From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp10.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms5.migadu.com with LMTPS id 2B0zDokdSWNLKwEAbAwnHQ (envelope-from ) for ; Fri, 14 Oct 2022 10:27:53 +0200 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp10.migadu.com with LMTPS id WIIJDYkdSWPVtwAAG6o9tA (envelope-from ) for ; Fri, 14 Oct 2022 10:27:53 +0200 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id E94F22BA6D for ; Fri, 14 Oct 2022 10:27:52 +0200 (CEST) Received: from localhost ([::1]:34074 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1ojG2p-00072Q-OU for larch@yhetil.org; Fri, 14 Oct 2022 04:27:51 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:51848) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1ojG2S-0006zw-3p for help-guix@gnu.org; Fri, 14 Oct 2022 04:27:28 -0400 Received: from mail-ed1-x535.google.com ([2a00:1450:4864:20::535]:47057) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1ojG2G-00069l-Gi for help-guix@gnu.org; Fri, 14 Oct 2022 04:27:26 -0400 Received: by mail-ed1-x535.google.com with SMTP id m15so5824007edb.13 for ; Fri, 14 Oct 2022 01:27:15 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=NWcHHO2KVO5lEtA1dSZ0I4JSCFmkGT9OuIEqSolkRCE=; b=SF/pcVWaHjRFfk/I32pB4BBKx68Hgb9WMwIbWQ/P+IwoSIzN6nQisramD5UiXcg0Sa OJ+aqh4bO5z32P1CR06TL0Uq25yi/w1aafuxFZz8WxY0j8ZVxplkiL+zVThe3FiXeQo+ b5GjNo4fqF7TLfNVa93banl6+mT7dA65kP32lbo4aSuOaTIgLr6wOhxGNFuba62mCH1f h1oAM4EBTSxD52d3u3EVBkBb9BwRQM2iQqwLF5wssJn4M/bUEgET9/+a82843J//azrQ p0s9PLzK6G97LMy0PdM5RGvFIVVTBXLaFIVYEP0t2gkuJCM0mCRkNtCIoA8zHa9ueiLn CVrQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=NWcHHO2KVO5lEtA1dSZ0I4JSCFmkGT9OuIEqSolkRCE=; b=cE1YcVEBq63OIoaR2DKzWMvGue/v1xOvOhAizHDF8yDIJTOHx/uJpPz/d8nlkA/MMB HJBtDapiHBa8JxaZHPwq7CKgWdJBjy6yjUXBHLxXB5IIB25Jym9JwLh4l4ScKNdt3pw9 01zKZIw6GK3jAfSaSLcQeIS+HpB0m1VSLU/ylFIxMrTRbWs5wM1e1NiYmgF+JH1UxDEV okWazD1IIDpmv3dhKmFGYqaqqZ0Kaam/qmjSsxpQxw2ZmmFMpsvU5ZhTQym+OzGSqX6Z 1cjseCw4idiwzRh0yLW0ySEST2Q3vF6PCIrYFXYmR/8fGK4i5eaffrhixsp50GJEy5jn MP3Q== X-Gm-Message-State: ACrzQf01IIDyaw6m+DG0/YFRFaLgDGZpghl/RqYCHy0P3u53DUTNltid oCTKhl7OrTeIqveHdwYNVFxTwcKKhfr5Ca29E94= X-Google-Smtp-Source: AMsMyM6K4BjmYkem4LDXFMjOX17Fc5nlYN8igxCT8s3I/8XsENg+xVK3e3giuhAiCFjbxaucnFyJuVeRdughUoU/EOk= X-Received: by 2002:a05:6402:2402:b0:45c:a1ce:94d8 with SMTP id t2-20020a056402240200b0045ca1ce94d8mr3285529eda.50.1665736033541; Fri, 14 Oct 2022 01:27:13 -0700 (PDT) MIME-Version: 1.0 References: <87mta0xpcc.fsf@gmail.com> In-Reply-To: <87mta0xpcc.fsf@gmail.com> From: "dabbede@gmail.com" Date: Fri, 14 Oct 2022 10:27:01 +0200 Message-ID: Subject: Re: Connection refused to Guix-hosted SSH To: Oleg Pykhalov Cc: help-guix@gnu.org Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Received-SPF: pass client-ip=2a00:1450:4864:20::535; envelope-from=dabbede@gmail.com; helo=mail-ed1-x535.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: help-guix@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: help-guix-bounces+larch=yhetil.org@gnu.org Sender: "Help-Guix" X-Migadu-Flow: FLOW_IN X-Migadu-Country: US ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1665736073; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post:dkim-signature; bh=NWcHHO2KVO5lEtA1dSZ0I4JSCFmkGT9OuIEqSolkRCE=; b=F2n6BCCOKYCuGYDkB6UcLxIuuFjP213qqlKNYkZwENMSdT0QB7/mmzyUxh4u8A2WLBxMqI h0zLu/q02xQ3FznIvxa6Wa9NOrBM9sJUYgd2iWdEGEaMn4RGIA/MlpupIgE8j+TzrxdneV pqgd5DcL3LS4GcgLtEDesYG3rn8tuZr8jcV3S+MqUx+CLGBDNTrtdm/RbM/IU/frTOizL9 tqutLORpXvoT3OtHDKqJ3WSKm8nLmDyy+MKNuYJhj5pzNUCXuT8+CPgrqSZlPv9x3hlQDT V6E40rER39W0vqNJ9OPWNvmT1ZsU01uwIxbZFEzxYpLM16BcTeaTG8u2lQzwtg== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1665736073; a=rsa-sha256; cv=none; b=hHSqlKS7wfxZWLmAEMnIJsAW+XMCS4wwKwJZG7F+DcWU7hWNSNck7MFNfOwp4sOBSUhY5a q3w/buTss1raQHfcHf4r0ZQ0cIwZfY8ngNMflIHmOrJDsxVEoeLvbKgieb1SGZgnIYwphz JzDOrJ/2Ho0NSzGhzorMVFXg9+oUWCLFednKdj5c5KAUUfqqJ6R1qjEaiNHn97A+ZTqLTv JrGv/pam/94HMvU1vUt2R9BVySC8TJmypBDgD2ksp2AU/Tvbg+z4HsywawB7LyfZJLws2x q9aXI+CUVjIJ1ZwMOK5SGxnTmZ7jPy8iqlNMAcOQ41RkZIr9cwY7BDNfNqT/Ug== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=pass header.d=gmail.com header.s=20210112 header.b="SF/pcVWa"; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (aspmx1.migadu.com: domain of "help-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="help-guix-bounces+larch=yhetil.org@gnu.org" X-Migadu-Spam-Score: -6.40 Authentication-Results: aspmx1.migadu.com; dkim=pass header.d=gmail.com header.s=20210112 header.b="SF/pcVWa"; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (aspmx1.migadu.com: domain of "help-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="help-guix-bounces+larch=yhetil.org@gnu.org" X-Migadu-Queue-Id: E94F22BA6D X-Spam-Score: -6.40 X-Migadu-Scanner: scn0.migadu.com X-TUID: 9thcUvtZM4UA On Thu, Oct 13, 2022 at 7:30 AM Oleg Pykhalov wrote: > > Hi, Hi oleg [...] > > > From another machine I can correctly ping this system at the static > > address, but I can't login with private credentials. Actually, I can't > > connect even with password, because every time my client ends with > > "Network error: Software caused connection abort". > > Is another machine in the same network 10.168.214.102/24? Yes, with IP 10.168.214.155 > A default gateway should be specified if not. > > (static-networking > (routes > (list (network-route > (destination "default") > (gateway "???")))) > ...) I've tried now your suggestion, but even with that it doesn't work > > Within guix, if I run "ssh pcp@localhost" I receive a "Connection > > reset by 127.0.0.1 port 22" (I don't know if it is supposed to work on > > localhost). > > It is supposed. This is a bad sign... no matter my network (client-server) configuration, localhost should always be reachable (from within the server) > What does =E2=80=98sudo herd status=E2=80=99 show? Started: + console-font-tty1 + console-font-tty2 + console-font-tty3 + console-font-tty4 + console-font-tty5 + console-font-tty6 + file-system-/dev/pts + file-system-/dev/shm + file-system-/gnu/store + file-system-/sys/firmware/efi/efivars + file-system-/sys/kernel/debug + file-systems + guix-daemon + loopback + mcron + networking + nscd + root + root-file-system + ssh-daemon + swap-713766 + syslogd + term-tty1 + term-tty2 + term-tty3 + term-tty4 + term-tty5 + term-tty6 + udev + urandom-seed + user-file-systems + user-processes + virtual-terminal Stopped: - term-console One-shot: * host-name * sysctl * user-homes If I invoke "sudo herd status ssh" I obtain this output: Status of ssh-daemon: It is started. Running value is ("#" "#"). It is enabled. Provides (ssh-daemon ssh sshd). Requires (syslogd loopback). Conflicts with (). Will be respawned. It seems to me that everything is correctly running... > > I've also tried to manaully add the pub keys in ".ssh/authorized_keys" > > for both users, with no luck. What am I missing?! > > By default on Guix system that should work as well as specifing keys in > the system configuration file. > > Make sure that .ssh directory has 0700 permissions, which is required by > SSH daemon. > > > Oleg. In principle I had no .ssh folder, I've only added it later in a desperate attempt to solve the issue. Now I set the permissions as your suggestion but it does not solve the issue. What else can I check? Where can I find the sshd config file that Guix built "under the hood" using my config.scm?! Just to double check that the everything is properly set... Thanks