UFW rule allows SSH scan?

Linux Kernel, Network, and Services configuration.
Post Reply
Message
Author
tl5k5
Posts: 23
Joined: 2017-12-22 19:31

UFW rule allows SSH scan?

#1 Post by tl5k5 »

Hello all,
I've deployed a VPS on racknerd.
Why do scans show my SSH open and and can give the SSH fingerprint with my exclusive allow rule below?
Is there an additional rule I'm missing?

Code: Select all

     To                         Action      From
 22/tcp                     ALLOW IN    "my WAN IP"
Thanks!!

Aki
Global Moderator
Global Moderator
Posts: 3980
Joined: 2014-07-20 18:12
Location: Europe
Has thanked: 109 times
Been thanked: 523 times

Re: UFW rule allows SSH scan?

#2 Post by Aki »

Hello,

What Debian version do you have installed ?

Can you please elaborate your question ?
⢀⣴⠾⠻⢶⣦⠀
⣾⠁⢠⠒⠀⣿⡁ Debian - The universal operating system
⢿⡄⠘⠷⠚⠋⠀ https://www.debian.org
⠈⠳⣄⠀

tl5k5
Posts: 23
Joined: 2017-12-22 19:31

Re: UFW rule allows SSH scan?

#3 Post by tl5k5 »

12.8

When I test the rule by trying to SSH into the VPS from a different WAN address, the firewall does keep me from accessing it.
When I scan the VPS IP, how am I able to find this information using a services from outside my WAN address?

Aki
Global Moderator
Global Moderator
Posts: 3980
Joined: 2014-07-20 18:12
Location: Europe
Has thanked: 109 times
Been thanked: 523 times

Re: UFW rule allows SSH scan?

#4 Post by Aki »

Hello,

Can you report the complete output of the following command ?

Code: Select all

ufw status verbose
What is the program or site you used to scan the ports of your virtual server ?

--
note: please, paste text in messages instead of pictures, if possible.
⢀⣴⠾⠻⢶⣦⠀
⣾⠁⢠⠒⠀⣿⡁ Debian - The universal operating system
⢿⡄⠘⠷⠚⠋⠀ https://www.debian.org
⠈⠳⣄⠀

tl5k5
Posts: 23
Joined: 2017-12-22 19:31

Re: UFW rule allows SSH scan?

#5 Post by tl5k5 »

I've used zenmap on a different WAN and both websites shodan.io and criminalip.io.

UFW:

Code: Select all

Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), disabled (routed)
New profiles: skip

To                         Action      From
--                         ------      ----
22/tcp                     ALLOW IN    "my WAN IP"
21114:21119/tcp            ALLOW IN    Anywhere
21116/udp                  ALLOW IN    Anywhere
8000/tcp                   ALLOW IN    Anywhere
80/tcp                     ALLOW IN    Anywhere
443/tcp                    ALLOW IN    Anywhere
Anywhere                   DENY IN     "huge list of geo blocked IPs"
21114:21119/tcp (v6)       ALLOW IN    Anywhere (v6)
21116/udp (v6)             ALLOW IN    Anywhere (v6)
8000/tcp (v6)              ALLOW IN    Anywhere (v6)
80/tcp (v6)                ALLOW IN    Anywhere (v6)
443/tcp (v6)               ALLOW IN    Anywhere (v6)
80 (v6)                    ALLOW IN    Anywhere (v6)
443 (v6)                   ALLOW IN    Anywhere (v6)

Scan Output:

Code: Select all

Current Open Ports
TCP22

Product
OpenSSH

Version
9.2p1

Service
SSH

Socket
TCP

Confirmed time
2024-11-06 11:42:57 UTC

Banner
SSH-2.0-OpenSSH_9.2p1 Debian-2+deb12u3
Key: Axxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx=
Algorithm: ecdsa-sha2-nistp256
Fingerprint: 1xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx4

Kex Algorithms:
sntrup761x25519-sha512@openssh.com
curve25519-sha256
curve25519-sha256@libssh.org
ecdh-sha2-nistp256
ecdh-sha2-nistp384
ecdh-sha2-nistp521
diffie-hellman-group-exchange-sha256
diffie-hellman-group16-sha512
diffie-hellman-group18-sha512
diffie-hellman-group14-sha256
kex-strict-s-v00@openssh.com

Server Host Key Algorithms:
rsa-sha2-512
rsa-sha2-256
ecdsa-sha2-nistp256
ssh-ed25519

Encryption Algorithms:
chacha20-poly1305@openssh.com
aes128-ctr
aes192-ctr
aes256-ctr
aes128-gcm@openssh.com
aes256-gcm@openssh.com

Mac Algorithms:
umac-64-etm@openssh.com
umac-128-etm@openssh.com
hmac-sha2-256-etm@openssh.com
hmac-sha2-512-etm@openssh.com
hmac-sha1-etm@openssh.com
umac-64@openssh.com
umac-128@openssh.com
hmac-sha2-256
hmac-sha2-512
hmac-sha1

Compression Algorithms:
none
zlib@openssh.com

Post Reply