I got a problem and i dont understand why i got 1 router with vyos 1.3 2020001311637 and another one with vyos 1.3 202005130117 ( backup ) so we put the backup router with vyos online and turned vyos 1.3 2020001311637 off to use the new server.
Vyos 202005130117 - The problem is it complets eat the ram, first i had 8GB on it so i added another 4, 12 total and is totaly strange ower ram usage on the old one was stable 4-5gb not more on the new one 1 min stay at 4-5gb 1 min 12gb and i just makes like this over and over again.
The routers has same configurationsâŠetc only the vyos version diffrent
On the old one never had this problems was allways oscilating betwork 4-5gb
O and on the net one sometimes when the ram gets fuly it just kills my ssh process and on the screen it shows out of memory âŠetc
Dose anyone had any ideea regarding this ? Add more ram ? How much ?
Youâd be better off to try and understand whatâs using all the memory.
What does top show?
As per this post it might be helpful to capture all the files in /var/log/atop
I have no idea of the config on your router, or its average memory load though, maybe you DO need more RAM? I doubt it though if itâs been stable with this amount previously.
We got 2 mil tables, multiple providers, metro and international.
From what i see now is all ok, i founded the problem , ssh brute force on the router, when the usage is ok there is only 2 ssh process when the usage gets crazy it has 10 15 ssh process and ram usage 10% / each
So i restricted ssh and i see is all ok, i have to read and search sone firewall good rules for the entire network even to blacklist spam ips cuz is complet crazy getting way to manny spam mails like before we had mikrotik and used spam lists âŠetc
Whell for ssh just restricted at the moment to an ip cuz it was on 0.0.0.0.
If you mean the âfirewallâŠetcâ i will make a new topic with ower firewall staff we made because i have a problem there so i dont whant to write here about it.
Keep an eye on the comunity tomorrow i will try to make the topic regarding firewall maybe it will help other ppl or even me.
These rules allow SSH traffic and rate limit it to 4 requests per minute. This blocks brute-forcing attempts:
set firewall name OUTSIDE-LOCAL rule 30 action âdropâ
set firewall name OUTSIDE-LOCAL rule 30 destination port â22â
set firewall name OUTSIDE-LOCAL rule 30 protocol âtcpâ
set firewall name OUTSIDE-LOCAL rule 30 recent count â4â
set firewall name OUTSIDE-LOCAL rule 30 recent time â60â
set firewall name OUTSIDE-LOCAL rule 30 state new âenableâ
set firewall name OUTSIDE-LOCAL rule 31 action âacceptâ
set firewall name OUTSIDE-LOCAL rule 31 destination port â22â
set firewall name OUTSIDE-LOCAL rule 31 protocol âtcpâ
set firewall name OUTSIDE-LOCAL rule 31 state new 'enable
I have found that just running ssh on another port like 5555 or whatever, instead of 22, essentially ends any brute force attacks on my router.
We dont use default ssh port but i dont understand why we got planty of this staff and when i mean planty is lots lots
Jun 02 12:13:28 vyos sshd[27324]: Disconnected from authenticating user root 190.145.5.170 port 40084 [preauth]
Jun 02 12:13:28 vyos sshd[27326]: Failed password for root from 106.13.198.131 port 51684 ssh2
Jun 02 12:13:29 vyos sshd[27326]: Received disconnect from 106.13.198.131 port 51684:11: Bye Bye [preauth]
Jun 02 12:13:29 vyos sshd[27326]: Disconnected from authenticating user root 106.13.198.131 port 51684 [preauth]
Jun 02 12:13:33 vyos sshd[27328]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.228.13 user=root
Jun 02 12:13:35 vyos sshd[27328]: Failed password for root from 106.13.228.13 port 44426 ssh2
Are you running ssh on another port that is known to be used for ssh as well? I run mine in port 5xx and I get no attempted logins that arenât me. Odd.
Iâd think the attempt limiting firewall setup from above would be your best option if you want to allow ssh from all sources. You could even reduce the number of allowed tries.
and i just makes like this over and over again.