeu sshd[57894]: Accepted keyboard-interactive/pam for admin from 192.168.2.47 port 47936 ssh2
May 23 11:34:21 pierrafeu sshd[57894]: Received disconnect from 192.168.2.47 port 47936:11: disconnected by user
May 23 11:34:21 pierrafeu sshd[57894]: Disconnected from user admin 192.168.2.47 port 47936
May 23 11:35:10 pierrafeu sshd[61310]: Accepted keyboard-interactive/pam for admin from 192.168.2.47 port 47937 ssh2
May 23 11:39:45 pierrafeu sshd[6801]: Server listening on :: port 22.
May 23 11:39:45 pierrafeu sshd[6801]: Server listening on 0.0.0.0 port 22.
May 23 11:40:06 pierrafeu login[15375]: login on ttyv0 as root
May 23 11:40:19 pierrafeu sshd[99624]: error: PAM: Authentication error for admin from 192.168.2.47
May 23 11:40:19 pierrafeu sshguard[18413]: Attack from "192.168.2.47" on service SSH with danger 10.
May 23 11:40:22 pierrafeu sshd[99624]: error: PAM: Authentication error for admin from 192.168.2.47
May 23 11:40:22 pierrafeu sshguard[18413]: Attack from "192.168.2.47" on service SSH with danger 10.
May 23 11:40:23 pierrafeu sshd[99624]: error: PAM: Authentication error for admin from 192.168.2.47
May 23 11:40:23 pierrafeu sshguard[18413]: Attack from "192.168.2.47" on service SSH with danger 10.
May 23 11:40:23 pierrafeu sshguard[18413]: Blocking "192.168.2.47/32" for 120 secs (3 attacks in 4 secs, after 1 abuses over 4 secs.)
May 23 11:44:46 pierrafeu sshd[30419]: Accepted keyboard-interactive/pam for admin from 192.168.2.47 port 59558 ssh2
May 23 12:46:04 pierrafeu sshd[30419]: Received disconnect from 192.168.2.47 port 59558:11: disconnected by user
May 23 12:46:04 pierrafeu sshd[30419]: Disconnected from user admin 192.168.2.47 port 59558
May 23 12:46:07 pierrafeu sshd[93177]: error: PAM: Authentication error for admin from 192.168.2.47
May 23 12:46:07 pierrafeu sshguard[92770]: Attack from "192.168.2.47" on service SSH with danger 10.
May 23 12:46:09 pierrafeu sshd[93177]: error: PAM: Authentication error for admin from 192.168.2.47
May 23 12:46:09 pierrafeu sshguard[92770]: Attack from "192.168.2.47" on service SSH with danger 10.
May 23 12:46:10 pierrafeu sshd[93177]: error: PAM: Authentication error for admin from 192.168.2.47
May 23 12:46:10 pierrafeu sshguard[92770]: Attack from "192.168.2.47" on service SSH with danger 10.
May 23 12:46:10 pierrafeu sshguard[92770]: Blocking "192.168.2.47/32" for 120 secs (3 attacks in 3 secs, after 1 abuses over 3 secs.)
May 23 14:33:10 pierrafeu sshd[59927]: error: PAM: Authentication error for admin from 192.168.2.47
May 23 14:33:10 pierrafeu sshguard[92770]: Attack from "192.168.2.47" on service SSH with danger 10.
May 23 14:34:13 pierrafeu sshd[83431]: Connection closed by authenticating user admin 192.168.2.47 port 56340 [preauth]
May 23 14:34:13 pierrafeu sshguard[92770]: Attack from "192.168.2.47" on service SSH with danger 2.
May 23 14:34:39 pierrafeu sshd[84313]: Accepted keyboard-interactive/pam for admin from 192.168.2.47 port 56341 ssh2
May 23 14:35:00 pierrafeu sshd[84313]: Received disconnect from 192.168.2.47 port 56341:11: disconnected by user
May 23 14:35:00 pierrafeu sshd[84313]: Disconnected from user admin 192.168.2.47 port 56341
May 23 14:35:03 pierrafeu sshd[20481]: error: PAM: Authentication error for admin from 192.168.2.47
May 23 14:35:03 pierrafeu sshguard[92770]: Attack from "192.168.2.47" on service SSH with danger 10.
May 23 14:35:04 pierrafeu sshd[20481]: error: PAM: Authentication error for admin from 192.168.2.47
May 23 14:35:04 pierrafeu sshguard[92770]: Attack from "192.168.2.47" on service SSH with danger 10.
May 23 14:35:04 pierrafeu sshguard[92770]: Blocking "192.168.2.47/32" for 240 secs (4 attacks in 114 secs, after 2 abuses over 6537 secs.)
May 23 14:35:04 pierrafeu sshd[20481]: fatal: send_userauth_info_request: Permission denied [preauth]
May 23 14:43:01 pierrafeu sshd[14639]: error: PAM: Authentication error for admin from 192.168.2.47
May 23 14:43:01 pierrafeu sshguard[92770]: Attack from "192.168.2.47" on service SSH with danger 10.
May 23 14:43:02 pierrafeu sshd[14639]: error: PAM: Authentication error for admin from 192.168.2.47
May 23 14:43:02 pierrafeu sshguard[92770]: Attack from "192.168.2.47" on service SSH with danger 10.
May 23 14:43:04 pierrafeu sshd[14639]: error: PAM: Authentication error for admin from 192.168.2.47
May 23 14:43:04 pierrafeu sshguard[92770]: Attack from "192.168.2.47" on service SSH with danger 10.
May 23 14:43:04 pierrafeu sshguard[92770]: Blocking "192.168.2.47/32" for 480 secs (3 attacks in 3 secs, after 3 abuses over 7017 secs.)
May 23 15:39:58 pierrafeu sshd[13744]: Accepted keyboard-interactive/pam for admin from 192.168.2.47 port 56345 ssh2
May 23 16:24:31 pierrafeu sshd[13744]: Received disconnect from 192.168.2.47 port 56345:11: disconnected by user
May 23 16:24:31 pierrafeu sshd[13744]: Disconnected from user admin 192.168.2.47 port 56345
May 23 17:54:19 pierrafeu php-fpm[337]: /index.php: Successful login for user 'admin' from: 192.168.2.40 (Local Database)
May 23 18:14:46 pierrafeu sshd[49595]: Connection closed by authenticating user admin 192.168.2.4 port 35214 [preauth]
May 23 18:14:46 pierrafeu sshguard[92770]: Attack from "192.168.2.4" on service SSH with danger 2.
May 23 18:29:26 pierrafeu sshd[66047]: Connection closed by authenticating user admin 192.168.2.40 port 36398 [preauth]
May 23 18:29:26 pierrafeu sshguard[89180]: Attack from "192.168.2.40" on service SSH with danger 2.
May 23 18:29:50 pierrafeu sshd[89743]: Accepted keyboard-interactive/pam for admin from 192.168.2.40 port 36399 ssh2
May 23 20:44:14 pierrafeu sshd[89868]: Accepted keyboard-interactive/pam for admin from 192.168.2.4 port 35220 ssh2
May 23 20:46:03 pierrafeu sshd[89743]: Timeout, client not responding from user admin 192.168.2.40 port 36399
May 23 20:47:23 pierrafeu sshd[89868]: Timeout, client not responding from user admin 192.168.2.4 port 35220
May 23 20:52:39 pierrafeu sshd[96190]: Accepted keyboard-interactive/pam for admin from 192.168.2.20 port 44998 ssh2
May 23 20:53:09 pierrafeu sshd[96190]: Received disconnect from 192.168.2.20 port 44998:11: disconnected by user
May 23 20:53:09 pierrafeu sshd[96190]: Disconnected from user admin 192.168.2.20 port 44998
May 25 20:14:24 pierrafeu sshd[72238]: Accepted keyboard-interactive/pam for root from 192.168.2.40 port 40648 ssh2
May 25 20:16:14 pierrafeu sshd[72238]: Received disconnect from 192.168.2.40 port 40648:11: disconnected by user
May 25 20:16:14 pierrafeu sshd[72238]: Disconnected from user root 192.168.2.40 port 40648
May 25 20:16:33 pierrafeu sshd[34378]: error: PAM: Authentication error for root from 192.168.2.40
May 25 20:16:33 pierrafeu sshguard[73294]: Attack from "192.168.2.40" on service SSH with danger 10.
May 25 20:42:47 pierrafeu php-fpm[3356]: /index.php: Successful login for user 'admin' from: 192.168.2.40 (Local Database)
May 26 19:33:18 pierrafeu php-fpm[3356]: /index.php: Successful login for user 'admin' from: 192.168.2.40 (Local Database)
May 26 19:35:18 pierrafeu sshd[61617]: Connection closed by authenticating user root 192.168.2.40 port 40652 [preauth]
May 26 19:35:18 pierrafeu sshguard[87681]: Attack from "192.168.2.40" on service SSH with danger 2.
May 26 19:35:40 pierrafeu sshd[88016]: error: PAM: Authentication error for root from 192.168.2.40
May 26 19:35:40 pierrafeu sshguard[87681]: Attack from "192.168.2.40" on service SSH with danger 10.
May 29 22:19:54 pierrafeu php-fpm[83840]: /index.php: Successful login for user 'admin' from: 192.168.2.40 (Local Database)
May 30 07:09:16 pierrafeu sshd[94275]: Connection closed by authenticating user admin 192.168.2.47 port 40690 [preauth]
May 30 07:09:16 pierrafeu sshguard[92651]: Attack from "192.168.2.47" on service SSH with danger 2.
May 30 07:09:56 pierrafeu sshd[94670]: Accepted keyboard-interactive/pam for admin from 192.168.2.47 port 40694 ssh2
May 30 07:20:47 pierrafeu sshd[63867]: Accepted keyboard-interactive/pam for root from 192.168.2.40 port 40670 ssh2
May 30 07:21:18 pierrafeu sshd[94670]: Received disconnect from 192.168.2.47 port 40694:11: disconnected by user
May 30 07:21:18 pierrafeu sshd[94670]: Disconnected from user admin 192.168.2.47 port 40694
May 30 07:21:43 pierrafeu sshd[92168]: Accepted keyboard-interactive/pam for admin from 192.168.2.47 port 40696 ssh2
May 30 07:23:09 pierrafeu php-fpm[11260]: /index.php: Successful login for user 'admin' from: 192.168.2.40 (Local Database)
May 30 19:52:46 pierrafeu sshd[92168]: Received disconnect from 192.168.2.47 port 40696:11: disconnected by user
May 30 19:52:46 pierrafeu sshd[92168]: Disconnected from user admin 192.168.2.47 port 40696
Ce qui est bizarre, c'est que l'impossibilité de connexion est assez aléatoire...

Je suis un peu largué. Je ne comprends pas trop pourquoi il y a d'autres ports que le port 22 utilisé.

Bonne soirée.
Différence entre windows et linux
Linux est multi-tâches, windows est multi-taches.
L'Indien de la Douche - Soutient L'April
Répondre