Ytdyklly

I recently installed WireGuard so I can tunnel DNS request to the VPN.
I also have portsentry and fail2ban but now I disabled them until I find the solution to the problem.

When I login into my user in ssh, everything is ok. But I have to wait several minutes before the second login, even if I close the first connection, if not it tries a long time to connect but the connection is timed out. I have this problem only on wan, not on lan.
In other device (a smartphone) I can check that if I disable the VPN I can login several times without problems.
But what is really weird is that in my pc, even if I disable the VPN I have the same problem (and DNS without VPN are 8.8.8.8 and 9.9.9.9).

In /var/log/auth.log I could see the warning "POSSIBLE BREAK-IN ATTEMPT!" pointing to my IP. So, it must be a DNS reverse advice.
I disabled these warnings adding UseDNS no to the system's sshd_config file.
I still have this second login problem even now.

Some other information:

• iptables is not banning my IP and after a iptables -X and iptables -F I have the same problem.




• The IP is not in the /etc/hosts.deny file.

My /etc/ssh/sshd_config is:

# What ports, IPs and protocols we listen for

Port "myport"

# Use these options to restrict which interfaces/protocols sshd will bind to

#ListenAddress ::

#ListenAddress 0.0.0.0

Protocol 2

# HostKeys for protocol version 2

HostKey /etc/ssh/ssh_host_rsa_key

HostKey /etc/ssh/ssh_host_dsa_key

HostKey /etc/ssh/ssh_host_ecdsa_key

#Privilege Separation is turned on for security

UsePrivilegeSeparation yes



# Lifetime and size of ephemeral version 1 server key

KeyRegenerationInterval 3600

ServerKeyBits 1024



# Logging

SyslogFacility AUTH

LogLevel INFO



# Authentication:

LoginGraceTime 120

PermitRootLogin no

StrictModes yes



RSAAuthentication yes

PubkeyAuthentication yes

AuthorizedKeysFile  %h/.ssh/authorized_keys



# Don't read the user's ~/.rhosts and ~/.shosts files

IgnoreRhosts yes

# For this to work you will also need host keys in /etc/ssh_known_hosts

RhostsRSAAuthentication no

# similar for protocol version 2

HostbasedAuthentication no

# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication

#IgnoreUserKnownHosts yes



# To enable empty passwords, change to yes (NOT RECOMMENDED)

PermitEmptyPasswords no



# Change to yes to enable challenge-response passwords (beware issues with

# some PAM modules and threads)

ChallengeResponseAuthentication yes



# Change to no to disable tunnelled clear text passwords

PasswordAuthentication yes



# Kerberos options

#KerberosAuthentication no

#KerberosGetAFSToken no

#KerberosOrLocalPasswd yes

#KerberosTicketCleanup yes



# GSSAPI options

#GSSAPIAuthentication yes

#GSSAPICleanupCredentials yes



X11Forwarding yes

X11DisplayOffset 10

PrintMotd no

PrintLastLog yes

TCPKeepAlive yes

#UseLogin no



#MaxStartups 10:30:60

#Banner /etc/issue.net



# Allow client to pass locale environment variables

AcceptEnv LANG LC_*



Subsystem sftp /usr/lib/openssh/sftp-server



# Set this to 'yes' to enable PAM authentication, account processing,

# and session processing. If this is enabled, PAM authentication will

# be allowed through the ChallengeResponseAuthentication and

# PasswordAuthentication.  Depending on your PAM configuration,

# PAM authentication via ChallengeResponseAuthentication may bypass

# the setting of "PermitRootLogin without-password".

# If you just want the PAM account and session checks to run without

# PAM authentication, then enable this but set PasswordAuthentication

# and ChallengeResponseAuthentication to 'no'.

UsePAM yes



# Only allow "myuser"

AllowUsers "myuser"



# Allow DNS reverse (wireguard)

UseDNS no

where "myport" and "myuser" are my port and user data.

How can I check what is wrong?