Impossible to connect to SSH or to SMTP

marc · October 2, 2025, 8:57pm

What type of hardware are you using: Raspberry Pi 0, 1 or 2
What YunoHost version are you running: 12.1.26
How are you able to access your server: The webadmin
SSH
Are you in a special context or did you perform specific tweaking on your YunoHost instance ?: no

Describe your issue

Hi,
i can’t connect to SSH with my personal (admin ) login. Only root login succeeds: password is not recognized
I can not use SMTP server: same reason.
However, i can connect to my personal account through web browser, and i also can retrieve emails from server

I conclude that it is a problem of authentification, but not due to LDAP because i can retrieve IMAP server.

The diagnosis is OK: no problem
I read strange errors in postfix log file and SSH log file, when i try to connect.
Any idea?

Thanks in advance

Share relevant logs or error messages

otm33 · October 3, 2025, 10:56am

Could you log before with your main user -from postinstall- and since when have you been unable to connect with this user ?

marc · October 5, 2025, 5:47pm

Hello,
Yes i have always been able to log in with my main user.
Problems have started one week ago with SMTP and SSH.
I don’t think it is due to any update

otm33 · October 5, 2025, 6:11pm

Did you try to change your password from the webadmin ?
Other thing to try:

yunohost tools regen-conf ssh nslcd

marc · October 5, 2025, 6:31pm

I have just tried those twos proposals.
They don’t work

otm33 · October 5, 2025, 7:22pm

And from root session, can you log as your user with su marc?

marc · October 5, 2025, 7:37pm

yes it works

marc · October 5, 2025, 7:41pm

the sshd log file says:

Failed publickey for marc from 192.168.1.40 port 34724 ssh2:

so i wonder if sshd service finds the right password in LDAP database.

jarod5001 · October 5, 2025, 8:09pm

Try yunohost user info marc

otm33 · October 5, 2025, 8:23pm

and groups marc

marc · October 6, 2025, 8:10pm

yunohost user info marc:

fullname: Marc Flender
loginShell: /bin/bash
mail: marc@famille-flender.fr
mail-aliases:
mail-forward:
mailbox-quota:
limit: No quota
use: 27M
username: marc

Groups marc

marc : marc admins all_users mail.main vaultwarden.main vaultwarden.admin phpldapadmin.main phpmyadmin.main sogo.main

marc · October 6, 2025, 9:28pm

I found that authentification is managed by service nslcd.

I disabled the service and restarted it in debug.
Then i tried to connect in ssh.

here is the result:

nslcd: DEBUG: accept() failed (ignored): Resource temporarily unavailable
nslcd: [8b4567] DEBUG: connection from  pid=25364 uid=0 gid=0
nslcd: [8b4567] <authc="marc"> DEBUG: nslcd_pam_authc("marc","sshd","***")
nslcd: [8b4567] <authc="marc"> DEBUG: myldap_search(base="dc=yunohost,dc=org", filter="(&(objectClass=posixAccount)(uid=marc))")
nslcd: [8b4567] <authc="marc"> DEBUG: ldap_initialize(ldap://localhost/)
nslcd: [8b4567] <authc="marc"> DEBUG: ldap_set_rebind_proc()
nslcd: [8b4567] <authc="marc"> DEBUG: ldap_set_option(LDAP_OPT_PROTOCOL_VERSION,3)
nslcd: [8b4567] <authc="marc"> DEBUG: ldap_set_option(LDAP_OPT_DEREF,0)
nslcd: [8b4567] <authc="marc"> DEBUG: ldap_set_option(LDAP_OPT_TIMELIMIT,0)
nslcd: [8b4567] <authc="marc"> DEBUG: ldap_set_option(LDAP_OPT_TIMEOUT,10)
nslcd: [8b4567] <authc="marc"> DEBUG: ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT,10)
nslcd: [8b4567] <authc="marc"> DEBUG: ldap_set_option(LDAP_OPT_REFERRALS,LDAP_OPT_ON)
nslcd: [8b4567] <authc="marc"> DEBUG: ldap_set_option(LDAP_OPT_RESTART,LDAP_OPT_ON)
nslcd: [8b4567] <authc="marc"> DEBUG: ldap_simple_bind_s(NULL,NULL) (uri="ldap://localhost/")
nslcd: [8b4567] <authc="marc"> DEBUG: ldap_result(): uid=marc,ou=users,dc=yunohost,dc=org
nslcd: [8b4567] <authc="marc"> DEBUG: myldap_search(base="uid=marc,ou=users,dc=yunohost,dc=org", filter="(objectClass=*)")
nslcd: [8b4567] <authc="marc"> DEBUG: ldap_initialize(ldap://localhost/)
nslcd: [8b4567] <authc="marc"> DEBUG: ldap_set_rebind_proc()
nslcd: [8b4567] <authc="marc"> DEBUG: ldap_set_option(LDAP_OPT_PROTOCOL_VERSION,3)
nslcd: [8b4567] <authc="marc"> DEBUG: ldap_set_option(LDAP_OPT_DEREF,0)
nslcd: [8b4567] <authc="marc"> DEBUG: ldap_set_option(LDAP_OPT_TIMELIMIT,0)
nslcd: [8b4567] <authc="marc"> DEBUG: ldap_set_option(LDAP_OPT_TIMEOUT,10)
nslcd: [8b4567] <authc="marc"> DEBUG: ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT,10)
nslcd: [8b4567] <authc="marc"> DEBUG: ldap_set_option(LDAP_OPT_REFERRALS,LDAP_OPT_ON)
nslcd: [8b4567] <authc="marc"> DEBUG: ldap_set_option(LDAP_OPT_RESTART,LDAP_OPT_ON)
nslcd: [8b4567] <authc="marc"> DEBUG: ldap_sasl_bind("uid=marc,ou=users,dc=yunohost,dc=org","***") (uri="ldap://localhost/") (ppolicy=yes)
nslcd: [8b4567] <authc="marc"> ldap_result() timed out
nslcd: [8b4567] <authc="marc"> DEBUG: failed to bind to LDAP server ldap://localhost/: Timed out: Operation now in progress
nslcd: [8b4567] <authc="marc"> DEBUG: ldap_unbind()
nslcd: [8b4567] <authc="marc"> uid=marc,ou=users,dc=yunohost,dc=org: Timed out
nslcd: [8b4567] <authc="marc"> DEBUG: myldap_search(base="dc=yunohost,dc=org", filter="(&(objectClass=shadowAccount)(uid=marc))")

The interesting line is:

nslcd: [8b4567] <authc=“marc”> DEBUG: failed to bind to LDAP server ldap://localhost/: Timed out: Operation now in progress

What do you think?

otm33 · October 6, 2025, 9:40pm

Does ldapsearch -x -H ldap://localhost -b "dc=yunohost,dc=org" "(uid=marc)" return ldap entry or fail ?

marc · October 6, 2025, 9:44pm

I also searched for the information in LDAP for my account:

ldapsearch -x -LLL -b dc=yunohost,dc=org 'uid=marc'

Result:

n: uid=marc,ou=users,dc=yunohost,dc=org
objectClass: mailAccount
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: userPermissionYnh
givenName: Marc
sn: Flender
displayName: Marc Flender
cn: Marc Flender
uid: marc
mailuserquota: 0
gidNumber: 48566
uidNumber: 48566
homeDirectory: /home/marc
loginShell: /bin/bash
permission: cn=vaultwarden.admin,ou=permission,dc=yunohost,dc=org
permission: cn=phpldapadmin.main,ou=permission,dc=yunohost,dc=org
permission: cn=phpmyadmin.main,ou=permission,dc=yunohost,dc=org
permission: cn=sogo.main,ou=permission,dc=yunohost,dc=org
permission: cn=vaultwarden.main,ou=permission,dc=yunohost,dc=org
permission: cn=mail.main,ou=permission,dc=yunohost,dc=org
mail: marc@famille-flender.fr
maildrop: marc

I don’t see any ssh permission groupe.
When i compare it to another account, who is not in admin group, i can see no difference.

So, i wonder where LDAP and NSLCD find the information that the account marc may connect through SSH

otm33 · October 6, 2025, 9:50pm

same here but ssh works.
I guess you tried to stop/start slapd many times…

marc · October 6, 2025, 9:51pm

Dear otm33,
Sorry i did not see your proposal.
Yes, ldapsearch in ldap://localhot works fine

marc · October 6, 2025, 9:53pm

I guess you tried to stop/start slapd many times…

No, i don’t remember starting/stoping slapd

marc · October 6, 2025, 10:02pm

Another interesting test:

I disable nslcd service
i try to connect to webadmin with my acciunt “marc” : it works
i enable nslcd in debug mode
i try to connect to ssh : it doesn’t work

conclusion:

connexion to webadmin = sso
but connection to ssh = nslcd through LDAP
There must be a problem between NSLCD and LDAP

jarod5001 · October 6, 2025, 10:02pm

Does yunohost tools regen-conf nslcd --dry-run --with-diff give something? And probably yunohost tools regen-conf --dry-run --with-diff

marc · October 6, 2025, 10:10pm

Unfortunately not, these two commands don’t change anything, even after restarting slapd, ssh and nslcd