SSH Access Is Occasionally Denied, and the Error Message "Not allowed at this time" Is Displayed

Symptom

When you run the SSH command to connect to a notebook instance, the error message "Not allowed at this time" is displayed.

debug1: kex_exchange_identification: banner line 0: Not allowed at this time
kex_exchange_identification: Connection closed by remote host

Possible Causes

A malicious actor repeatedly attempts to brute-force access to an SSH server, triggering a segmentation fault in libnss_systemd.so.2. This crash causes the server to enter a denial-of-service (DoS) state lasting up to 90 seconds, preventing legitimate users from connecting. The details are as follows.

1. The SSH endpoint of a notebook instance is being accessed repeatedly without specifying a username. Example command: ssh hosts.com -p 3333.
2. The custom image used on the server includes a version of libnss_systemd.so.2 that is incompatible with the system. Additionally, /etc/nsswitch.conf is configured to use systemd for user identity resolution. When the SSH server receives a connection request without a username, a segmentation fault occurs.
3. If such faulty connection attempts are frequent, the SSH server enters a temporary DoS state (90 seconds) after the segmentation fault occurs.

Solution

1. Modify the /etc/nsswitch.conf configuration file in the custom image, delete systemd, and save the file.
   • Before modification
     Figure 2 Configuration file example (with systemd)
     
   • After modification
     Figure 3 Configuration file example (without systemd)
     

     Descriptions of the modifications:

     passwd: files: The system reads user information from local files (for example, /etc/passwd).

     group: files: The system reads group information from local files (for example, /etc/group).

2. After 90 seconds, retry the SSH connection.