Bonsoir,
Je me permets d’ouvrir un sujet pour vous demander votre aide concernant l’impossibilité de me connecter en ssh sur mon serveur Ynh depuis le passage à la version 4.2.
Après la MàJ, l’outil de diagnostique m’indiquait que la config ssh devait être régénérée et m’a indiquait une commande à exécuter pour cela.
Depuis dès que j’essaie de me connecter j’ai le message suivant après avoir rentré le mot de passe “Permission denied, please try again.”
J’ai bien essayé de modifier le ficchier sshd_config en autorisant la connexion root et par mot de passe, j’ai également autorisé l’utilisateur amdin via “allowuser” mais tout ceci ne change rien.
Voici le fichier :
# This configuration has been automatically generated
# by YunoHost
Protocol 2
Port 1991
ListenAddress ::
ListenAddress 0.0.0.0
HostKey /etc/ssh/ssh_host_ecdsa_key
HostKey /etc/ssh/ssh_host_ed25519_key
HostKey /etc/ssh/ssh_host_rsa_key
# ##############################################
# Stuff recommended by Mozilla "modern" compat'
# https://infosec.mozilla.org/guidelines/openssh
# ##############################################
KexAlgorithms diffie-hellman-group-exchange-sha256
Ciphers aes256-ctr,aes192-ctr,aes128-ctr
MACs hmac-sha2-512,hmac-sha2-256
# LogLevel VERBOSE logs user's key fingerprint on login.
# Needed to have a clear audit track of which key was using to log in.
SyslogFacility AUTH
LogLevel VERBOSE
# #######################
# Authentication settings
# #######################
# Comment from Mozilla about the motivation behind disabling root login
#
# Root login is not allowed for auditing reasons. This is because it's difficult to track which process belongs to which root user:
#
# On Linux, user sessions are tracking using a kernel-side session id, however, this session id is not recorded by OpenSSH.
# Additionally, only tools such as systemd and auditd record the process session id.
# On other OSes, the user session id is not necessarily recorded at all kernel-side.
# Using regular users in combination with /bin/su or /usr/bin/sudo ensure a clear audit track.
LoginGraceTime 120
PermitRootLogin yes
StrictModes yes
PubkeyAuthentication yes
PermitEmptyPasswords no
ChallengeResponseAuthentication no
AllowUsers r2d2
PasswordAuthentication yes
UsePAM yes
# Change to no to disable tunnelled clear text passwords
# (i.e. everybody will need to authenticate using ssh keys)
#PasswordAuthentication yes
# Post-login stuff
Banner /etc/issue.net
PrintMotd no
PrintLastLog yes
ClientAliveInterval 60
AcceptEnv LANG LC_*
# Disallow user without ssh or sftp permissions
AllowGroups ssh.main sftp.main ssh.app sftp.app admins root
# Allow users to create tunnels or forwarding
AllowTcpForwarding yes
AllowStreamLocalForwarding yes
PermitTunnel yes
PermitUserRC yes
# SFTP stuff
Subsystem sftp internal-sftp
# Apply following instructions to user with sftp perm only
Match Group sftp.main,!ssh.main
ForceCommand internal-sftp
# We can't restrict to /home/%u because the chroot base must be owned by root
# So we chroot only on /home
# See https://serverfault.com/questions/584986/bad-ownership-or-modes-for-chroot-directory-component
ChrootDirectory /home
# Forbid SFTP users from using their account SSH as a VPN (even if SSH login is disabled)
AllowTcpForwarding no
AllowStreamLocalForwarding no
PermitTunnel no
# Disable .ssh/rc, which could be edited (e.g. from Nextcloud or whatever) by users to execute arbitrary commands even if SSH login is disabled
PermitUserRC no
Match Group sftp.app,!ssh.app
ForceCommand internal-sftp
ChrootDirectory %h
AllowTcpForwarding no
AllowStreamLocalForwarding no
PermitTunnel no
PermitUserRC no
PasswordAuthentication yes
# root login is allowed on local networks
# It's meant to be a backup solution in case LDAP is down and
# user admin can't be used...
# If the server is a VPS, it's expected that the owner of the
# server has access to a web console through which to log in.
Match Address 192.168.0.0/16,10.0.0.0/8,172.16.0.0/12,169.254.0.0/16,fe80::/10,fd00::/8
PermitRootLogin yes
J’ai aussi essayé en désactivant Fail2ban mais toujours sans succès.
Merci de votre aide !