Ssh – Locked theself out of SSH with UFW

iptablessshubuntu-12.04ufw

I had my server set up to accept SSH connections on port 21966, I followed some steps to configure ufw however it has now locked me out of all SSH access on any port!

I've been able to boot my server into 'rescue' mode, providing me with an SSH rescue account, through which I am able to mount the hard drives and see my files. I do not know what to do from here, as the ufww service isn't running so I cannot disable it or uninstall.

Best Answer

Your ufw rules should be located in /lib/ufw/user.rules config file. Modify that file so that somewhere between ### RULES ### and ### END RULES ### section there are the following entries:

### tuple ### allow any 21966 0.0.0.0/0 any 0.0.0.0/0 in
-A ufw-user-input -p tcp --dport 21966 -j ACCEPT

Additionally make sure that your /etc/ssh/sshd_config file has Port 21966 entry(instead of port 22).

Related Solutions

Ssh – How to automate SSH login with password

Don't use a password. Generate a passphrase-less SSH key and push it to your VM.

If you already have an SSH key, you can skip this step… Just hit Enter for the key and both passphrases:

$ ssh-keygen -t rsa -b 2048
Generating public/private rsa key pair.
Enter file in which to save the key (/home/username/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/username/.ssh/id_rsa.
Your public key has been saved in /home/username/.ssh/id_rsa.pub.

Copy your keys to the target server:

$ ssh-copy-id id@server
id@server's password:

Now try logging into the machine, with ssh 'id@server', and check-in:

.ssh/authorized_keys

Note: If you don't have .ssh dir and authorized_keys file, you need to create it first

to make sure we haven’t added extra keys that you weren’t expecting.

Finally, check to log in…

$ ssh id@server

id@server:~$

You may also want to look into using ssh-agent if you want to try keeping your keys protected with a passphrase.

SSH – Bad Owner or Permissions on ~/.ssh/config

I needed to have rw for user only permissions on config. This fixed it.

chmod 600 ~/.ssh/config

As others have noted below, it could be the file owner. (upvote them!)

chown $USER ~/.ssh/config

If your whole folder has invalid permissions here's a table of possible permissions:

Path	Permission
.ssh directory (code)	0700 (drwx------)
private keys (ex: `id_rsa`) (code)	0600 (-rw-------)
`config`	0600 (-rw-------)
public keys (*.pub ex: `id_rsa.pub`)	0644 (-rw-r--r--)
`authorized_keys` (code)	0644 (-rw-r--r--)
`known_hosts`	0644 (-rw-r--r--)

Sources:

openssh check-perm.c
openssh readconf.c
openssh ssh_user_config fix_authorized_keys_perms

Best Answer

Related Solutions

Ssh – How to automate SSH login with password

SSH – Bad Owner or Permissions on ~/.ssh/config

Related Topic