Locked myself out of VPS. Dumb Mistake.

xaitmi

So basically my SSH port used to be something other than 22.

So I edited sshd_config (its a centos 6 vps) and changed it back to 22 and restarted the SSH service.

What I forgot to do was open up port 22 in iptables.

So now I'm locked out of my Crissic OpenVZ box.

Great....so I can go to serial console and fix it.

But I haven't been able to use serial console since January.

Whenever I try to SSH with serial console details I get

ssh_exchange_identification: read: Connection reset by peer

Are there any ways to fix the issue without having to wait for support to get back to me tomorrow? Will the reconfigure network in SolusVM button do anything for an OpenVZ VPS?

0xdragon

Congratulations, you've now reached a stage where you can open a ticket.

Riz

I imagine support should be able to help you out since it's OVZ as they may be able to pull up a console locally.

xaitmi

@0xdragon said:
Congratulations, you've now reached a stage where you can open a ticket.

For serial console:
ssh_exchange_identification: read: Connection reset by peer

Just confirming, that's not an issue on my side right?

It's been happening for more than a month

Riz

Unless something is dropping the connection on your side (java, SSL, or a firewall of some sort), I'd guess it to be on their side. Maybe someone else with a Crissic box can chime in.

xaitmi

@Riz said:
Unless something is dropping the connection on your side (java, SSL, or a firewall of some sort), I'd guess it to be on their side. Maybe someone else with a Crissic box can chime in.

Just tested on all 3 of my crissic boxes.
On
LAXOVZ03
and
MIAOVZ13

Same serial console issue.

MIAOVZ10 serial console works.

Their side issue confirmed.

Layer03

The console not working is 100% an issue on their end, its firewall related (etc/hosts.deny)

Are you running CSF on your VPS?

xaitmi

@Layer03 said:
The console not working is 100% an issue on their end, its firewall related (etc/hosts.deny)

Are you running CSF on your VPS?

No csf just iptables.

ErawanArifNugroho

The console, usually comes with an IP+port+password to login. Have you tried other than using java?

ajgarett

@xaitmi: I'm on MIAOVZ13 as well, confirming that it's not just you re the serial console.

For some reason, the server resets the connection after 5 seconds:

[root@web-01 ~]# tcpdump -vvvvv -n 'dst net 107.150.0.XX || src net 107.150.0.XX'
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
05:19:53.015059 IP (tos 0x0, ttl 64, id 3367, offset 0, flags [DF], proto TCP (6), length 60)
    159.203.4.90.57770 > 107.150.0.XX.ssh: Flags [S]
05:19:53.060091 IP (tos 0x0, ttl 55, id 0, offset 0, flags [DF], proto TCP (6), length 60)
    107.150.0.XX.ssh > 159.203.4.90.57770: Flags [S.]
05:19:53.060215 IP (tos 0x0, ttl 64, id 3368, offset 0, flags [DF], proto TCP (6), length 52)
    159.203.4.90.57770 > 107.150.0.XX.ssh: Flags [.]
05:19:53.066804 IP (tos 0x0, ttl 64, id 3369, offset 0, flags [DF], proto TCP (6), length 73)
    159.203.4.90.57770 > 107.150.0.XX.ssh: Flags [P.]
05:19:53.112191 IP (tos 0x0, ttl 55, id 41087, offset 0, flags [DF], proto TCP (6), length 52)
    107.150.0.XX.ssh > 159.203.4.90.57770: Flags [.]
05:19:58.114204 IP (tos 0x0, ttl 55, id 41088, offset 0, flags [DF], proto TCP (6), length 52)
    107.150.0.XX.ssh > 159.203.4.90.57770: Flags [R.]

Why it's sending that reset I have no clue.

This is the first host of 7 I'm overjoyed to not renew my service with, it's just gone downhill so much in the last ~3 months.

Edit: By any chance have you experienced random slowdown/increased load averages due to iowait? Since you're on the same physical node as me it appears.

xaitmi

@ErawanArifNugroho said:
The console, usually comes with an IP+port+password to login. Have you tried other than using java?

Yes. And @ajgarett has confirmed it's not just me as well.

@ajgarett said:

By any chance have you experienced random slowdown/increased load averages due to iowait? Since you're on the same physical node as me it appears.

Yes.

I host a database server for one of my websites on that node and the reason why I was messing with the box today was so that I could prepare to move everything over to HostUs.

Ever since Quadranet took over, the boxes slow down for long periods of times before going back to "normal", and sometimes the network latency goes crazy.

HostUs is my Crissic replacement, I had ~ 15 VPS's with Crissic prior to Quadranet swallowing them, and now I only have 3 left with Crissic.

HostUs has been awesome, prices are dirt cheap, support is awesome, and you get a lot for what you pay for.

@AlexanderM does a great job running that ship. Going to pickup another one of his $12/year boxes tomorrow once Crissic fixes my VPS and finish the migration

shovenose

As a Crissic customer, I will never ever buy or consider a Quadranet service, simply because of how poorly they are treating us. The service really is crap now.

ajgarett

@xaitmi said:
AlexanderM does a great job running that ship. Going to pickup another one of his $12/year boxes tomorrow once Crissic fixes my VPS and finish the migration

Huh, I'll keep him in mind once my digital ocean credit runs out. Hopefully there'll be SSD nodes in a few months. Thanks for the tip!

@shovenose said:
As a Crissic customer, I will never ever buy or consider a Quadranet service, simply because of how poorly they are treating us. The service really is crap now.

Yes, so much yes.

AlexBarakov

You guys still do not understand that this is the main intention of QuadraNet - to provide shitty services, as you are just using up their IP aquisition. I've worked with them before - they are definetely competent enough to run a small-scale VPS host. They just do not want to and the Crissic aquisition was about IP space, not about lowend VPS.

Ikoula

Hello,

By any chance are you able to boot on an ISO like rescue cd if so you could mount your partitions revert ssh conf to your other port ?

eastonch

Only way i can see this to be resolved is to get the host to enter the vm once it's booted from the host node and then edit the iptables config, you could provide them with a single command to run; and they can literally do something like "vzctl exec {vmid} {command}"

century1stop

try using a desktop vnc application like Tightvnc to connect your box (node_ip:node_vm_port)

MikePT

Feel free to PM me and I'll see what I can do for you, no guarantees, though, and for free.

@Ikoula said:
Hello,

By any chance are you able to boot on an ISO like rescue cd if so you could mount your partitions revert ssh conf to your other port ?

It's OpenVZ mate! :P

Clouvider

@Ikoula said:
Hello,

By any chance are you able to boot on an ISO like rescue cd if so you could mount your partitions revert ssh conf to your other port ?

On OpenVZ?

Ikoula

@MrGeneral @Clouvider in our cloud you can boot on anything you want so that's what i would have done in this situation i did not know if it was possible on openvz that's why i started my comment question by "by any chance".

shovenose

@AlexBarakov said:
You guys still do not understand that this is the main intention of QuadraNet - to provide shitty services, as you are just using up their IP aquisition. I've worked with them before - they are definetely competent enough to run a small-scale VPS host. They just do not want to and the Crissic aquisition was about IP space, not about lowend VPS.

Oh, I understand completely, but fuck them in the ass with a 4u supermicro because they act like everything is going great.

rsk

If it is openvz, and you request console access from SolusVM ... you can use those details on putty, and it will drop you right in. You do not need to wait for them

khuongcomputer

Confirmed that Crissic SolusVM's Console access didn't connect. Looks like they didn't open the port on the ip so your connection will be refused. You will have to open a ticket then.

Falzo

go with @MrGeneral :-)

ElCheapo probably will hack into your box right over mysql, if every other starting point fails ^^

xaitmi

Hi guys, just an update.

Crissic responded to my ticket and fixed my VPS a few minutes ago, they also fixed the serial console issue.

TheOnlyDK

@rsk said:
If it is openvz, and you request console access from SolusVM ... you can use those details on putty, and it will drop you right in. You do not need to wait for them

Did you read the thread? He said the serial console is not working for him.

KuJoe

@xaitmi said:
Hi guys, just an update.

Crissic responded to my ticket and fixed my VPS a few minutes ago, they also fixed the serial console issue.

Glad to hear it!

Another situation where opening a support ticket was 100000000x better than a thread on LET.

century1stop

LowEndHelpdesk is so inefficient

xaitmi

@KuJoe said:
Another situation where opening a support ticket was 100000000x better than a thread on LET.

@century1stop

The reason I opened a thread here was to see if there was a way to fix it without waiting for them.

And we also established that it was not just me having the serial console issue.

century1stop

it's okay, just trolling

@xaitmi said:
And we also established that it was not just me having the serial console issue.

iKeyZ

@TheOnlyDK said:
Did you read the thread? He said the serial console is not working for him.

I believe @rsk was talking about in Solus when you request the console session (before the console even loads) it also generates a user/pass you can connect to SSH with. Unless he could not even get to that page..