Proxmox VE 7.4 cannot be installed

I have a next problem I have now created a container with Debian 11 and when I try to connect via SSH it says: Tunneling, FIDO2 Keys and Certificates are disabled.

what should I do?
 
Fortunately, you can configure this from the proxmox shell view of the CT. So, we're lacking a bit of detail here, but here's what you need to look at:
1) /etc/ssh/ contains the configuration files for ssh; one of them will be sshd_config
2) we need to see that configuration; could you post it, please?

Generally, a config file for sshd should contain examples, it would be worthwhile seeing what the defaults are, and if any need to be changed; this is somewhat self-explanatory in the file itself.

Another aspect we have no knowledge of, is how you want to connect. Setting things up for password authentication is quite different from using ssh keys.

DigitalOcean have excellent tutorials [and in general] on setting up ssh, I'll link some:
General: https://www.digitalocean.com/community/tutorials/initial-server-setup-with-debian-11
ssh keys specific: https://www.digitalocean.com/community/tutorials/how-to-set-up-ssh-keys-on-debian-11

I hope this helps.
 
Nuke Bloodaxe said:
Fortunately, you can configure this from the proxmox shell view of the CT. So, we're lacking a bit of detail here, but here's what you need to look at:
1) /etc/ssh/ contains the configuration files for ssh; one of them will be sshd_config
2) we need to see that configuration; could you post it, please?

Generally, a config file for sshd should contain examples, it would be worthwhile seeing what the defaults are, and if any need to be changed; this is somewhat self-explanatory in the file itself.

Another aspect we have no knowledge of, is how you want to connect. Setting things up for password authentication is quite different from using ssh keys.

DigitalOcean have excellent tutorials [and in general] on setting up ssh, I'll link some:
General: https://www.digitalocean.com/community/tutorials/initial-server-setup-with-debian-11
ssh keys specific: https://www.digitalocean.com/community/tutorials/how-to-set-up-ssh-keys-on-debian-11

I hope this helps.
Click to expand...
So here I send you pictures of the config.
 

Attachments

  • 1.PNG
    1.PNG
    42.6 KB · Views: 35
  • 2.PNG
    2.PNG
    46.2 KB · Views: 35
  • 3.PNG
    3.PNG
    50.4 KB · Views: 20
  • 4.PNG
    4.PNG
    41.4 KB · Views: 35
ChallengeResponseAuthentication yes
PasswordAuthentication yes

That should get you in, but please try to set up ssh keys, then turn those options off, as it's more secure. You can use the ssh-copy-id command to bring your keys into the CT when you are able to log in using Password Authentication.

PubkeyAuthentication yes
Set that and leave it alone, it'll allow your ssh keys to work.

Oh, and while I think about it, restart the sshd server once you've made your changes
sudo systemctl restart sshd
 
Last edited:
Nuke Bloodaxe said:
ChallengeResponseAuthentication yes
PasswordAuthentication yes

That should get you in, but please try to set up ssh keys, then turn those options off, as it's more secure. You can use the ssh-copy-id command to bring your keys into the CT when you are able to log in using Password Authentication.

PubkeyAuthentication yes
Set that and leave it alone, it'll allow your ssh keys to work.

Oh, and while I think about it, restart the sshd server once you've made your changes
sudo systemctl restart sshd
Click to expand...
So should I only enable pubkey authentication?, and how does that work with the SSH key?
 
Okay, with an ssh key you have a private key, and a public key. The public key is ultimately sent and stored on the server you want to log into; this is why the setting is PubkeyAuthentication. The private key stays with your machine and goes nowhere; it is a secret.

When you use that type of authentication, you ask the server to authenticate you using the public key, it will challenge you with a token that it has encrypted using the public key, and because you have the private key, you can decrypt it and provide the answer to prove your identity. [Not 100% accurate, but it should give you the gist.]

The command ssh-copy-id allows you to send a copy of the public key to the server you are logging into; but to do that, you need password authentication working. Once the public key has been copied to the server, it is safe to turn off password-based authentication, as you can use public key authentication.

I linked some tutorials earlier; they can take you step-by-step through the process; and for various distros.

Note: Public key authentication is safer, as it is immune to brute-force password attacks.
 
Last edited:
Nuke Bloodaxe said:
Okay, with an ssh key you have a private key, and a public key. The public key is ultimately sent and stored on the server you want to log into; this is why the setting is PubkeyAuthentication. The private key stays with your machine and goes nowhere; it is a secret.

When you use that type of authentication, you ask the server to authenticate you using the public key, it will challenge you with a token that it has encrypted using the public key, and because you have the private key, you can decrypt it and provide the answer to prove your identity. [Not 100% accurate, but it should give you the gist.]

The command ssh-copy-id allows you to send a copy of the public key to the server you are logging into; but to do that, you need password authentication working. Once the public key has been copied to the server, it is safe to turn off password-based authentication, as you can use public key authentication.

I linked some tutorials earlier; they can take you step-by-step through the process; and for various distros.

Note: Public key authentication is safer, as it is immune to brute-force password attacks.
Click to expand...
I activated everything you wrote but the error still comes up.
 

Attachments

  • 1.PNG
    1.PNG
    178 KB · Views: 18
  • 2.PNG
    2.PNG
    161.4 KB · Views: 18
  • 3.PNG
    3.PNG
    162.1 KB · Views: 10
  • 4.PNG
    4.PNG
    157.4 KB · Views: 18
Ahhh, now that explains a few things. Okay, The disabled bit is referring to the fact that Termius Pro supports the functions listed in that smaller window at the bottom of the screen. So, if you want those features, you need to pay for them; but you don't need them for this.

At the moment, the authentication stage which is failing is the password, so you might want to double-check what password your root account in the Debian container is using. Now, ssh keys haven't been set up yet, so we won't worry about that this second.

By the way, if you want an easier time with logging into Linux systems on Windows, MobaX
term is hard to beat, it even handles X11 forwarding: https://mobaxterm.mobatek.net/download-home-edition.html

Are you doing this fully mobile, or is this on a Mac? [I'll be very little help on Mac matters, as I don't have one to test.]
Will the proxmox system face the internet? If it's not going to, you can just use password authentication for now.
 
Nuke Bloodaxe said:
Ahhh, now that explains a few things. Okay, The disabled bit is referring to the fact that Termius Pro supports the functions listed in that smaller window at the bottom of the screen. So, if you want those features, you need to pay for them; but you don't need them for this.

At the moment, the authentication stage which is failing is the password, so you might want to double-check what password your root account in the Debian container is using. Now, ssh keys haven't been set up yet, so we won't worry about that this second.

By the way, if you want an easier time with logging into Linux systems on Windows, MobaX
term is hard to beat, it even handles X11 forwarding: https://mobaxterm.mobatek.net/download-home-edition.html

Are you doing this fully mobile, or is this on a Mac? [I'll be very little help on Mac matters, as I don't have one to test.]
Will the proxmox system face the internet? If it's not going to, you can just use password authentication for now.
Click to expand...
I used to have MobaXterm but I wasn't satisfied with it, I've checked the correct root password a few times, I have an old PC here and there was nothing on it and I just installed Proxmox, the server should later be external / from Web panel can be reached, I don't know if it works with the Internet because I'm with O2 and have a DSLite tunnel, which means I don't have IPv4 but IPv6.

Kind regards Max
 
Last edited:
This one puzzles me. Okay, in the proxmox web interface, you can enter the proxmox cli shell and attempt to connect to the CT via that.
I'm interested if it's a client or server issue; we'll soon know after that test.

If we're lucky, it might also give you more feedback.
Another thing you can test, you can add an extra user into the Debian CT, and attempt to log in as them via sftp; to see if a setting is blocking logging in as root. If you suddenly find you can log in as an alternate user, it narrows down what needs to be checked.
 
Nuke Bloodaxe said:
This one puzzles me. Okay, in the proxmox web interface, you can enter the proxmox cli shell and attempt to connect to the CT via that.
I'm interested if it's a client or server issue; we'll soon know after that test.

If we're lucky, it might also give you more feedback.
Another thing you can test, you can add an extra user into the Debian CT, and attempt to log in as them via sftp; to see if a setting is blocking logging in as root. If you suddenly find you can log in as an alternate user, it narrows down what needs to be checked.
Click to expand...
I tried that but it still comes up the same.
 
This will be more of a self-test of the container. Using the proxmox web interface, go to the container, and bring up its shell. Log into it from there.
Now, once logged in inside the container, ssh to itself (ssh 127.0.0.1) and see what happens.
This may be an opportunity to change the password in the container as well. It's also worthwhile checking if another account, other than root can log in; create it if needed.
 
Nuke Bloodaxe said:
This will be more of a self-test of the container. Using the proxmox web interface, go to the container, and bring up its shell. Log into it from there.
Now, once logged in inside the container, ssh to itself (ssh 127.0.0.1) and see what happens.
This may be an opportunity to change the password in the container as well. It's also worthwhile checking if another account, other than root can log in; create it if needed.
Click to expand...
I've tried this with the ssh and it doesn't work, it says I'm entering the wrong password.
 

Attachments

  • Unbenannt3.PNG
    Unbenannt3.PNG
    96.2 KB · Views: 13
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back