1664 SSH Login failures

[Julien_Mariskani]

Hello;
I have a small problem on my NAS, from time to time (about every 6 hours) an alert informs me of an SSL error, here is the error message in question:

1664 SSH login failures: Sep 22 00:33:34 truenas 1 2022-09-22T00:33:34.380342+02:00 truenas.local sshd 25578 - - error: kex_exchange_identification: client sent invalid protocol identifier "GET / HTTP/1.1" Sep 22 00:33:34 truenas 1 2022-09-22T00:33:34.380737+02:00 truenas.local sshd 25578 - - banner exchange: Connection from 223.71.167.165 port 42643: invalid format ... 1660 more ... Sep 22 22:54:50 truenas 1 2022-09-22T22:54:50.161121+02:00 truenas.local sshd 22459 - - Invalid user from 118.193.59.59 port 35340 Sep 22 22:54:50 truenas 1 2022-09-22T22:54:50.194599+02:00 truenas.local sshd 22459 - - Connection closed by invalid user 118.193.59.59 port 35340 [preauth]​

Can anyone help me figure out what's wrong and how to fix it? Thanking you!

TrueNAS-13.0-U2 - 4 GO RAM - Intel pentium dual-core 2.5Ghz - 2to x2

 

[Samuel Tai]

Why do you have your NAS exposed to the Internet? These are hackers trying to break into your system via SSH.

 

[Julien_Mariskani]

Why do you have your NAS exposed to the Internet? These are hackers trying to break into your system via SSH.

Because I stream and I also have a website host on it to be able to work from anywhere, do I have to disable SSL? Thank you for your quick reply

 

[danb35]

Yeah, the primary problem is that your NAS is exposed to the Internet. SSH is pretty secure, assuming you've configured it to be so; the web UI, though, isn't designed to be exposed to an insecure network.

A secondary problem is that your system has only 25% of the minimum required RAM for TrueNAS 13.

 

[Julien_Mariskani]

Yeah, the primary problem is that your NAS is exposed to the Internet. SSH is pretty secure, assuming you've configured it to be so; the web UI, though, isn't designed to be exposed to an insecure network.

A secondary problem is that your system has only 25% of the minimum required RAM for TrueNAS 13.

Thank you for your answer, it is therefore not possible for me to access my nas securely by FTP from the outside. Looks like SFTP was secure, right?

 

[Julien_Mariskani]

Yeah, the primary problem is that your NAS is exposed to the Internet. SSH is pretty secure, assuming you've configured it to be so; the web UI, though, isn't designed to be exposed to an insecure network.

A secondary problem is that your system has only 25% of the minimum required RAM for TrueNAS 13.

Concerning the RAM I know that it is recommended to have at least 8 GB, only before investing in more adequate hardware I look at what it is possible to do with a nas, see if it corresponds to my needs

 

[Julien_Mariskani]

Yeah, the primary problem is that your NAS is exposed to the Internet. SSH is pretty secure, assuming you've configured it to be so; the web UI, though, isn't designed to be exposed to an insecure network.

A secondary problem is that your system has only 25% of the minimum required RAM for TrueNAS 13.

I just removed the SSH from my NAS, is FTP access to my NAS secure? (I don't store confidential files there, only I don't want to lose all of my backups)

 

[danb35]

I know that it is recommended to have at least 8 GB

The standard is 16 GB, not 8 GB. And FTP is horribly insecure. SFTP can be secure if configured properly. As I said above, the web UI should not be available over the Internet.

 

[Julien_Mariskani]

The standard is 16 GB, not 8 GB. And FTP is horribly insecure. SFTP can be secure if configured properly. As I said above, the web UI should not be available over the Internet.

Hello, thank you for your answer, so on the freenas official site it is clearly marked that you need at least 8 GB of RAM, I have the link below.

Recommandations matérielles et bonnes pratiques pour FreeNAS/TrueNAS

Ce post rassemble des informations importantes pour le choix du matériel pour FreeNAS. Il est librement inspiré des recommandations officielles ainsi que des discussions issues du forum. [Disponible en format PDF également] La documentation...

www.truenas.com

When you say web UI, freenas interface?

 

[Julien_Mariskani]

The standard is 16 GB, not 8 GB. And FTP is horribly insecure. SFTP can be secure if configured properly. As I said above, the web UI should not be available over the Internet.

Besides, for which operation our freenas would require 16 GB of RAM. I don't have much hindsight yet, but it didn't bug once. Even doing a transfer of 2 TB by FTP + streaming no bug.

 

[danb35]

so on the freenas official site it is clearly marked that you need at least 8 GB of RAM

There's nothing "official" about that--it's a user-submitted guide from three years and two major releases ago.

for which operation our freenas would require 16 GB of RAM.

I'm not going to argue the point--the requirement is what it is; use less at your own risk.

 

[joeschmuck]

Hello, thank you for your answer, so on the freenas official site it is clearly marked that you need at least 8 GB of RAM, I have the link below.

The current guide states 8GB is the minimum, not the recommended. you are running half the minimum. From the 2021 guide update which is fairly accurate the minimum is 8GB and recommended is 16GB (you must read the entire guide and then make a judgment call.) While 8GB for a bare metal system will allow basic NAS operation, there are a lot of TrueNAS features that you will not be able to perform or you might have a significant speed penalty. If you read the 2021 recommended hardware guide it does recommend 16GB.

If you want to know if you are running out of RAM, just look at your SWAP partitions, if it is anything above zero (0) then Swap was used and you did run out of memory. For myself, aby Swap usage above 4k is excessive. System stability drops the more swap space you use.

And as @danb35 said, it's not an "official" guide. It was something one of the volunteer moderators put together in order to assist people building a system. Yo have no idea the number of requests that say "Will this work?" or "Could everyone check out my hardware and see if it will all work with TrueNAS, and btw, I'm not telling you what I plan to do with it." So a guide, even though not official, helps cut down on the request like this, but unfortunately not enough.

So do not think we are beating up on you about your RAM situation. We are actually trying to give you some sound advice and a warning that your RAM is too low. Maybe you will come back and tell us that the Swap file reads zero (0) and if so, then you should be safe. but if it's periodically using swap space, that isn't good.

 

[Julien_Mariskani]

The current guide states 8GB is the minimum, not the recommended. you are running half the minimum. From the 2021 guide update which is fairly accurate the minimum is 8GB and recommended is 16GB (you must read the entire guide and then make a judgment call.) While 8GB for a bare metal system will allow basic NAS operation, there are a lot of TrueNAS features that you will not be able to perform or you might have a significant speed penalty. If you read the 2021 recommended hardware guide it does recommend 16GB.

If you want to know if you are running out of RAM, just look at your SWAP partitions, if it is anything above zero (0) then Swap was used and you did run out of memory. For myself, aby Swap usage above 4k is excessive. System stability drops the more swap space you use.

And as @danb35 said, it's not an "official" guide. It was something one of the volunteer moderators put together in order to assist people building a system. Yo have no idea the number of requests that say "Will this work?" or "Could everyone check out my hardware and see if it will all work with TrueNAS, and btw, I'm not telling you what I plan to do with it." So a guide, even though not official, helps cut down on the request like this, but unfortunately not enough.

So do not think we are beating up on you about your RAM situation. We are actually trying to give you some sound advice and a warning that your RAM is too low. Maybe you will come back and tell us that the Swap file reads zero (0) and if so, then you should be safe. but if it's periodically using swap space, that isn't good.

Thank you very much for your return, as much for me I thought it was official, despite the fact that I have absolutely no doubt that I lack RAM on my server, I just wanted to know what it really impacted. Because if these are functionalities that are useless to me then I don’t care, what is it that I risk to stay on 4GB? It’s an old DDR2 machine, only 2 slots are available, so I could never upgrade 16GB on this machine but 8GO at most.. Would it do? What if it doesn’t?

 

[joeschmuck]

I just wanted to know what it really impacted.

System stability as memory is constantly swapped in/out of the Swap file space. And it slows things down but that in itself may not be a limiting factor for you. I'm not going to tell you that you have to stop, it's your decision. We as a community just wanted to communicate that 4GB is not the minimum requirement and you could have stability issues. We have seen stability issues in the past running low RAM.

Anyway, I hope your system runs flawlessly for what you are doing with it.

Take care.

 

[ChrisRJ]

I just removed the SSH from my NAS, is FTP access to my NAS secure? (I don't store confidential files there, only I don't want to lose all of my backups)

I don't want to sound rude. But are you really, really sure you want to open your system to the Internet at the moment? Your network and security knowledge seems somewhat limited.

For me, and for the question at hand, there is not really a difference between confidential files and backups. Both are precious, perhaps in a different way; although I would assume your backup contains things you would not want to see published. But the real question is, whether or not you want others to have access. Access can be used to copy and publish things, or to delete them. So I personally would be very much concerned in this case.

 

[Julien_Mariskani]

I don't want to sound rude. But are you really, really sure you want to open your system to the Internet at the moment? Your network and security knowledge seems somewhat limited.

For me, and for the question at hand, there is not really a difference between confidential files and backups. Both are precious, perhaps in a different way; although I would assume your backup contains things you would not want to see published. But the real question is, whether or not you want others to have access. Access can be used to copy and publish things, or to delete them. So I personally would be very much concerned in this case.

I just installed TrueNas to be able to learn more on the job, when I talk about backup it is actually mostly about the folder, so no worries if its files end up in someone else’s hands, same for my plex streaming

 

[ChrisRJ]

I just removed the SSH from my NAS, is FTP access to my NAS secure?

If you feel compelled to "add" your question to an existing thread, which is not the usual way, please read the earlier messages. They contain exactly the answer to your question.

In addition, I would recommend to read the forum rules (in red at the top middle screen) how to get the best possible responses.

 

[rvassar]

I just removed the SSH from my NAS, is FTP access to my NAS secure?

Definitively no. You're effectively broadcasting your password. FTP sends your password in plain clear text. Any other host on the network, or any networks the connection transits can grab your password just by listening. FTP is a 1980's cold war era protocol designed when the Internet consisted of a few hundred machines, and US law classified anything larger than a 40 bit encryption key a munition. It's a historical artifact at this point. Do not use it, not even on a secure disconnected network.

 

[Patrick M. Hausen]

I just removed the SSH from my NAS, is FTP access to my NAS secure?

FTP is never secure. It's a nightmare of a protocol to NAT/firewall and everything is unencrypted.

SSH/SFTP can be reasonably secure. Diisable root login. Disable password authentication. Use private/public keys for all users.