Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


SSH Signature on my LEB changed, no networking
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

SSH Signature on my LEB changed, no networking

d60ebad60eba Member

Hi all,

I'm wondering if anyone's seen this before and might know what it is. I have a LEB from one of the providers on lowendbox.com. Here's what happening shortly after getting the box:

  • The website it's hosting goes down
  • I SSH in to see what's happened but the SSH signature has changed (Putty warns)
  • I use the serial console to get in. From the console I check the signature, indeed the signature when SSHing in is not what it should be
  • From the console I have no networking out (GET google.com just hangs)
  • I can shut the VM down and yet it still responds to pings (and SSH)

Really weird. Any ideas what could be going on here?

Thanks!

Comments

  • NekkiNekki Veteran

    You've been hacked, bro.

  • ATHKATHK Member

    ^ that or your ip is assigned to two accounts..

    Did you bother to raise a ticket before posting here?

  • Or you are just not using the correct IP (IP of your VPS)

  • Probably the IP somehow got assigned to a different VM. Ticket your provider.

  • Thanks guys.

    I think the dual IP assignation is more likely. Yeah I posted a ticket but they ran a SolusVM networking script and rebooted the VPS, which fixed things initially. Now, however, rebooting the VPS doesn't fix it. As I mentioned I can have the VM totally shut down and still SSH over (and get the signature warning).

    I will ticket them again with this further info!

  • Please state the providers name so the rest of us can avoid it.

  • Sometimes when OpenVZ node has high load, solusvm does not do stuff such as delete container or IP properly, so sometimes you get an IP that someone else is using :(

  • d60ebad60eba Member
    edited April 2015

    @varwww it's ****. I'm still waiting on a reply to the ticket.

    I'll let you know what happens

  • IshaqIshaq Member

    There is no point shaming a provider, they might not even be aware the IP is being used by more than 1 container.

  • @varwww said:
    Please state the providers name so the rest of us can avoid it.

  • @Ishaq OK, well let's wait and see what happens and I'll give the full report. I removed their name in the meantime

  • zedzed Member

    @Ishaq said:
    There is no point shaming a provider, they might not even be aware the IP is being used by more than 1 container.

    Not sure if funny or sad.

  • AnthonySmithAnthonySmith Member, Patron Provider

    d60eba said: I can shut the VM down and yet it still responds to pings (and SSH)

    If it is OpenVZ it is 99% likely that the same IP has been assigned to 2 containers, if Xen/KVM they dont have ebtables running and someone is spoofing your IP probably.

  • Indeed, this was a mess created on our end.

    The IP assigned to the OP's VPS appears to have still been attached to another VPS (not fully removed).

    In other words, while SolusVM showed it as removed, it wasn't completely removed as we did not correctly restart the networking / VPS itself. As a result, the IP was still assigned to that VPS, even though it was not really in use.

    Anyways, to prevent this issue in the future, I will follow up with each IP address change / ticket to ensure everything is properly done. I have also compensated the OP for the whole mess which should not have happened in the first place.

    Thanked by 1linuxthefish
  • Hi,

    Just to follow up - the host fixed the problem which was indeed a dual IP assignment. It seems to have been a uncommon situation. Pros and cons of this experience with the host:

    Cons

    • Took 3 days from first notifying them of the problem to it being fixed (not helped by initally mis-diagnosing the problem)
    • Ticket response time not brilliant (3hrs / 8hrs /14 hrs)

    Pros

    • Fully accepted the error and offered me a free year in recompense
    • Took everything seriously
    • Support tickets were well written and personable

    Overall, this seems to be a one off that they were unable to diagnose initially because they'd never seen it before. All dealings with them were excellent, if a little slow.

    I'd still recommend them overall. (You can find out the host by stalking @Coastercraze ;-)

  • 4n0nx4n0nx Member

    @d60eba Just tell the name seriously

  • AnthonySmithAnthonySmith Member, Patron Provider

    @4n0nx said:
    d60eba Just tell the name seriously

    It makes no difference, this can happen to any host using solusvm or virtualizor, they both leave behind 'ghost' VM's on occasion I have been writing about this for 2 years and still find them from time to time myself.

    It happens when the terminate takes to long or the LVM is busy, there is no validation so it gets removed from the solusvm/virtualisor database but the VPS itself is left behind as a relic.

    Thanked by 1CharlesA
  • I've only had this happen once for me, and it was taken care of in 5 minutes by support. The explanation they gave was the same as given by AnthonySmith.

  • aegaeg Member

    Would I be correct in guessing this was Host Mist?

    If I were running a provider and absolutely had to use software that was prone to doing this, you can be sure I'd set up a cron job to watch for duplicate assignments.

  • @aeg said:
    Would I be correct in guessing this was Host Mist?

    Yes.

    If I were running a provider and absolutely had to use software that was prone to doing this, you can be sure I'd set up a cron job to watch for duplicate assignments.

    • IPs are in a pool

    • IP was assigned to a KVM based VPS previously. User requested to remove IPs and we did, but we did not reboot their VPS, so that IP was still there.

    • OP's VPS is an OpenVZ VPS (different server). That IP was automatically assigned upon creation.

    Anyways, it's fixed now. I've made appropriate policy changes to ensure it doesn't happen again.

Sign In or Register to comment.