[SOLVED] Can't SSH into and ssh-copy to the proxmox server from Ubuntu 20.04

[Venkat teja Ravi]

I am not able to ssh into the proxmox server
I have tried copying the RSA pub_key to the remote server using this command.

ssh-copy-id -i ~/.ssh/id_ed25519.pub root@192.xxx.xx.2

It says timed out.

the UFW is disabled on the destination proxmox server.
The firewalls are empty in the Proxmox Web Console(attached a pic)

Thank you.

 

[oguz]

hi,

the UFW is disabled on the destination proxmox server.

why is there ufw installed? it's not needed, you can configure PVE firewall -- ufw will add another layer of confusion unless you know what you're doing

I am not able to ssh into the proxmox server
I have tried copying the RSA pub_key to the remote server using this command.

is ssh service running? and port 22 is open?

on the GUI go to the node shell and check if it's listening:

ss -antlp | grep ssh

you should see something like

LISTEN 0      128          0.0.0.0:22        0.0.0.0:*    users:(("sshd",pid=949,fd=3))
LISTEN 0      128             [::]:22           [::]:*    users:(("sshd",pid=949,fd=4))

check if port 22 is accessible from your other machine:

nc your.proxmox.ip.here 22 -vn

should return open.

and what do you get if you run ssh from another machine:

ssh -vv root@your.proxmox.ip.here

please post the output here.

 

[Venkat teja Ravi]

hi,


why is there ufw installed? it's not needed, you can configure PVE firewall -- ufw will add another layer of confusion unless you know what you're doing


is ssh service running? and port 22 is open?

on the GUI go to the node shell and check if it's listening:

ss -antlp | grep ssh

you should see something like

LISTEN 0      128          0.0.0.0:22        0.0.0.0:*    users:(("sshd",pid=949,fd=3))
LISTEN 0      128             [::]:22           [::]:*    users:(("sshd",pid=949,fd=4))

check if port 22 is accessible from your other machine:

nc your.proxmox.ip.here 22 -vn

should return open.

and what do you get if you run ssh from another machine:

ssh -vv root@your.proxmox.ip.here

please post the output here.

ss -antlp | grep ssh
LISTEN    0         128                0.0.0.0:22               0.0.0.0:*        users:(("sshd",pid=1478,fd=3))                                                 
LISTEN    0         128                   [::]:22                  [::]:*        users:(("sshd",pid=1478,fd=4))

nc 192.xxx.xx.2 -vn
Output: Got nothing(It keeps on listening)

ssh -vv root@192.xxx.xx.2
OpenSSH_8.2p1 Ubuntu-4ubuntu0.2, OpenSSL 1.1.1f  31 Mar 2020
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no files
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug2: resolve_canonicalize: hostname 192.xxx.xx.2 is address
debug2: ssh_connect_direct
debug1: Connecting to 192.168.10.2 [192.xxx.xx.2] port 22.
(After this it is not printing anything keeps on listening)

 

[Dunuin]

Is root allowed to login? Per default root shouldn't be allowed to login using SSH (atleast not without a rsa key). Look at the /etc/ssh/sshd_config and search for Rootloginallowed.

 

[Venkat teja Ravi]

Is root allowed to login? Per default root shouldn't be allowed to login using SSH (atleast not without a rsa key). Look at the /etc/ssh/sshd_config and search for Rootloginallowed.

Yeah, I think the root is allowed to log in.

cat /etc/ssh/sshd_config
PermitRootLogin yes

 

[Venkat teja Ravi]

@oguz I have replied. Please go through it.

 

[oguz]

Output: Got nothing(It keeps on listening)

interesting, it seems the port isn't reachable at all but the service is running. that could probably be a firewall problem -- please check pve-firewall status

The firewalls are empty in the Proxmox Web Console(attached a pic)

can you check both the "Node" firewall and the "Datacenter" firewall levels?

also make sure "ufw" isn't running or enabled since that will create issues, ufw status should show you inactive, run ufw disable to make sure

 

[Venkat teja Ravi]

interesting, it seems the port isn't reachable at all but the service is running. that could probably be a firewall problem -- please check pve-firewall status


can you check both the "Node" firewall and the "Datacenter" firewall levels?

also make sure "ufw" isn't running or enabled since that will create issues, ufw status should show you inactive, run ufw disable to make sure

1. pve-firewall status gives

   Status: disabled/running

2. ufw status :

   Status: inactive

3. I have checked with both Datacenter and Node level firewalls. No security Group is added.

 

[oguz]

pve-firewall status gives

Status: disabled/running

can you try to stop the firewall: pve-firewall stop and see if ssh works afterwards

 

[Venkat teja Ravi]

can you try to stop the firewall: pve-firewall stop and see if ssh works afterwards

• I have stopped the pve-firewall

  Status: disabled/stopped

• Still SSH is not working.

 

[oguz]

can you ssh on localhost? if you're on your PVE machine and run ssh root@localhost does it log you in?

if not, then we have bigger issues

 

[Venkat teja Ravi]

can you ssh on localhost? if you're on your PVE machine and run ssh root@localhost does it log you in?

if not, then we have bigger issues

Yeah, I am able to login. using ssh root@localhost

 

[oguz]

just to be clear, are you connecting from a VM? or is this a regular machine running ubuntu, in the same network?

* can you ping the server IP from another machine?

* traceroute your.pve.ip.here

* iptables-save

please post the outputs

 

[Venkat teja Ravi]

just to be clear, are you connecting from a VM? or is this a regular machine running ubuntu, in the same network?

* can you ping the server IP from another machine?

* traceroute your.pve.ip.here

* iptables-save

please post the outputs

I am trying to SSH from Ubuntu 20.04(laptop) to Proxmox PVE Node shell(Not a VM).

Here are the Outputs(all three commands ran on regular ubuntu 20.04 machine) :

$ ping 202.xx.xxx.0
PING 202.xx.xxx.0 (202.xx.xxx.0) 56(84) bytes of data.
64 bytes from 202.xx.xxx.0: icmp_seq=1 ttl=238 time=32.5 ms
64 bytes from 202.xx.xxx.0: icmp_seq=2 ttl=238 time=31.6 ms
64 bytes from 202.xx.xxx.0: icmp_seq=3 ttl=238 time=33.2 ms
--- 202.xx.xxx.0 ping statistics ---
8 packets transmitted, 8 received, 0% packet loss, time 7012ms
rtt min/avg/max/mdev = 30.727/31.939/33.212/0.761 ms

---------------------------------------------------------------------------------------------------------------------------

$ traceroute 202.xx.xxx.0
 1  reliance.reliance (192.xxx.xx.1)  1.225 ms  1.116 ms  1.478 ms
 2  10.1.112.1 (10.1.112.1)  3.533 ms  3.494 ms  3.863 ms
:
:
:
:
29  * * *
30  * * *

------------------------------------------------------------------------------------------------------------------------------

$ iptables-save
# Generated by iptables-save v1.8.4 on Thu Aug 12 18:16:26 2021
*filter
:INPUT ACCEPT [273125:94671855]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [305380:52800752]
:DOCKER - [0:0]
:DOCKER-ISOLATION-STAGE-1 - [0:0]
:DOCKER-ISOLATION-STAGE-2 - [0:0]
:DOCKER-USER - [0:0]
-A FORWARD -j DOCKER-USER
-A FORWARD -j DOCKER-ISOLATION-STAGE-1
-A FORWARD -o docker0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -o docker0 -j DOCKER
-A FORWARD -i docker0 ! -o docker0 -j ACCEPT
-A FORWARD -i docker0 -o docker0 -j ACCEPT
-A DOCKER-ISOLATION-STAGE-1 -i docker0 ! -o docker0 -j DOCKER-ISOLATION-STAGE-2
-A DOCKER-ISOLATION-STAGE-1 -j RETURN
-A DOCKER-ISOLATION-STAGE-2 -o docker0 -j DROP
-A DOCKER-ISOLATION-STAGE-2 -j RETURN
-A DOCKER-USER -j RETURN
COMMIT
# Completed on Thu Aug 12 18:16:26 2021
# Generated by iptables-save v1.8.4 on Thu Aug 12 18:16:26 2021
*nat
:PREROUTING ACCEPT [1298:157707]
:INPUT ACCEPT [534:32268]
:OUTPUT ACCEPT [34946:2677776]
:POSTROUTING ACCEPT [34946:2677776]
:DOCKER - [0:0]
-A PREROUTING -m addrtype --dst-type LOCAL -j DOCKER
-A OUTPUT ! -d 127.0.0.0/8 -m addrtype --dst-type LOCAL -j DOCKER
-A POSTROUTING -s 172.17.0.0/16 ! -o docker0 -j MASQUERADE
-A DOCKER -i docker0 -j RETURN
COMMIT
# Completed on Thu Aug 12 18:16:26 2021

 

[Tmanok]

Hang on a minute here. Am I daft or does it appear that your PVE node is over a WAN connection?

Earlier your posts indicate that it is a LAN (192.168.10.2) host but later in your last post, it appears that you are tracerouting and pinging 202.x.x.x which is a public IP. So which is it? If it's a public IP behind a NAT, ensure that it is being forwarded a port to SSH from, or if it's a dedicated public IP, ensure that there are no router ACLs in front of it. But, if your node is local, then can you redo those last two commands locally please? Gets confusing when your output is not consistent.

Thanks,

Tmanok

 

[Venkat teja Ravi]

Hang on a minute here. Am I daft or does it appear that your PVE node is over a WAN connection?

Earlier your posts indicate that it is a LAN (192.168.10.2) host but later in your last post, it appears that you are tracerouting and pinging 202.x.x.x which is a public IP. So which is it? If it's a public IP behind a NAT, ensure that it is being forwarded a port to SSH from, or if it's a dedicated public IP, ensure that there are no router ACLs in front of it. But, if your node is local, then can you redo those last two commands locally please? Gets confusing when your output is not consistent.

Thanks,

Tmanok

192.168.10.2 -> Internal IP
202.x.x.x ->External IP(public)
I have tried sshing using both IP's Nothing worked. and I have also tried all the above-mentioned commands with both commands. Nither of them did not work.

 

[Tmanok]

192.168.10.2 -> Internal IP
202.x.x.x ->External IP(public)
I have tried sshing using both IP's Nothing worked. and I have also tried all the above-mentioned commands with both commands. Nither of them did not work.

Ok thank you for clarifying, but for the sake of consistency, it's best to try these commands on the same network.

• On your client, are you able to SSH to other LAN hosts? (say a VM or another laptop for example).
• If you are unable to SSH into other machines or VMs, consider using a different client.
• If you are able to SSH into other hosts on the network but cannot SSH into your PVE node, consider disconnecting the network to your node and patching a cable directly into your laptop. If anything (including the switch) is between you and your server, there is a chance that it may be interfering with the connection.
• If after patching directly into the server, there is no connection to SSH, reinstall PVE. Honestly at that point something has been done to the software, there has never been a stable release of Proxmox or Debian that I've ever see that did not accept SSH connections properly without a network issue being the cause.

Standard tests that I would perform:

• Ping the device
• Verify client and server firewalls or temporarily disable them
• Verify that the network configuration on both devices is correct and the same (same gateway, same DNS, same subnetmask)
• Restarting the SSHD service

  systemctl restart sshd

• Making sure that the ssh service is not reporting errors in it's status log

  systemctl status sshd

• Making sure that /etc/ssh/sshd_config is set to allow root login if you're trying to ssh with root

  PermitRootLogin yes

  PermitRootLogin prohibit-password

• Verifying that you can reach the port, perhaps this time trying another software:

  nmap -Pn 192.168.10.2 -p 22

  from your laptop.
• Removing all network devices between the client and the server
• Rebooting the server

There's nothing else off the top of my head that I can think to check Venkat, best of luck

 

[indraraj001]

root pass always locked on ubuntu VM machine.. try to unlock it and allow root login ... See the difference..I tried

 

[indraraj001]

passwd -S root
root LK 2014-08-17 0 99999 7 -1 (Password locked.)
passwd -S user1
user1 PS 2014-08-17 0 99999 7 -1 (Password set, SHA512 crypt.)