SSH connection refusée

Bonjour tout le monde,

My YunoHost server

Hardware: VPS OVH 2-2-40
YunoHost version: x.x.x
I have access to my server : through the webadmin, nas.cipherbliss.com
Are you in a special context or did you perform some particular tweaking on your YunoHost instance ? : no
If yes, please explain:

Description

je ne parviens pas à me connecter en SSH à mon VPS debian 10 tout propre sur lequel j’ai installé yunohost avec la commande en curl.

Ma clé SSH avait pourtant bien fonctionné pendant quelques minutes, mais suite au script de postinstall, plus moyen de me connecter en ssh dans un autre terminal.
Je n’ai pas eu le temps de créer un utilisateur dans le terminal où j’étais en root que la session s’est bloquée, plus moyen de se reconnecter en SSH.
On dirait que la configuration de firewall est cassée.

J’ai changé le hostname de la machine dans /etc/hostname
est ce que c’est ça qui a cassé l’accès SSH ?

Je ne peux plus me connecter en SSH mais je peux bien accéder à l’interface web en utilisant le mot de pass admin que j’avais choisi.

log

Voici le log d’install:

Linux yunohost-tk 4.19.0-17-cloud-amd64 #1 SMP Debian 4.19.194-3 (2021-07-18) x86_64

The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Fri Sep 10 09:31:47 2021 from 79.143.250.149
debian@yunohost-tk:~$ sudo -i
sudo: unable to resolve host yunohost-tk: Name or service not known
root@yunohost-tk:~# curl https://install.yunohost.org | bash
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100 22546  100 22546    0     0   289k      0 --:--:-- --:--:-- --:--:--  289k
[INFO] Running upgrade_system
[INFO] Running install_script_dependencies
[INFO] Running create_custom_config
[INFO] Running confirm_installation
[INFO] Running manage_sshd_config
[INFO] Running fix_locales
Generating locales (this might take a while)...
  en_US.UTF-8... done
Generation complete.
[INFO] Running setup_package_source
[INFO] Running apt_update
[INFO] Running register_debconf
[INFO] Running workarounds_because_sysadmin_sucks
[INFO] Workaround for avahi : creating avahi user with uid 548
[INFO] Running install_yunohost_packages
[INFO] Running restart_services
[INFO] Installation logs are available in /var/log/yunohost-installation_20210910_093227.log
[ OK ] YunoHost installation completed !
===============================================================================
You should now proceed with Yunohost post-installation. This is where you will
be asked for :
  - the main domain of your server ;
  - the administration password.

You can perform this step :
  - from the command line, by running 'yunohost tools postinstall' as root
  - or from your web browser, by accessing : 
    - https://146.59.147.38/ (global IP, if you're on a VPS)

If this is your first time with YunoHost, it is strongly recommended to take
time to read the administator documentation and in particular the sections
'Finalizing your setup' and 'Getting to know YunoHost'. It is available at
the following URL : https://yunohost.org/admindoc
===============================================================================
root@yunohost-tk:~# 
root@yunohost-tk:~# yunohost
Error: YunoHost is not correctly installed. Please run 'yunohost tools postinstall'
root@yunohost-tk:~# yunohost tools postinstall
Main domain: nas.cipherbliss.com
New administration password: 
Confirm new administration password: 
Info: Installing YunoHost...
Success! Self-signed certificate now installed for the domain 'nas.cipherbliss.com'
Success! Domain created
Success! The main domain has been changed
Info: Your root password have been replaced by your admin password.
Success! The administration password was changed
Success! Firewall reloaded
Success! App catalog system initialized!
Info: Updating application catalog…
Success! The application catalog has been updated!
Success! The service 'yunohost-firewall' will now be automatically started during system boots.
Success! Service 'yunohost-firewall' started
Success! Configuration updated for 'ssh'
Success! Configuration updated for 'yunohost'
Success! Configuration updated for 'ssl'
Success! Configuration updated for 'slapd'
Success! Configuration updated for 'nslcd'
Success! Configuration updated for 'apt'
Info: The configuration file '/etc/metronome/metronome.cfg.lua' is now managed by YunoHost (category metronome).
Success! Configuration updated for 'metronome'
Success! Configuration updated for 'nginx'
Info: The configuration file '/etc/postfix/master.cf' is now managed by YunoHost (category postfix).
Info: The configuration file '/etc/postfix/main.cf' is now managed by YunoHost (category postfix).
Info: The configuration file '/etc/default/postsrsd' is now managed by YunoHost (category postfix).
Success! Configuration updated for 'postfix'
Info: The configuration file '/etc/dovecot/dovecot.conf' is now managed by YunoHost (category dovecot).
Success! Configuration updated for 'dovecot'
Success! Configuration updated for 'rspamd'
Info: The configuration file '/etc/mysql/my.cnf' is now managed by YunoHost (category mysql).
Success! Configuration updated for 'mysql'
Info: The configuration file '/etc/avahi/avahi-daemon.conf' is now managed by YunoHost (category avahi-daemon).
Success! Configuration updated for 'avahi-daemon'
Info: The configuration file '/etc/dnsmasq.conf' is now managed by YunoHost (category dnsmasq).
Info: The configuration file '/etc/default/dnsmasq' is now managed by YunoHost (category dnsmasq).
Success! Configuration updated for 'dnsmasq'
Success! Configuration updated for 'nsswitch'
Info: The configuration file '/etc/fail2ban/jail.conf' is now managed by YunoHost (category fail2ban).
Success! Configuration updated for 'fail2ban'
Success! YunoHost is now configured
Warning: The post-install completed! To finalize your setup, please consider:
    - adding a first user through the 'Users' section of the webadmin (or 'yunohost user create <username>' in command-line);
    - diagnose potential issues through the 'Diagnosis' section of the webadmin (or 'yunohost diagnosis run' in command-line);
    - reading the 'Finalizing your setup' and 'Getting to know YunoHost' parts in the admin documentation: https://yunohost.org/admindoc.
root@yunohost-tk:~# yunohost diagnosis run
Success! Everything looks good for Base system!
Warning: Found 1 item(s) that could be improved for Internet connectivity.
Error: Found 1 significant issue(s) (and 2 warning(s)) related to DNS records!
Success! Everything looks good for Ports exposure!
Success! Everything looks good for Web!
Error: Found 3 significant issue(s) related to Email!
Success! Everything looks good for Services status check!
Success! Everything looks good for System resources!
Success! Everything looks good for System configurations!
Warning: To see the issues found, you can go to the Diagnosis section of the webadmin, or run 'yunohost diagnosis show --issues --human-readable' from the command-line.
root@yunohost-tk:~# yunohost domain cert-status nas.cipherbliss.com
certificates: 
  nas.cipherbliss.com: 
    CA_type: Self-signed
    summary: WARNING
    validity: 3649
root@yunohost-tk:~# yunohost domain cert-install nas.cipherbliss.com
Info: Now attempting install of certificate for domain nas.cipherbliss.com!
Success! Configuration updated for 'dnsmasq'
Warning: Subdomain 'xmpp-upload.nas.cipherbliss.com' does not resolve to the same IP address as 'nas.cipherbliss.com'. Some features will not be available until you fix this and regenerate the certificate.
Info: Parsing account key...
Info: Parsing CSR...
Info: Found domains: nas.cipherbliss.com
Info: Getting directory...
Info: Directory found!
Info: Registering account...
Info: Registered!
Info: Creating new order...
Info: Order created!
Info: Verifying nas.cipherbliss.com...
Info: nas.cipherbliss.com verified!
Info: Signing certificate...
Info: Certificate signed!
Success! Configuration updated for 'nginx'
Success! Let's Encrypt certificate now installed for the domain 'nas.cipherbliss.com'

root@nas:/home/tykayn# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 146.59.147.38  netmask 255.255.255.255  broadcast 146.59.147.38
        inet6 fe80::f816:3eff:fe9a:6cca  prefixlen 64  scopeid 0x20<link>
        inet6 2001:41d0:304:200::abda  prefixlen 56  scopeid 0x0<global>
        ether fa:16:3e:9a:6c:ca  txqueuelen 1000  (Ethernet)
        RX packets 171427  bytes 235815371 (224.8 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 23643  bytes 3201993 (3.0 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 402  bytes 37313 (36.4 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 402  bytes 37313 (36.4 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

bon, dans la doc il est précisé que l’on peut uniquement se connecter en ssh ensuite via le compte admin, mais la sortie du terminal ne le précise pas :confused:

Bon du coup je peux bien me connecter a mon serveur via SSH avec admin@adresseip

ouf, c’est résolu mais c’est vraiment pas évident.