Changed password on Arch, now ssh cannot connect - "Connection refused"
All, I changed my password for my username on my Arch server (as you should do every so often). Now everything has gone to hell. I changed the password accordingly in Thunderbird, but it cannot get mail. I've restarted sshd, and I still cannot even connect: debug3: ssh_connect_direct: entering debug1: Connecting to valkyrie [192.168.6.14] port 6661. debug3: set_sock_tos: set socket 3 IP_TOS 0x10 debug1: connect to address 192.168.6.14 port 6661: Connection refused Is there some other magic you must do now other than passwd? -- David C. Rankin, J.D.,P.E.
Hi David,
debug1: Connecting to valkyrie [192.168.6.14] port 6661. ... debug1: connect to address 192.168.6.14 port 6661: Connection refused
Is sshd listening on that interface and port? As root, say by using sudo, run: lsof -i @192.168.6.14:6661 You can drop the :6661 to remove the filtering by port number. Other parts can be dropped too. -- Cheers, Ralph.
On 8/29/24 3:53 AM, David C. Rankin wrote:
All,
I changed my password for my username on my Arch server (as you should do every so often). Now everything has gone to hell.
I changed the password accordingly in Thunderbird, but it cannot get mail.
I've restarted sshd, and I still cannot even connect:
UUUGH, Disregard. I didn't change in thunderbird quick enough and I was already banned by fail2ban. Works quite well :) unbanip saved the day. -- David C. Rankin, J.D.,P.E.
---------------------------------------- 29 Aug 2024 15:54:17 David C. Rankin <drankinatty@gmail.com>:
All,
I changed my password for my username on my Arch server (as you should do every so often). Now everything has gone to hell.
I changed the password accordingly in Thunderbird, but it cannot get mail.
I am not sure how password affect Thunderbird. Can you elaborate more?
I've restarted sshd, and I still cannot even connect:
debug3: ssh_connect_direct: entering debug1: Connecting to valkyrie [192.168.6.14] port 6661. debug3: set_sock_tos: set socket 3 IP_TOS 0x10 debug1: connect to address 192.168.6.14 port 6661: Connection refused
As Ralph already suggested in another reply, are you sure the sshd port listening on 6661? Common, default port should be 22.
Is there some other magic you must do now other than passwd?
For changing user password? No. But, for connecting to SSH server the recommended practice is using public-private keys. See https://wiki.archlinux.org/title/SSH_keys for more information.
On 8/29/24 4:25 AM, Shulhan wrote:
----------------------------------------
29 Aug 2024 15:54:17 David C. Rankin <drankinatty@gmail.com>:
All,
I changed my password for my username on my Arch server (as you should do every so often). Now everything has gone to hell.
I changed the password accordingly in Thunderbird, but it cannot get mail.
<snip Goose-chase> Thanks Ralf, Shuhlan, It was my fault. I screwed-the-pooch. I changed the password but didn't disable the mail server and mail transport, so after changing the password, there were many attempts to login with the old password from my phone, desktop, laptop, etc.... And... it only took 3 bad logins for fail2ban to block my LAN IP address (it did just what I told it to) But the ensuing surprise, and panic as seeing ssh refuse to connect was enough to trigger a strong WTF??? bit of confusion. After finding my IP jailed, it was then clear what the sequence of events had been. And on the plus side, the changes I made to fail2ban actually included the log line in the e-mail it sent me this time. <sigh> just one of those "You can't make this sh.t up" scenarios, that leaves you chuckling at yourself once the fog clears :) Thank you both for your responses. -- David C. Rankin, J.D.,P.E.
All, Sorry for hijacking the thread, just want to make a small correction. On 29/08/2024 10:53, David C. Rankin <drankinatty@gmail.com> wrote:
I changed my password [...] (as you should do every so often).
It is no longer recommended to enforce any periodic password changes. See, e.g. NIST recommendation[1]:
Verifiers SHOULD NOT require memorized secrets to be changed arbitrarily (e.g., periodically).
While password expiration used to be recommended, subsequent research showed that this does more harm than good, due to users tending to choose passwords that are easier to remember, or reuse passwords across multiple services. Instead, the modern recommendation is to use two-factor authentication and to implement password blacklists. Of course, this is primarily important for managing multiple user environments, and if you feel like you should change your own password every once in a while, there's no harm in that. Kind regards, -- Edward [1] https://pages.nist.gov/800-63-3/sp800-63b.html#memsecret
On Thu, 29 Aug 2024 at 11:09, Edward Toroshchyn <edward.toroshchyn@pm.me> wrote:
Instead, the modern recommendation is to use two-factor authentication and to implement password blacklists.
Of course, this is primarily important for managing multiple user environments, and if you feel like you should change your own password every once in a while, there's no harm in that.
[1] https://pages.nist.gov/800-63-3/sp800-63b.html#memsecret
Respectfully I think we should exercise caution quoting a 7-year-old document and treating it as gospel 2-factor authentication isn't there to replace best security practices, but to complement them.
participants (5)
-
Andy Pieters
-
David C. Rankin
-
Edward Toroshchyn
-
Ralph Corderoy
-
Shulhan