This gets worse. Adding the following to the tail of /etc/ssh/sshd_config does not configure the service properly.
PasswordAuthentication no ChallengeResponseAuthentication no UsePAM no PubkeyAuthentication yes PermitRootLogin no The login attempts are still allowed: Apr 01 09:31:10 localhost sshd[239597]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.88.112.77 user=root Apr 01 09:31:13 localhost sshd[239597]: Failed password for root from 49.88.112.77 port 50368 ssh2 Apr 01 09:31:16 localhost sshd[239597]: Failed password for root from 49.88.112.77 port 50368 ssh2 Apr 01 09:31:19 localhost sshd[239597]: Failed password for root from 49.88.112.77 port 50368 ssh2 Apr 01 09:31:20 localhost sshd[239597]: Received disconnect from 49.88.112.77 port 50368:11: [preauth] Apr 01 09:31:20 localhost sshd[239597]: Disconnected from authenticating user root 49.88.112.77 port 50368 [preauth] Apr 01 09:31:20 localhost sshd[239597]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.88.112.77 user=root -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1922212 Title: SSHD does not honor configuration files Status in openssh package in Ubuntu: New Bug description: I'm working on Ubuntu 20, x86_64, fully patched. # lsb_release -a Distributor ID: Ubuntu Description: Ubuntu 20.04.2 LTS ... We are seeing reports of failed password-based logins using root: jounralctl -xe ... Apr 01 09:08:21 localhost sshd[239302]: Failed password for root from 49.88.112.77 port 36206 ssh2 Apr 01 09:08:21 localhost sshd[239302]: Failed password for root from 49.88.112.77 port 36206 ssh2 ... There are three attempts every second or two (literally): # journalctl -xe | grep -i -c 'Failed password for root' 324 Our OpenSSH server is configured with both no-password based logins and no-root logins. # ls /etc/ssh/sshd_config.d/ 10_pubkey_auth.conf 20_disable_root_login.conf # cat /etc/ssh/sshd_config.d/10_pubkey_auth.conf # Disable passwords PasswordAuthentication no ChallengeResponseAuthentication no UsePAM no # Enable public key PubkeyAuthentication yes # cat /etc/ssh/sshd_config.d/20_disable_root_login.conf PermitRootLogin no The config files are included last in our /etc/ssh/sshd_config file: # tail -n 3 /etc/ssh/sshd_config # For some reason OpenSSH does not include additional conf files by default. Include /etc/ssh/sshd_config.d/*.conf I dislike modifying /etc/ssh/sshd_config since it will be overwritten by the distro. With that said, I modified it without success. It really annoys me that we can't secure this service. Something looks very broken here. ----- # apt-cache show openssh-server Package: openssh-server Architecture: amd64 Version: 1:8.2p1-4ubuntu0.2 Multi-Arch: foreign Priority: optional Section: net Source: openssh Origin: Ubuntu Maintainer: Ubuntu Developers <[email protected]> Original-Maintainer: Debian OpenSSH Maintainers <[email protected]> Bugs: https://bugs.launchpad.net/ubuntu/+filebug To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1922212/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : [email protected] Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
