Diagnosis tool false positive: port 22 (SSH) is marked as inaccessible but still works

csolisr · June 6, 2021, 7:33pm

My YunoHost server

Hardware: x86 computer
YunoHost version: 4.2.5.3
I have access to my server : Through SSH, webadmin and direct access
Are you in a special context or did you perform some particular tweaking on your YunoHost instance ? : no

Description of my issue

Some time ago, my diagnosis tool is constantly claiming a connectivity issue with port 22 (SSH):

=================================
Ports exposure (ports)
=================================

[ERROR] Port 22 is not reachable from outside.
  - Exposing this port is needed for admin features (service ssh)
  - To fix this issue, you most probably need to configure port forwarding on your internet router as described in https://yunohost.org/isp_box_config

Problem is, I already checked SSH connectivity and there are no issues whatsoever - I can access my server via SSH on my home network, on a neighbor’s WiFi, and even with mobile data with no problem. I also checked my firewall, no issues either:

$ sudo yunohost firewall list
opened_ports:
  - 22
  - 25
  - 53
  - 80
  - 443
  - 587
  - 993
  - 1935
  - 5222
  - 5269

I can only assume there’s a bug with Yunohost’s diagnosis tool, where some test is erroneously failing. Something similar happened to me with my old Raspberry Pi 4 server (link), but on the port 443. The only commonality I’m aware of is that in both cases, the issues began to appear shortly after installing Synapse - I will try checking on their tracker if the issue is not with Yunohost itself.

metyun · June 6, 2021, 9:13pm

Hello @csolisr,

I’ve got the same problem with port 80, but only with the automatic script of yunohost. Can you test with the cli or from the webadmin to see if you have the same behaviour?

If it’s OK from CLI or Webadmin, you can change the time when the script /etc/cron.d/yunohost-diagnosis run. The best is to make a hook for apply the modification. i can give you the one that i use.
Sorry for my bad english, i do my best

csolisr · June 6, 2021, 9:39pm

Thanks for the suggestion! I just checked with the webadmin and it works flawlessly. Mind posting the hook you’re using?

metyun · June 6, 2021, 10:14pm

here it is:

First, create the tree structure if it doesn’t exist:

mkdir -p /etc/yunohost/hooks.d/conf_regen

And create the script /etc/yunohost/hooks.d/conf_regen/02-yunohost_diag

#!/bin/bash

action=$1
pending_dir=$4
diag_conf=$pending_dir/../yunohost/etc/cron.d/yunohost-diagnosis
[[ "$action" == "pre" ]] || exit 0
[[ -e $diag_conf ]] || exit 0
sed -e "s/7/10/" \
    -e "s/19/22/" \
    -i $diag_conf

You must regen-conf in cli with:

yunohost tools regen-conf yunohost

Check that the modification is made in /etc/cron.d/yunohost-diagnosis. If it’s not the case, perhaps you must use the option --force with regen-conf, i don’t remember if i use it or no.

You can choose the hours by changing 10 and 22, it changes 7H (default) with 10H and 19H(default) with 22H

Edit: Sorry if you see the script before my edit, i use it also to comment the yunohost-dyndns because i use a fixed ip. I remove this section now.
Beware! See if you have made some modifications with yunohost tools regen-conf yunohost -n -d before because the regen-conf erase them. If it is the case, you should rather use hooks instead of modify files.

system · July 6, 2021, 10:14pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.