[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Synchronization issues of debian.cs.nycu.edu.tw

Hi,

Oops, sorry, yes, that's my fault for not picking the correct source
address when testing.

Sadly, that doesn't get us any further with the original issue. The SSH
configuration for the push is definitely using .217, and the errors
we're seeing are timeouts rather than connection resets.

Regards,

Adam


On Thu, 2023-10-05 at 04:48 +0800, Shao-Fu Chen wrote:
> Hi, 
> I found that the source IP in your tcpdump is 140.211.166.200, which
> is not the configured whitelisted IP "140.211.166.217"
> to access our server's SSH port. Therefore, the traffic is blocked
> from the firewall.
> I don't know whether the outgoing IP from the syncing server would be
> different base on different circumstances.
> If that is true, adding other IP addresses may solve this issues.
> Best regards,
> 陳少甫 / Shao-Fu Chen (shfchen)
> 助教 / Teach Assistant
> 國立陽明交通大學 資訊工程學系資訊中心 (NYCU CS IT Center)
> Information Technology Center,
> Department of Computer Science,
> National Yang Ming Chiao Tung University
> Adam D. Barratt 於 2023/10/5 01:01 寫道:
> > Hi,
> > 
> > I'm also not sure why it would fail, but it definitely does seem
> > like
> > something is filtering the traffic at a packet inspection level.
> > 
> > I've run some traffic dumps while attempting connections in various
> > ways. Running "ssh" with the wrong username results in a
> > "permission
> > denied" error, as would be expected, and a small amount of traffic.
> > Using a non-protocol-aware tool such as telnet or "nc" results in:
> > 
> > 16:49:22.206649 enP2p1s0f0 Out IP 140.211.166.200.43766 >
> > 140.113.17.5.22: Flags [S], seq 475671543, win 64240, options [mss
> > 1460,sackOK,TS val 4134193521 ecr 0,nop,wscale 7], length 0
> > 	0x0000:  4510 003c 3500 4000 4006 349a 8cd3
> > a6c8  E..<5.@.@.4.....
> > 	0x0010:  8c71 1105 aaf6 0016 1c5a 2bf7 0000
> > 0000  .q.......Z+.....
> > 	0x0020:  a002 faf0 d140 0000 0204 05b4 0402
> > 080a  .....@..........
> > 	0x0030:  f66a c971 0000 0000 0103 0307            .j.q........
> > 16:49:22.366820 enP2p1s0f0 P   IP 140.113.17.5 > 140.211.166.200:
> > ICMP host 140.113.17.5 unreachable - admin prohibited, length 68
> > 	0x0000:  45c0 0058 3afa 0000 3001 7dd9 8c71
> > 1105  E..X:...0.}..q..
> > 	0x0010:  8cd3 a6c8 030a ce36 0000 0000 4500
> > 003c  .......6....E..<
> > 	0x0020:  3500 4000 3106 43aa 8cd3 a6c8 8c71
> > 1105  5.@.1.C......q..
> > 	0x0030:  aaf6 0016 1c5a 2bf7 0000 0000 a002
> > faf0  .....Z+.........
> > 	0x0040:  c8c2 0000 0204 05b4 0402 080a f66a
> > c971  .............j.q
> > 	0x0050:  0000 0000 0103 0307                      ........
> > 
> > Regards,
> > 
> > Adam
> > 
> > 
> > On Tue, 2023-10-03 at 18:07 +0800, Shao-Fu Chen wrote:
> > > Hello,
> > > I can find two successful login attempts on our server:
> > > [shfchen@linux ~]$ sudo cat /var/log/secure | grep
> > > 140.211.166.217
> > > Oct  3 00:17:04 linux sshd[10238]: Accepted publickey for
> > > debi_adm
> > > from 140.211.166.217 port 56915 ssh2: RSA
> > > SHA256:VzG9tNbWoaaqqsjrW9e6NzlhgIcwz8ZlVkc76fR1q2Y
> > > Oct  3 02:15:44 linux sshd[10241]: Received disconnect from
> > > 140.211.166.217 port 56915:11: disconnected by user
> > > Oct  3 02:15:44 linux sshd[10241]: Disconnected from
> > > 140.211.166.217
> > > port 56915
> > > Oct  3 16:29:54 linux sshd[22419]: Accepted publickey for
> > > debi_adm
> > > from 140.211.166.217 port 42715 ssh2: RSA
> > > SHA256:VzG9tNbWoaaqqsjrW9e6NzlhgIcwz8ZlVkc76fR1q2Y
> > > P.s. The log timestamp is UTC+8.
> > > I have no idea why the push attempt would failed.
> > > Best regards,
> > > 陳少甫 / Shao-Fu Chen (shfchen)
> > > 助教 / Teach Assistant
> > > 國立陽明交通大學 資訊工程學系資訊中心 (NYCU CS IT Center)
> > > Information Technology Center,
> > > Department of Computer Science,
> > > National Yang Ming Chiao Tung University
> > > Adam D. Barratt 於 2023/10/3 16:47 寫道:
> > > > On Tue, 2023-10-03 at 07:02 +0100, Adam D. Barratt wrote:
> > > > > On Mon, 2023-10-02 at 21:24 +0800, Shao-Fu Chen wrote:
> > > > > > Hello,
> > > > > > We have already updated the firewall configuration to
> > > > > > accept
> > > > > > the
> > > > > > two
> > > > > > IP addresses and sent a response mail back then. 
> > > > > > However, it is sorry that we didn't notice the response
> > > > > > mail
> > > > > > had
> > > > > > been
> > > > > > bounced back due to the wrong configurations on our mail
> > > > > > service.
> > > > > > I can confirm that 140.211.166.217 can successfully trigger
> > > > > > pushes
> > > > > > before September 22nd. If everything is OK, please re-
> > > > > > enable
> > > > > > pushes.
> > > > > > 
> > > > > 
> > > > > Thanks for confirming.
> > > > > 
> > > > > I've re-enabled pushes.
> > > > 
> > > > The first automated push attempt failed:
> > > > 
> > > > ===
> > > > bash: warning: setlocale: LC_ALL: cannot change locale (C.UTF-
> > > > 8)
> > > > /bin/sh: warning: setlocale: LC_ALL: cannot change locale
> > > > (C.UTF-8)
> > > > bash: warning: setlocale: LC_ALL: cannot change locale (C.UTF-
> > > > 8)
> > > > Timeout, server debian.cs.nctu.edu.tw not responding.
> > > > ===
> > > > 
> > > > Manual attempts to connect to the server also fail currently,
> > > > but
> > > > worked yesterday evening:
> > > > 
> > > > adsb@mirror-osuosl:~$ nc -v debian.cs.nctu.edu.tw 22
> > > > nc: connect to debian.cs.nctu.edu.tw (140.113.17.5) port 22
> > > > (tcp)
> > > > failed: No route to host
> > > > 
> > > > An MTR from the same host looks fine. Is it being filtered on
> > > > your
> > > > side
> > > > somewhere?
> > > > 
> > > > Regards,
> > > > 
> > > > Adam
> > > >
Reply to: