working on a Ubuntu 19.04 Digital Ocean server. After updating sources.list to focal, so I could update repositories and install certbot, I found my self locked out of the server with the message Connection refused.
Managed to enter through Digital Ocean Recovery Console, and checked all ssh configs, authorized_keys files, everything, and could not find an error.
What I did found was ssh brute force attack against the server, so I change the port.
Afterwards I start getting the message Connection Closed when trying to connect to the server via terminal.
Here I leave ssh_config, sshd_config, sources.list, the output of connecting with ssh, and the output of making apt update inside the recovery console.
ssh_config
# This is the ssh client system-wide configuration file. See
# ssh_config(5) for more information. This file provides defaults for
# users, and the values can be changed in per-user configuration files
# or on the command line.
# Configuration data is parsed as follows:
# 1. command line options
# 2. user-specific file
# 3. system-wide file
# Any configuration value is only changed the first time it is set.
# Thus, host-specific definitions should be at the beginning of the
# configuration file, and defaults at the end.
# Site-wide defaults for some commonly used options. For a comprehensive
# list of available options, their meanings and defaults, please see the
# ssh_config(5) man page.
Host *
#bunch of commented options
SendEnv LANG LC_*
HashKnownHosts yes
GSSAPIAuthentication yes
sshd_config
# $OpenBSD: sshd_config,v 1.103 2018/04/09 20:41:22 tj Exp $
# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.
# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options override the
# default value.
Port <PORT>
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_ecdsa_key
#HostKey /etc/ssh/ssh_host_ed25519_key
# Ciphers and keying
#RekeyLimit default none
# Logging
#SyslogFacility AUTH
#LogLevel INFO
# Authentication:
#LoginGraceTime 2m
PermitRootLogin yes
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10
PubkeyAuthentication no
# Expect .ssh/authorized_keys2 to be disregarded by default in future.
#AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2
#AuthorizedPrincipalsFile none
#AuthorizedKeysCommand none
#AuthorizedKeysCommandUser nobody
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes
# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication yes
#PermitEmptyPasswords no
# Change to yes to enable challenge-response passwords (beware issues with
# some PAM modules and threads)
ChallengeResponseAuthentication no
# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no
# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes
#GSSAPIStrictAcceptorCheck yes
#GSSAPIKeyExchange no
# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication. Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin yes
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
UsePAM no
#AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PermitTTY yes
PrintMotd no
#PrintLastLog yes
#TCPKeepAlive yes
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS no
#PidFile /var/run/sshd.pid
#MaxStartups 10:30:100
#PermitTunnel no
#ChrootDirectory none
#VersionAddendum none
# no default banner path
#Banner none
# Allow client to pass locale environment variables
AcceptEnv LANG LC_*
# override default of no subsystems
Subsystem sftp /usr/lib/openssh/sftp-server
# Example of overriding settings on a per-user basis
#Match User anoncvs
# X11Forwarding no
# AllowTcpForwarding no
# PermitTTY no
# ForceCommand cvs server
sources.list, now changed with groovy but originally changed with focal
## Note, this file is written by cloud-init on first boot of an instance
## modifications made here will not survive a re-bundle.
## if you wish to make changes you can:
## a.) add 'apt_preserve_sources_list: true' to /etc/cloud/cloud.cfg
## or do the same in user-data
## b.) add sources in /etc/apt/sources.list.d
## c.) make changes to template file /etc/cloud/templates/sources.list.tmpl
# See http://help.ubuntu.com/community/UpgradeNotes for how to upgrade to
# newer versions of the distribution.
deb http://mirrors.digitalocean.com/ubuntu/ groovy main restricted
# deb-src http://mirrors.digitalocean.com/ubuntu/ groovy main restricted
## Major bug fix updates produced after the final release of the
## distribution.
deb http://mirrors.digitalocean.com/ubuntu/ groovy-updates main restricted
# deb-src http://mirrors.digitalocean.com/ubuntu/ groovy-updates main restricted
## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu
## team. Also, please note that software in universe WILL NOT receive any
## review or updates from the Ubuntu security team.
deb http://mirrors.digitalocean.com/ubuntu/ groovy universe
# deb-src http://mirrors.digitalocean.com/ubuntu/ groovy universe
deb http://mirrors.digitalocean.com/ubuntu/ groovy-updates universe
# deb-src http://mirrors.digitalocean.com/ubuntu/ groovy-updates universe
## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu
## team, and may not be under a free licence. Please satisfy yourself as to
## your rights to use the software. Also, please note that software in
## multiverse WILL NOT receive any review or updates from the Ubuntu
## security team.
deb http://mirrors.digitalocean.com/ubuntu/ groovy multiverse
# deb-src http://mirrors.digitalocean.com/ubuntu/ groovy multiverse
deb http://mirrors.digitalocean.com/ubuntu/ groovy-updates multiverse
# deb-src http://mirrors.digitalocean.com/ubuntu/ groovy-updates multiverse
## N.B. software from this repository may not have been tested as
## extensively as that contained in the main release, although it includes
## newer versions of some applications which may provide useful features.
## Also, please note that software in backports WILL NOT receive any review
## or updates from the Ubuntu security team.
deb http://mirrors.digitalocean.com/ubuntu/ groovy-backports main restricted universe multiverse
# deb-src http://mirrors.digitalocean.com/ubuntu/ groovy-backports main restricted universe multiverse
## Uncomment the following two lines to add software from Canonical's
## 'partner' repository.
## This software is not part of Ubuntu, but is offered by Canonical and the
## respective vendors as a service to Ubuntu users.
# deb http://archive.canonical.com/ubuntu groovy partner
# deb-src http://archive.canonical.com/ubuntu groovy partner
deb http://old-releases.ubuntu.com/ubuntu groovy-security main restricted
# deb-src http://old-releases.ubuntu.com/ubuntu groovy-security main restricted
deb http://old-releases.ubuntu.com/ubuntu groovy-security universe
# deb-src http://old-releases.ubuntu.com/ubuntu groovy-security universe
deb http://old-releases.ubuntu.com/ubuntu groovy-security multiverse
# deb-src http://old-releases.ubuntu.com/ubuntu groovy-security multiverse
on server, via recory console, sudo apt update
[...]
Err:5 groovy-updates Release
404 Not Found [IP: 172.67.148.71 80]
Err:6 Release
404 Not Found [IP: 172.67.148.71 80]
Hit:7 disco InRelease
Ign:8 disco InRelease
Err:9 disco Release
404 Not Found [IP: 185.125.190.52 80]
[...]
on client, ssh -vvvv -i <key> <user>@<ip>
OpenSSH_8.2p1 Ubuntu-4ubuntu0.5, OpenSSL 1.1.1f 31 Mar 2020
debug1: Reading configuration data /home/ivangk/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no files
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug2: resolve_canonicalize: hostname <IP> is address
debug2: ssh_connect_direct
debug1: Connecting to <IP> [<IP>] port <PORT>.
debug1: Connection established.
[...]
debug3: receive packet: type 6
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug3: send packet: type 50
Connection closed by <IP> port <PORT>
I am lost at what can be causing this problem. If I do lsof -i:<PORT> I get the correct port that I configured active, and ssh is active via systemctl status sshd.
