SSH Access Denied after yunohost update

Hi everyone,

My YunoHost server

  • Hardware: VPS from Kimsufi (low end OVH service so no KWM) - Debian 10
  • YunoHost version:
  • I have access to my server : Through SSH (Putty) & the webadmin

After I did a system update including linux & yunohost packages yesterday , I am now unable to connect to my server via SSH terminal with my user “adminuser” that I created when first installing yunohost.
I got an “Access Denied” after validating the password in the terminal.

Root login was already disable but I use to log with the user “adminuser” (which exist in /etc/passwd).

Thanks to Aleks reponse in another topic I found a way around and was able to connect with the user “admin”.

Aleks lightning solution :

If you’re able to login to the web admin interface, then that’s the same password. Be sure to log on ssh using the admin user (not root).

Do you know why I can’t access my server with my usual user ?

Thanks for your help !

Hello, and welcome!

What was the YunoHost version before the upgrade?

Can you check that your YunoHost user has the SSH permission in the permissions panel?

YunoHost manages the ssh config file, and it may have overriden it during the upgrade. However, it should have warned you about it. The fact that you refer to /etc/passwd makes me think that you are using a user that’s not created by YunoHost. If so, try using a YNH user and give it ssh permission. If you do not want to do that, you will need to tweak the ssh config file and YNH will yell about it.

1 Like

This is probably related to changes in version 4.2 where we disabled ssh login using random user. Instead, ssh login permission must be explicitly granted to specific users, which is a safer security practice:

1 Like

Hi ! Thanks for your anwser.

I don’t know for sure what was the YunoHost version before the upgrade. I would guess 4.1 or 4.2. Any way I can find that information ?

As you say, none of the user I mention (root, adminuser, admin) are “created as Yunohost User”

  • root and adminuser are debian user
  • admin is the user to connect to the administration panel

I used to connect with adminuser (root was already forbidden) and now I can’t : Your guess must be right :

YunoHost manages the ssh config file, and it may have overriden it during the upgrade

I can now log with the admin user (the same one I use for administration panel).
Can you confirm that login with SSH as admin user is the right way to do it ?

Yes it is

1 Like

Thanks for that !

I try to grant SSH permission to an yunohost user and I am able to login into SSH with this user.

Hi, apparently after the latest update and installation of “custom webapp” I can’t access SFTP server of this app via my_webapp user too. This isn’t the yunohost user, just a system user with access to /var/www/my_webapp/ dir.

edit: log from FileZilla:

Status: Connecting to *****************…
Response: fzSftp started, protocol_version=10
Command: open my_webapp@***************** 22
Status: Using username my_webapp.
Command: Pass: *************************
Error: FATAL ERROR: Remote side unexpectedly closed network connection
Error: Could not connect to server


root@*****************:/etc/ssh# groups my_webapp
my_webapp : my_webapp

Added my_webapp user to group - now it works. However it took me some time to realise what’s wrong and find the right solution…


Glad you could find away aroud ! I guess this change is due to 4.2 update.

You could also add SFTP permission to this user throught the administrator panel.
Would it be a more secure way to add SFTP permission instead of SSH ?

@nosmose, the SFTP permission was already set, this user was in group.

You could also add SFTP permission to this user throught the administrator panel.

Unfortunately this wasn’t possible, as my_webapp is not a typical “yunohost user”.
cat /etc/passwd:
It was created during Custom Webapp instance installation, only to control access to /var/www/my_webapp/ dir. :slight_smile:

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.