This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Unable to set ssh password

 Hi list,

I have an UTM 9 510-5 in VM and can't have ssh access. Service is activated, I set password for both root and loginuser in the same time (also tried by setting at first one then the other as I saw in some threads), nothing, password always asked for 3 times and then connection closed. And yes, I also tested with the option of strong passwords, no changes.

I also uploaded an public RSA key from my linux computer (tried with 2 computers) and import it, all went smooth.  But when I ssh as root, UTM is still asking for a password :( 

Any hint appreciate,

 

Daniel



This thread was automatically locked due to age.
Parents Reply Children
  • Hi Tim. I connect using loginuser. Concerning key access, both passwords and keys are allowed for root.

    Thanks for your help.

    Daniel

  • The only things I can think of is either you're entering the wrong password or you're SSH session is connecting to a different host, i.e. you've configured a DNAT to forward port 22 to another IP address.  From the Webadmin, open the SSH server log file, do you see you're authentication attempts in there?  Try setting the password to something simple.  Also, since you're using a VM, does it allow you to login via console?


    Tim

  • I tried by setting password to 123, still refused. I saw other people having same problem few years ago with 9-3 version. Sure that I'm on the right VM, I try to connect from host using the same internal IP which I access for Webadmin. Nothing in ssh server logs, only ssh serverstarted at ...

    Here is the about of a verbos ssh connection from host:

    debug2: key: /root/.ssh/id_rsa (0x562357af19b0)
    debug2: key: /root/.ssh/id_dsa ((nil))
    debug2: key: /root/.ssh/id_ecdsa ((nil))
    debug2: key: /root/.ssh/id_ed25519 ((nil))
    debug3: send packet: type 5
    debug3: receive packet: type 6
    debug2: service_accept: ssh-userauth
    debug1: SSH2_MSG_SERVICE_ACCEPT received
    debug3: send packet: type 50
    debug3: receive packet: type 51
    debug1: Authentications that can continue: publickey,password
    debug3: start over, passed a different list publickey,password
    debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password
    debug3: authmethod_lookup publickey
    debug3: remaining preferred: keyboard-interactive,password
    debug3: authmethod_is_enabled publickey
    debug1: Next authentication method: publickey
    debug1: Offering public key: RSA SHA256:0SGNcBf5fEt6V035N6rLxesoCnT3pw/jWwpou0RHqbs /root/.ssh/id_rsa
    debug3: send_pubkey_test
    debug3: send packet: type 50
    debug2: we sent a publickey packet, wait for reply
    debug3: receive packet: type 51
    debug1: Authentications that can continue: publickey,password
    debug1: Trying private key: /root/.ssh/id_dsa
    debug3: no such identity: /root/.ssh/id_dsa: No such file or directory
    debug1: Trying private key: /root/.ssh/id_ecdsa
    debug3: no such identity: /root/.ssh/id_ecdsa: No such file or directory
    debug1: Trying private key: /root/.ssh/id_ed25519
    debug3: no such identity: /root/.ssh/id_ed25519: No such file or directory
    debug2: we did not send a packet, disable method
    debug3: authmethod_lookup password
    debug3: remaining preferred: ,password
    debug3: authmethod_is_enabled password
    debug1: Next authentication method: password
    root@<hostIP address>password:

    Console access is not possible (I use virsh console "VM_name"), nothing happend. Other VMs on the same server have console access without any problem. Is there perhaps another way to access the console ?

    Daniel

  • TimHansen said:

    Also, since you're using a VM, does it allow you to login via console?

     

    Yes, I can connect to console as user root from within virt-manager, password 123 is accepted. So problem lies on ssh.

  • Hmmm, if you don't see anything in the SSH server log, I'm guessing the SSH connection isn't hitting the UTM.  You should see something similar to the below when you try to authenticate.  

    sshd.log:2018:12:09-09:16:25 timhansen sshd[18141]: Failed password for loginuser from 192.168.2.10 port 41766 ssh2

    Login via the VM console and run the following:

    tcpdump -i any port 22

    Try to connect via SSH, what does the output look like?  

    Tim

  • Hello Tim,

     

    you did show me the direction to look for and got the answer: I can connect to the UTM using any local IP address connected to UTM eth0 interface. The IP address I used is connected to eth1 internal network, thus doesn't work. This seems a bug to me as netstat -tapen shows

    tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      0          1198052    25124/sshd

    and internal network is authorized to connect ssh port.

    Any remarks ?

    -- 

    Daniel

  • What does the tcpdump -i any port 22 show when you try to connect to eth1 via SSH?


    Tim

  • It shows the traffic generated by the connection, connection still refused, no logs in sshd.log If I connect to an IP address connected to eth0 I see the message "Accepted publickey for user loginuser from <IP address and port> ssh2: RSA

    Both tests done from the host. Unbelievable !

    -- 

    Daniel

     

     

  • Could you copy/paste the results of the capture? 

    Additionally, try the following:

    - execute the following command in console

    conntrack -E | grep "dport=22 mark"

    - establish SSH session

    - copy / paste the results of this as well

    Tim

  • Tim, I found the culpit: a NAT rule was existing redirecting port 22 to a host ! Rule had outside uplinks as destination, why internal one of UTM was included? Mystery.

    Anyway, case can be closed, big thanks for your support and help.

    Daniel