[06:07] <lordievader> Good morning
[14:54] <foo> Just happened to catch someone trying to brute force my system via ssh. Is there any quick way to lock sshd down from that happening again? Looks like it happened a ton before I caught it
[14:55] <aaronr> foo: apt install fail2ban
[14:55] <aaronr> bans repeat login offenders for a configurable amount of time to slow/stop bruteforce attacks
[14:55] <aaronr> (works for services other than SSH too, but only SSH is configured by default)
[15:00] <sdeziel> foo: if you can, disable password authentication and relying key only
[15:13] <bezt> foo: For fail2ban, consider enabling the recidive jail in addition to ssh.
[15:26] <andol> foo: Or simply disallow password login, which you kind of should do anyway?
[15:27] <mybalzitch> ^ x2
[15:27] <andol> ...which I now see has already been suggested. Sorry about that.
[15:36] <sdeziel> well, that can't be repeated enough ;)
[16:00] <sarnold> foo: ufw limit can force rate-limiting to the sshd (or any other service, but it's probably best-tuned for sshd..) -- but double-plus-votes on the disable password auth
[16:07] <CodeMouse92> Permissions went wonky on my Ubuntu 20.04 server this morning, and now I've getting lots of "failed to mount <X> file system" errors
[16:08] <CodeMouse92> Three hard drives, all of them failing. Verified the external still works on a diff device. I assume it's the motherboard that just bit the dust?
[16:09] <sarnold> :(
[16:09] <CodeMouse92> sarnold: Is that a correct assessment, do you think?
[16:09] <CodeMouse92> It won't even mount the kernal file system
[16:09] <CodeMouse92> *kernel
[16:10] <sarnold> CodeMouse92: I'm lucky, I don't often see failed hardware
[16:10] <sarnold> CodeMouse92: but that certainly feels plausible
[16:11] <CodeMouse92> kk. I do have a couple of other towers sitting about, I'm going to try swapping in the hard drives and network card and seeing if that works.
[16:11] <sarnold> yay
[16:13] <CodeMouse92> I've been running this thing for...what, nine years?
[16:15] <sarnold> *sniff* goodbye trusted (and probably ran trusty) machine
[16:17] <CodeMouse92> Trusty at one point. Focal when it died
[16:45] <CodeMouse92> sarnold: Not the motherboard. Swapped into a different tower, same problem
[16:46] <sarnold> CodeMouse92: uhoh. do you have any way to test the drives via eg usb sata adaptors on another machine?
[16:47] <CodeMouse92> Yeah, doing that now
[16:51] <CodeMouse92> sarnold: Both mount here, each reporting "one bad sector
[16:51] <CodeMouse92> But I'm used to that on HDDs.
[16:51] <CodeMouse92> As long as it's not interfering with operation, that's usually fine
[16:51] <sarnold> I wonder what's different..
[16:51] <CodeMouse92> Yeah. Neither work when plugged in
[16:52] <CodeMouse92> I mean...to the tower
[16:52] <CodeMouse92> But they both work here
[16:52] <sarnold> powersupply?
[16:52] <sarnold> when those go wonky they can lead to hard to understand problems
[16:52] <CodeMouse92> Would that do that?
[16:52] <CodeMouse92> Hmm
[16:52] <sarnold> I've seen stranger
[16:52] <CodeMouse92> Well....no...it can't be that, because I swapped the hard drives b/w *towers*
[16:53] <CodeMouse92> The only things I moved between towers were the two HDDs, the PCIExpress network card, and the RAM
[16:53] <CodeMouse92> Everything else was the same
[16:57] <sarnold> ohhhhh. strange strange.
[16:57] <CodeMouse92> sarnold: What would it mean to you if this hard drive has remounted itself three times in the past five minutes
[16:57] <CodeMouse92> I can read files from it, but it keeps remouting
[16:57] <sarnold> CodeMouse92: not sure; corrupt filesystem, bad memory, bad motherboard, bad hard drive, bad cables, bad controller, all feel on the table
[16:58] <CodeMouse92> RAM shouldn't do this
[16:58] <CodeMouse92> Cables were diff
[16:58] <CodeMouse92> Or....were they? Hmm
[16:58] <CodeMouse92> No, cables are diff
[16:59] <CodeMouse92> B/c this remounting regularly *here* is on a diff cable, that's weird
[17:00] <CodeMouse92> I'll run a SMART test on this
[17:01] <CodeMouse92> sarnold: Uhm...this is claiming the disk doesn't support SMART
[17:01] <CodeMouse92> I could've sworn it did before
[17:02] <incognegro76> I'd move just the HDD's, one at a time if possible, and see if they work in the other tower
[17:02] <sarnold> CodeMouse92: usb is funny that way..
[17:03] <CodeMouse92> sarnold: It's never not worked over USB before ;)
[17:03] <CodeMouse92> incognegro76: I mean, I can...the trouble is, I can't really *know* until I boot, and the hard drive in question is the system drive
[17:03] <sarnold> CodeMouse92: I think there's a command line switch you can give to smartctl to get it to try, but I think not all usb adaptors can pass it through, and I'm not sure if that's the default to try it anyway or not :/
[17:03] <CodeMouse92> Oh, pointed to a sector instead of a devie, silly me
[17:04] <sarnold> CodeMouse92: oh good, results? :)
[17:04] <CodeMouse92> I don't know yet
[17:04] <CodeMouse92> Just started short test
[17:05] <CodeMouse92> Uhm...passed? Weird
[17:06] <CodeMouse92> SMART is not showing *anything* of concern
[17:07] <CodeMouse92> Just assuming that the remounting is not the HDD's fault, I'm going to plug just this drive into the tower (per incognegro76's idea) and see if the error continues.
[17:29] <CodeMouse92> I can boot the machine to other hard drives, as long as this one isn't plugged in.
[17:29] <CodeMouse92> So I will need to reinstall :(
[17:33] <CodeMouse92> Given that I only have one bad sector, I may be able to copy *some* things from the dying HDD directly.
[17:50] <foo> sarnold / andol / bezt / sdeziel / aaronr - a bit delayed, but thank you on suggestions to stop ssh brute force. In the short term I changed ports (before asking here). Disabling pass auth is an easy one, I thought I did that but will double check. Also will look into fail2ban.
[17:50] <sarnold> woot
[17:51] <foo> Well, guess it wasn't. I may have enabled it at one point for a short term solution without disabling it
[17:51] <foo> PasswordAuthentication no
[17:52] <foo> Thanks ya'll. Will check about fail2ban next but my hunch is this will do me some good.
[18:31] <TJ-> foo: you could consider a port-knocker, such as fwknop-server and fwknop-client
[18:31] <TJ-> !info fwknop-server
[18:31] <ubot3> fwknop-server (2.6.10-12, hirsute): FireWall KNock OPerator server side - C version. In component universe, is optional. Built by fwknop. Size 83 kB / 246 kB. (Only available for linux-any.)
[19:20] <ShellcatZero> Thanks Odd_Bloke, do you have any specific documentation you can share which provides those details regarding the mirrors? I'm interesting in finding out more about the substantive differences between the mirrors and what (if any) changes that AWS makes or requires for software featured on those mirrors, and how software updates might be prioritized differently on the mirrors.
[19:33] <sarnold> ShellcatZero: there's two things here; the ubuntu pro instances have some changes available https://ubuntu.com/aws/pro
[19:34] <sarnold> ShellcatZero: the 'usual' ubuntu ec2 mirrors are just squids that sit in front of the main archives
[20:42] <Odd_Bloke> powersj: You might have some more official info about these mirrors?