Ssh password fail after installation

Support
,
1

What type of hardware are you using: VPS bought online
What YunoHost version are you running: 12.1.36
How are you able to access your server: SSH
Are you in a special context or did you perform specific tweaking on your YunoHost instance ?: No

Describe your issue

Hi friends, :blush:
I am using a VPS and installing Yunohost. I have installed it many times before and it always worked but now after installation I cannot ssh to my VPS anymore. When I am asked for the authentification password it always gets rejected, with both the admin user and root.

I tried to keep a terminal open as root on the VPS after the installation to view the ssh logs: they says password identification failed aswell when I try to ssh to the VPS from another terminal.

I tried different VPS instances but only one version on Yunohost. I tried both options of ssh managed by yunohost during the installation. Same result.

However I CAN log in with the admin user to the installed yunohost instance in the browser with the IP of the VPS.

Could you please help me?

Share relevant logs or error messages

T

2

As a first time user my link to the logs was rejected . …

3

Hello,
Have you been through the initial configuration step (via the WebUI or the CLI) and defined an admin password?

After the initial configuration step, the behavior you describe is meant to be this way ( `root` is a default account which is more likely to be subject to bruteforcing), as documented there: Get access back into YunoHost | Yunohost

Now if you have set up an admin password, you should be able to log in using the admin user’s account, except if you tried several times with root account just before - which might have got your IP banned for a short while… Try again later only with admin user account (if you really need to access root account, log to the admin user account and then run sudo -i).

4

Thank you for your reply.

I did set the admin user password. But the password authentication gets rejected after the installation. I do the installation through the CLI.

I have installed yunohost this way at least a dozen of times in the past and never had any problems. I tried installing at least 5 times yesterday on a fresh VPS Debian 12. Everytime I totally nuked the VPS to eliminate any edge cases.

When I connect to the graphics interface in my webbrowser the same password for admin gets accepted. When I connect through ssh from a terminal it gets rejected. Same admin user, same password. How strange!

5

Hmm… Not sure whether it could play a role here, but is it your usual VPS provider or a new one ?
Do you install YNH from the VPS console (i.e. IP of the VPS) ?
Would your VPS provider include a firewall at the VM level configured in such way that it would block you?
Would you like to do a new test using another password as simple as possible (just in case it could be a bug with some badly supported characters).
Also you should be able to insert the logs in a code block (instead of linking to them if you are not allowed to so far).

FYI I did install YNH on a fresh Debian 12 VPS yesterday as well and it worked as expected, however my case was a bit different as I wanted to restore a backup, i.e.:

  1. Install YNH via CLI
  2. Skip configuration (at this point I still had a living SSH connection to the root user, but I was also able to open a new one using scp to upload my backup).
  3. Run yunohost backup restore [...]
  4. Once restored, I was able to log to my old admin account with my old password.
6

Hi @DrPhil
It rings a bell
Did you try to ssh with verbose mode enabled?

7

Thanks for the suggestion:

debug3: send packet: type 50

debug2: we sent a password packet, wait for reply

debug3: receive packet: type 51

debug1: Authentications that can continue: publickey,password

Permission denied, please try again.

:pensive_face: no win

8

Thanks for your reply.

I tried again on a fresh Vultr VPS located on a different continent (who knows? :joy:). Same issue.

The debian version is 12.12 and yunohost version is 12.1.36

I tried a password with letters only. Same problem.

On the server side I am still connected as root and I can check the ssh log:

Failed password for phil from 45.32.xxx.xxx port 60220 ssh2

So the connection is made but the password fails. It s so mysterious to me…. :man_shrugging:

9

and is the installation performed via a SSH terminal opened on your local machine or via the Vultr website (like web SSH console or so)?

But yes that’s interesting to note…

Can you check that grep AllowGroups /etc/ssh/sshd_config lists “admins”
and that groups phil lists “admins” as the group of this user ? (source)

10

Yes I perform the install from my phone running termux. I ssh as root to the VPS. I don’t have a laptop to try at the moment but have been doing it this way for months/years without issue.

I checked AllowGroups and groups phil and it is all good.

11

:thinking:
Did you check sshd_config file ?
Does yunohost tools regen-conf ssh --dry-run --with-diff send an output ?
…qwerty/azerty issue with termux keyboard ?

12

Thank you for your participation

No output to your command.

I have never used azerty since decades. I tried “troglodite“ as a password and it did not work. I think this is a azerty/qwerty identical password.

13

I would create via webadmin two users for testing.

  1. With the first one (testuser1 or whatever you want), I would check wether I can connect as phil on the server side :

su - testuser1
Then, try to switch to phil user with pwd
su - phil
=> failed password or not ?
2. Via webadmin, I would set admins permissions to testuser2 and would try to connect via ssh as this user.
=> failed password or not ?

14

Other thing to try:

Start loggiung for nslcd with journalctl -u nslcd -f, then try to login as phil via ssh. What does nslcd log return ?
If there’s a timeout, it might also be related to available resources (RAM, CPU)

15

Screenshot_20251211-123940
Screenshot_20251211-123940864×1920 241 KB

I just noticed a warning during the installation:

Invalid numeric literal at line 1, column 6

Could that be the problem?

16

Following your instructions:

On the VPS server after a fresh installation:

root@Warpig11:~# su - testuser1

testuser1@foodie:~$ su - phil

Password:

su: Authentication failure

On my phone:

~ $ ssh testuser2@70.34.xxx.xxx

testuser2@70.34.xxx.xxx’s password:

Permission denied, please try again.

17

The log is not changing as I ssh in with admin user phil. It looks like the nslcd service is turned off…?

root@Warpig11:~# journalctl -u nslcd -f

Dec 11 02:40:17 foodie..nohost.me systemd[1]: nslcd.service: Deactivated successfully.

Dec 11 02:40:17 foodie..nohost.me systemd[1]: Stopped nslcd.service - LSB: LDAP connection daemon.

Dec 11 02:40:17 foodie..nohost.me systemd[1]: Starting nslcd.service - LSB: LDAP connection daemon…

Dec 11 02:40:17 foodie..nohost.me nslcd[69519]: version 0.9.12 starting

Dec 11 02:40:17 foodie..nohost.me nslcd[69519]: accepting connections

Dec 11 02:40:17 foodie..nohost.me nslcd[69508]: Starting LDAP connection daemon: nslcd.

Dec 11 02:40:17 foodie..nohost.me systemd[1]: Started nslcd.service - LSB: LDAP connection daemon.

Dec 11 04:01:03 foodie..nohost.me nslcd[69519]: [e87ccd] <passwd=“”> request denied by validnames option

Dec 11 04:16:33 foodie..nohost.me nslcd[69519]: [d062c2] <passwd=“”> request denied by validnames option

Dec 11 04:33:20 foodie..nohost.me nslcd[69519]: [1d5ae9] <passwd=“pam_unix_non_existent:”> request denied by validnames option

18

Sorry I can’t edit my previous message.

The service is turned on.

19

So nslcd does not log the authentication error…
Do phil, testuser1 and testuser2 appear in the output of getent passwd ?

20

Did you try to reboot the vps, in case.

Try to ssh using your username@domain.com

Check the diagnosis and try to change the ssh port in the webadmin