Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor

  • Default (No Skin)
  • No Skin
Collapse

Cloudron Forum

Apps | Demo | Docs | Install

can't login via ssh after fresh 7.5 install

Scheduled Pinned Locked Moved Solved Support
sshinstallation
19 Posts 4 Posters 186 Views
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • potemkin_aiP Offline
    potemkin_aiP Offline
    potemkin_ai
    wrote on last edited by girish
    #1

    Subj. My SSH just no longer working.

    To reproduce:

    • Install Ubuntu 22.04
    • apt update & upgrade
    • change Port on SSHD to a custom one
    • reboot
    • ssh & install Cloudron using standard commands
    • reboot
    • done -> you can't login to ssh

    It's my second attempt / box. On the first one the port has been changed. Once I figured out a new port, it's turned out that an sshd fingerprint has changed. And sshd started require password, instead of ssh key.

    I'm trying figure out if that's the case on my second reinstall - it takes some time to do full 65K ports scan...

    1 Reply Last reply
    1
  • potemkin_aiP Offline
    potemkin_aiP Offline
    potemkin_ai
    wrote on last edited by
    #2

    Here is how my host looks like from the outside:

    PORT     STATE  SERVICE REASON
    22/tcp   closed ssh     conn-refused
    80/tcp   open   http    syn-ack
    202/tcp  closed at-nbp  conn-refused
    443/tcp  open   https   syn-ack
    3478/tcp closed stun    conn-refused
    5349/tcp closed stuns   conn-refused
    

    Since cloud provider firewall is disabled (double-checked), it looks like a firewall config from Cloudron.

    1 Reply Last reply
    0
  • girishG Offline
    girishG Offline
    girish Staff
    wrote on last edited by
    #3

    Mmmm, Cloudron doesn't actually change the sshd config at all. What do you mean by can't login ? Does it mean you cannot connect on port 202 or that it's asking you for a password ? I think you mean the former, but want to double check.

    1 Reply Last reply
    0
  • girishG Offline
    girishG Offline
    girish Staff
    wrote on last edited by
    #4

    I tried this on DigitalOcean and it seems be fine. I think there is something else going on, unrelated to Cloudron installation. Cloudron doesn't change any settings in your sshd_config . Maybe you can try to do a diff before and after install. There is only one comment line which is added saying "Port 202 is the supported port"

    1 Reply Last reply
    0
  • potemkin_aiP Offline
    potemkin_aiP Offline
    potemkin_ai
    wrote on last edited by
    #5

    Just for the sake of truth - it does change SSH config, not in a significant way though:

    $ diff /etc/ssh/sshd_config ./sshd-initial
    14d13
    < # NOTE: Cloudron only supports moving SSH to port 202. See https://docs.cloudron.io/security/#securing-ssh-access

    And I guess it's exactly the root cause of my issue: I've moved SSH to a completely different port, I did that before installing Cloudron.

    A question though - am I right that I can only move SSH to 202, as it's the only other port defined in iptables, as I can see?

    1 Reply Last reply
    0
  • potemkin_aiP Offline
    potemkin_aiP Offline
    potemkin_ai
    wrote on last edited by
    #6

    Probably it's worth adding grep -E "^Port\s" /etc/ssh/sshd_config check and if the output is not 22 or 202 - abort the installation?

    It seems to be an easy thing to do and will prevent someone else from get locked outside of the machine (and save some time thinking if he's going crazy... 😊)

    girishG 1 Reply Last reply
    0
  • girishG Offline
    girishG Offline
    girish Staff
    wrote on last edited by
    #7

    The port 202 is documented here - https://docs.cloudron.io/security/#securing-ssh-access .

    1 Reply Last reply
    0
  • girishG girish marked this topic as a question on
  • girishG girish has marked this topic as solved on
  • girishG Offline
    girishG Offline
    girish Staff
    replied to potemkin_ai on last edited by
    #8

    @potemkin_ai said in can't login via ssh after fresh 7.5 install:

    Probably it's worth adding grep -E "^Port\s" /etc/ssh/sshd_config check and if the output is not 22 or 202 - abort the installation?

    mmm, maybe. Let's see if we get more reports like this.

    1 Reply Last reply
    0
  • potemkin_aiP Offline
    potemkin_aiP Offline
    potemkin_ai
    wrote on last edited by
    #9

    As an experience sharing - why wouldn't you add one line as a first line of the script, if that could save in some - rare - but still possible to happen cases? Is there some 'cons' for that?

    Surely understood if you won't respond, but would appreciate if you can share the reasoning behind your decisions, would love to know a bit more about your decisions.

    girishG 1 Reply Last reply
    1
  • girishG Offline
    girishG Offline
    girish Staff
    replied to potemkin_ai on last edited by
    #10

    @potemkin_ai it's only a question of how common this is. I haven't heard of this issue reported since we launched Cloudron :-), so I just assume it's quite rare.

    Adding any line of code needs tests and proper care. For example, the line you gave does not have any output on DigitalOcean since there is no Port line in their config. Also, sshd can be configured via files in /etc/ssh/sshd_config.d as well. So, it's a question of how much time we want to spend on this and testing it across say 10 server providers. It's not a 5 min commit and forget thing 🙂

    potemkin_aiP 1 Reply Last reply
    2
  • potemkin_aiP Offline
    potemkin_aiP Offline
    potemkin_ai
    replied to girish on last edited by
    #11

    @girish I see, thank you very much for clarifying! 🙂

    1 Reply Last reply
    0
  • D Offline
    D Offline
    densco
    wrote on last edited by
    #12

    I have the same issue, can only login via ssh when I restart Cloudron and be very quick. I will do the grep command and check but ir seems that this one comes with the current version.

    1 Reply Last reply
    0
  • potemkin_aiP Offline
    potemkin_aiP Offline
    potemkin_ai
    wrote on last edited by
    #13

    Even I had it again 🙂
    Really - some sort of warning would be really of help!

    1 Reply Last reply
    1
  • girishG Offline
    girishG Offline
    girish Staff
    wrote on last edited by
    #14

    @potemkin_ai valid point but I think @densco is a bot

    D 1 Reply Last reply
    0
  • D Offline
    D Offline
    densco
    replied to girish on last edited by
    #15

    Hi @girish,

    I'm no bot. Just installed Cloudroun on my new server on Sunday and the install went perfect - apart from this issue. The grep command showed the port I have chosen for ssh so this means that either Cloudron expects me to use another port or is blocking the chosen port which is unfortunate. Nevertheless I'm very happy with Cloudron but some kind of warning during setup would be highly beneficial.

    girishG 1 Reply Last reply
    2
  • C Offline
    C Offline
    ccfu
    wrote on last edited by
    #16

    @girish

    Would it not be a simple solution to just add a warning to https://docs.cloudron.io/installation/?

    potemkin_aiP 1 Reply Last reply
    0
  • potemkin_aiP Offline
    potemkin_aiP Offline
    potemkin_ai
    replied to ccfu on last edited by
    #17

    @ccfu even though I knew it's there, I still managed to fail twice 🙂
    From my perspective, as opposed to the doc, real-life warning/check is much better; or both ways, actually - a warning with a link to the doc 🙂

    1 Reply Last reply
    0
  • girishG Offline
    girishG Offline
    girish Staff
    replied to densco on last edited by
    #18

    @densco sorry 😐

    D 1 Reply Last reply
    0
  • D Offline
    D Offline
    densco
    replied to girish on last edited by
    #19

    @girish No worries. I would be hesitant with new users going straight into an "old" issue myself.

    1 Reply Last reply
    3

  • Login

  • Don't have an account? Register

  • Login or register to search.
  • First post
    Last post
0
  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
  • Login

  • Don't have an account? Register

  • Login or register to search.