Google计算引擎-多次访问SSH后被阻止 [英] Google compute engine - getting blocked after accessing SSH a few times

问题描述

我有一个Google计算引擎VM，正在运行ubuntu，并使用Laravel Forge.

I have a google compute engine VM, running ubuntu, and utilising Laravel Forge.

即使我正确登录，访问SSH几次(2-4次)后，我似乎也被VM阻塞了.重新启动VM可以解除对我的阻止.

I seem to get blocked by the VM after accessing SSH a few times (2-4), even if I'm logging in correctly. Restarting the VM unblocks me.

我首先注意到了这个问题，因为我在登录SSH时遇到了麻烦，经过几次尝试后，它变得无法访问.我托管在其上的网站也无法解析.重新启动虚拟机后，我可以尝试再次登录ssh，我的网站可以正常工作.在我弄清楚如何正确使用SSH登录之前，发生了几次.

I first noticed the issue as I was having trouble logging into SSH, after a few attempts it would become unreachable. My website hosted on it also wouldn't resolve. After restarting the vm, I could try log into ssh again and my website works. This happened a couple time before I figured out how to correctly log in with SSH.

接下来，尝试使用使用plink的HeidiSQL登录数据库，我很好.但是，每次执行某项操作后，它似乎始终会通过SSH重新连接，并且在进行2-4次重新连接后，我仍然遇到相同的问题，即无法通过SSH访问VM，并且托管在其上的网站已关闭.

Next, trying to log in to the database with HeidiSQL, which uses plink, I log in fine. But it seems to keep reconnecting via SSH every time I do something, and after 2-4 of these reconnects, I get the same problem with the VM being unreachable by SSH and my website hosted on it being down.

使用SQLyog(它似乎保持一个SSH连接)，而不是像HeidiSQL那样不断地重新连接，我没有问题.

Using SQLyog, which seems to maintain the one SSH connection, rather than constantly reconnecting like HeidiSQL, I have no problems.

当我的网站关闭时，我使用那些对所有人或我来说都关闭"的网站来查看它是否关闭，而且显然对我来说也是如此，所以我必须被阻止.

When my website is down, I use those "down for everyone or just me" websites to see if it is down, and apparently it's just down for me, so I must be getting blocked.

所以我想我的问题是: 1.这正常吗? 2.是否可以在不重新启动VM的情况下取消阻止自己? 3.我可以以不太严格的方式进行阻止吗? 4.为什么HeidiSQL会继续通过SSH重新连接，而不是像SQLyog那样保持单一连接?

So I guess my questions are: 1. Is this normal? 2. Can I unblock myself without restarting the VM? 3. Can I make blocking occur in a less strict way? 4. Why does HeidiSQL keep reconnecting via SSH rather than maintaining the one connection like SQLyog seems to?

推荐答案

您遇到了sshguard，默认情况下，它在GCE Ubuntu映像上(至少在我自己遇到的14.10映像上)启用. /etc/sshguard/whitelist中有一个白名单文件.

You have encountered sshguard, which is enabled by default on the GCE Ubuntu images (at least on the 14.10 image, where I encountered it myself). There is a whitelist file at /etc/sshguard/whitelist.

我的VM上的sshguard默认配置的危险"阈值为40.大多数sshguard检测到的攻击"都会产生10的危险，因此在4次重新连接后被阻止似乎是正确的.

The sshguard default configuration on my VM has a "dangerousness" threshold of 40. Most "attacks" that sshguard detects incur dangerousness of 10, so getting blocked after 4 reconnects sounds about right.

此处列出了攻击特征: http://www.sshguard.net/docs/reference/attack-signatures/

The attack signatures are listed here: http://www.sshguard.net/docs/reference/attack-signatures/

我敢打赌，您是通过具有无效反向DNS配置的IP连接的(我是).像这样的四个连接，默认配置会阻止您20分钟.

I would bet that you are connecting from an IP that has an invalid reverse DNS configuration (I was). Four connects like that and the default config blocks you for 20 minutes.

这篇关于Google计算引擎-多次访问SSH后被阻止的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！