[SOLVED] Cannot ssh to new container

[den]

I have a fresh install of 5.1-35.
Downloaded ubuntu-17.04-standard_17.94_1_amd64.tar
created a container using this image above.

I can set my 'Console Mode' as "shell" and get into the container. However, how do i enable ssh access to this container from external?

Thanks

 

[t.lamprecht]

Can you check if sshd is running in the CT, enter the CT (pct enter VMID or the WebUI console) then run "systemctl status sshd".

If that says that all is well active (running) Did you setup a network for the CT?

Can you post:

# from inside the CT:
# ip addr

# from PVE shell:
# pct config VMID

 

[belrpr]

Probably you didn't use an ssh key.
Then you need the console:
nano /etc/ssh/sshd_config
Change
PermitRootLogin without-password
to
PermitRootLogin yes

then service sshd restart and then ssh should work with password authentication.

 

[t.lamprecht]

Probably you didn't use an ssh key.
Then you need the console:
nano /etc/ssh/sshd_config
Change
PermitRootLogin without-password
to
PermitRootLogin yes

then service sshd restart and then ssh should work with password authentication.

I had in mind that we default this to yes already for our templates, but it doesn't seems so.

So yes, either do as @belrpr suggested or add your ssh public key to the autorized_keys file:

echo "ssh-rsa ...." >> /root/.ssh/authorized_keys

That way you can still deny password authentication to the CT.
If you connect from a linux box your key is normally under "~/.ssh/id_rsa.pub"

 

[den]

Hi all

SSHD is running. I restarted it.

root@101:/# systemctl status sshd
Ï ssh.service - OpenBSD Secure Shell server
Loaded: loaded (/lib/systemd/system/ssh.service; enabled; vendor preset: enabled)
Active: active (running) since Thu 2017-11-16 12:07:59 UTC; 6s ago
Main PID: 369 (sshd)
Tasks: 1 (limit: 4915)
CGroup: /system.slice/ssh.service
369 /usr/sbin/sshd -D

My IP address of the client is 10.1.1.74

root@101:/# ip addr

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever

6: eth0@if7: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether ba:c1:18:45:5a:1c brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 10.1.1.74/24 brd 10.1.1.255 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::b8c1:18ff:fe45:5a1c/64 scope link
valid_lft forever preferred_lft forever

I can confirm my "ssh_config" file is set to

"PermitRootLogin yes"

I also reset my password on the CT using "passwd root"

So I used a ssh client (putty) to connect from external and I get "Access denied" after entering the password for root.

root@10.1.1.74's password:
Access denied

so still no luck... please help..

 

[den]

i prefer to use password than keys.. thanks..

 

[belrpr]

I can confirm my "ssh_config" file is set to
You mean sshd_config?

you get a prompt so firewall can't be an issue.
What does the log on the container /var/log/secure says?

 

[den]

there is no "/var/log/secure"

but there is /var/log/auth.log

Nov 17 08:48:01 101 CRON[358]: pam_unix(cron:session): session opened for user root by (uid=0)
Nov 17 08:48:01 101 CRON[358]: pam_unix(cron:session): session closed for user root
Nov 17 08:48:25 101 sshd[363]: Server listening on 0.0.0.0 port 22.
Nov 17 08:48:25 101 sshd[363]: Server listening on :: port 22.
Nov 17 08:48:48 101 sshd[391]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.1.1.72  user=root
Nov 17 08:48:49 101 sshd[391]: Failed password for root from 10.1.1.72 port 52040 ssh2
Nov 17 08:48:50 101 sshd[391]: error: Received disconnect from 10.1.1.72 port 52040:13: Unable to authenticate [preauth]
Nov 17 08:48:50 101 sshd[391]: Disconnected from 10.1.1.72 port 52040 [preauth]

can someone else sping up the latest ubuntu 17.04 container and try please?

 

[belrpr]

Just installed ubuntu 17.04 in a container.
Just changed /etc/ssh/sshd_config
#PermitRootLogin NoPassword
to
PermitRootlogin yes

service sshd restart

And I could use putty to connect.

My auth.log:

Nov 17 18:57:04 Ubuntu17 sshd[523]: Server listening on 0.0.0.0 port 22.
Nov 17 18:57:04 Ubuntu17 sshd[523]: Server listening on :: port 22.
Nov 17 18:57:20 Ubuntu17 sshd[524]: Connection closed by 10.10.2.6 port 57238 [preauth]
Nov 17 18:58:50 Ubuntu17 sshd[526]: Accepted password for root from 10.10.2.6 port 57250 ssh2
Nov 17 18:58:50 Ubuntu17 sshd[526]: pam_unix(sshd:session): session opened for user root by (uid=0)
Nov 17 18:58:50 Ubuntu17 systemd-logind[99]: New session 107 of user root.
Nov 17 18:58:52 Ubuntu17 sshd[526]: pam_unix(sshd:session): session closed for user root
Nov 17 18:59:09 Ubuntu17 sshd[573]: Accepted password for root from 10.10.2.6 port 57252 ssh2
Nov 17 18:59:09 Ubuntu17 sshd[573]: pam_unix(sshd:session): session opened for user root by (uid=0)
Nov 17 18:59:09 Ubuntu17 systemd-logind[99]: New session 108 of user root.

 

[den]

sorry.. im an idiot.. my bad.
i was entering that info in ssh_config... not sshd_config

all works!!

 

[XNOX9]

Probably you didn't use an ssh key.
Then you need the console:
nano /etc/ssh/sshd_config
Change
PermitRootLogin without-password
to
PermitRootLogin yes

then service sshd restart and then ssh should work with password authentication.

its works for me, because first to build a new container we can use a user with a root user. thanks for helping