Debian User Forums

The Debian Project User and Community Forums
https://plethora.debian.net/

UFW rule allows SSH scan?

https://plethora.debian.net/viewtopic.php?t=160955

Page 1 of 1

UFW rule allows SSH scan?

Posted: 2024-11-14 16:38
by tl5k5
Hello all,
I've deployed a VPS on racknerd.
Why do scans show my SSH open and and can give the SSH fingerprint with my exclusive allow rule below?
Is there an additional rule I'm missing?

Code: Select all

     To                         Action      From
 22/tcp                     ALLOW IN    "my WAN IP"
Thanks!!

Re: UFW rule allows SSH scan?

Posted: 2024-11-14 19:07
by Aki
Hello,

What Debian version do you have installed ?

Can you please elaborate your question ?

Re: UFW rule allows SSH scan?

Posted: 2024-11-14 19:38
by tl5k5
12.8

When I test the rule by trying to SSH into the VPS from a different WAN address, the firewall does keep me from accessing it.
When I scan the VPS IP, how am I able to find this information using a services from outside my WAN address?

Re: UFW rule allows SSH scan?

Posted: 2024-11-15 07:27
by Aki
Hello,

Can you report the complete output of the following command ?

Code: Select all

ufw status verbose
What is the program or site you used to scan the ports of your virtual server ?

--
note: please, paste text in messages instead of pictures, if possible.

Re: UFW rule allows SSH scan?

Posted: 2024-11-15 15:21
by tl5k5
I've used zenmap on a different WAN and both websites shodan.io and criminalip.io.

UFW:

Code: Select all

Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), disabled (routed)
New profiles: skip

To                         Action      From
--                         ------      ----
22/tcp                     ALLOW IN    "my WAN IP"
21114:21119/tcp            ALLOW IN    Anywhere
21116/udp                  ALLOW IN    Anywhere
8000/tcp                   ALLOW IN    Anywhere
80/tcp                     ALLOW IN    Anywhere
443/tcp                    ALLOW IN    Anywhere
Anywhere                   DENY IN     "huge list of geo blocked IPs"
21114:21119/tcp (v6)       ALLOW IN    Anywhere (v6)
21116/udp (v6)             ALLOW IN    Anywhere (v6)
8000/tcp (v6)              ALLOW IN    Anywhere (v6)
80/tcp (v6)                ALLOW IN    Anywhere (v6)
443/tcp (v6)               ALLOW IN    Anywhere (v6)
80 (v6)                    ALLOW IN    Anywhere (v6)
443 (v6)                   ALLOW IN    Anywhere (v6)

Scan Output:

Code: Select all

Current Open Ports
TCP22

Product
OpenSSH

Version
9.2p1

Service
SSH

Socket
TCP

Confirmed time
2024-11-06 11:42:57 UTC

Banner
SSH-2.0-OpenSSH_9.2p1 Debian-2+deb12u3
Key: Axxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx=
Algorithm: ecdsa-sha2-nistp256
Fingerprint: 1xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx4

Kex Algorithms:
sntrup761x25519-sha512@openssh.com
curve25519-sha256
curve25519-sha256@libssh.org
ecdh-sha2-nistp256
ecdh-sha2-nistp384
ecdh-sha2-nistp521
diffie-hellman-group-exchange-sha256
diffie-hellman-group16-sha512
diffie-hellman-group18-sha512
diffie-hellman-group14-sha256
kex-strict-s-v00@openssh.com

Server Host Key Algorithms:
rsa-sha2-512
rsa-sha2-256
ecdsa-sha2-nistp256
ssh-ed25519

Encryption Algorithms:
chacha20-poly1305@openssh.com
aes128-ctr
aes192-ctr
aes256-ctr
aes128-gcm@openssh.com
aes256-gcm@openssh.com

Mac Algorithms:
umac-64-etm@openssh.com
umac-128-etm@openssh.com
hmac-sha2-256-etm@openssh.com
hmac-sha2-512-etm@openssh.com
hmac-sha1-etm@openssh.com
umac-64@openssh.com
umac-128@openssh.com
hmac-sha2-256
hmac-sha2-512
hmac-sha1

Compression Algorithms:
none
zlib@openssh.com
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited