From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp11.migadu.com ([2001:41d0:8:6d80::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms5.migadu.com with LMTPS id 0GWiE3AkSWOIagAAbAwnHQ (envelope-from ) for ; Fri, 14 Oct 2022 10:57:20 +0200 Received: from aspmx1.migadu.com ([2001:41d0:8:6d80::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp11.migadu.com with LMTPS id aJm4E3AkSWPJSgAA9RJhRA (envelope-from ) for ; Fri, 14 Oct 2022 10:57:20 +0200 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id D0BDA3DA8C for ; Fri, 14 Oct 2022 10:57:19 +0200 (CEST) Received: from localhost ([::1]:52340 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1ojGVK-00038O-Uz for larch@yhetil.org; Fri, 14 Oct 2022 04:57:18 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:54538) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1ojGSz-0000iI-CL for help-guix@gnu.org; Fri, 14 Oct 2022 04:54:55 -0400 Received: from mail-ej1-x631.google.com ([2a00:1450:4864:20::631]:46074) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1ojGSw-0001Or-Tv for help-guix@gnu.org; Fri, 14 Oct 2022 04:54:52 -0400 Received: by mail-ej1-x631.google.com with SMTP id sc25so8991389ejc.12 for ; Fri, 14 Oct 2022 01:54:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=2Pf0i/mi3Yq5z7SQAiY4Oq78K8OE9LG28Hs9zNnyfYQ=; b=Rgn/6YdN3Hk+gqM4zfTewsu/bjhSHm3rE0+S5f/VowFcrbQnOn1rrBNoOQdMWxpbqH Ib7E1UsBTvu6XmcmARblzNcqbjLDcmLs/n3YODwWRd6oCkdKLjFGOfeHBsIu8AHO0IF9 AR95GA+r9z/di4Hwgmh3d0jlt5Q3+tF3o1Y3/0rsFpjYc1wG7MQJ16ZUg9GMyH4s7POE x/tdaLB7YgWcl9eGQIJ+Zx2Y/iysB0+eC4EwM6sMRkWouBRgfVTKYZj62npMapdzMqWf CkK8JyJE3QBEhw3wn67fyFHUD9j4fiW8N2kIsR1TbPf+3t8XxKEORpp9hT3N8+7DOFRB j23A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=2Pf0i/mi3Yq5z7SQAiY4Oq78K8OE9LG28Hs9zNnyfYQ=; b=IEh+ZAkVjTKO5x6zrrMRHXZZdiPJkAAtRUkYLTblZWP0vwy5Q/oUETPA1kzyOczfSn gRihpKtzIu49jd/gIsNIvF5S9I+HcZ6r3AUvC7dsMQAzVuLHR8JDsQLWT426ZEPMzbRw CgT1X+0LKscAjxxzYDpWdH9gF5aSPoCJrlREPZ6sU9Oeu4R4PqfJ7ZtjX3zO5PhceAYW 9opG9m+d8rELNKCSLWIFNkO64dnmezopmHK0cDsxoleHXiXxCzMHe+zVKOAhYVB/79nU wMIPy8YleE+HAODJdtfC+WjNuEBoian0ifUXIT3NNCTdq0TeknC82PPQ6xM/YYiRcKR1 KY1Q== X-Gm-Message-State: ACrzQf2tn74gwlYz/5CmkjPbkfbVdlWUH/wR6DFwlh+ImQn9QW7/fisl S3pNAHPp7AYPSnDP//R5WIkjlRbdO6r6OVcphmMbiNH0Kqw= X-Google-Smtp-Source: AMsMyM53Nj7663g/pU9iAuDuBrUCMkdSZlqhxAaPG2LNwa9dkI+wMzjRUw8cWf0UMu3M85VJNTOwY/PDOtAEvhmNOBc= X-Received: by 2002:a17:907:7ea7:b0:78d:3638:9018 with SMTP id qb39-20020a1709077ea700b0078d36389018mr2858024ejc.236.1665737689165; Fri, 14 Oct 2022 01:54:49 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: "dabbede@gmail.com" Date: Fri, 14 Oct 2022 10:54:37 +0200 Message-ID: Subject: Re: Connection refused to Guix-hosted SSH To: Felix Lechner Cc: help-guix@gnu.org Content-Type: text/plain; charset="UTF-8" Received-SPF: pass client-ip=2a00:1450:4864:20::631; envelope-from=dabbede@gmail.com; helo=mail-ej1-x631.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: help-guix@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: help-guix-bounces+larch=yhetil.org@gnu.org Sender: "Help-Guix" X-Migadu-Flow: FLOW_IN X-Migadu-Country: US ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1665737839; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post:dkim-signature; bh=2Pf0i/mi3Yq5z7SQAiY4Oq78K8OE9LG28Hs9zNnyfYQ=; b=rpkK2dqelCt1EUWK6VGpNcJ8+L7T2bGCoiqsAjtXQ0IKzfJRjqR7aPkPEC3HxwSstg8/le q5nFYeYAGOK02+prCuf/5LfeQiI6iJt1vNY1MPXrjmXOLEXfNsOmqlsHXtesywVtJnEmYQ L0bIQUjM4yC1Ono5J/onOv+ho5sRQB6Pp9111lZIyFyzDa0vNzOsrCpZkAvE8iRDd7JY8z oQ+Q+lsKQhDu4dOSYYD7misYl6cPRsPQgZ2aELU4CKcns5wa6T6rEzT2AqNe0aCGcrA8cY rxlX+e1Rc2TXpdSOY5tYS073PLV3Y3dT2ANeb8Ka9rKzVGnQMquybkqOOv1juA== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1665737839; a=rsa-sha256; cv=none; b=uV1+5847kf5y2nrvHxxOXics9lIbHdZeQsdEA+9SsGTB8Hgl4Rae/mBE1mt1CfNRr3q+// 0mZfduhbpKNt8PgWm49VD7o4g/THmXUPq3RklwVRNei6sMxWKG5BFA2O5M+FKJGixFvOQJ BWX3Msxbxm8oyT4kR/fDhNC6d/E7taOzZAG3ZSr1qv23biPhBUxIOrq0ryoeLqcy2M6xSN H8Wo2tZVnpsKkjnwqgOe/mqP2rPmkCqPJgCKaZ6emh9t023omZWk0YI3f0bBo/5WIYMuBJ 9NK6XoCQOP36q5ODqd6AKkEt4rVbDqPmH5wCzPGjTFo9bESp+7jCAxQkKVqeJQ== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=pass header.d=gmail.com header.s=20210112 header.b="Rgn/6YdN"; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (aspmx1.migadu.com: domain of "help-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="help-guix-bounces+larch=yhetil.org@gnu.org" X-Migadu-Spam-Score: -6.40 Authentication-Results: aspmx1.migadu.com; dkim=pass header.d=gmail.com header.s=20210112 header.b="Rgn/6YdN"; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (aspmx1.migadu.com: domain of "help-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="help-guix-bounces+larch=yhetil.org@gnu.org" X-Migadu-Queue-Id: D0BDA3DA8C X-Spam-Score: -6.40 X-Migadu-Scanner: scn0.migadu.com X-TUID: nDWIQmdIWoqM On Thu, Oct 13, 2022 at 11:05 PM Felix Lechner wrote: > > Hi, Hi Felix > On Wed, Oct 12, 2022 at 1:33 PM dabbede@gmail.com wrote: > > > > I can't login with private credentials. > > Did you set a password interactively? Otherwise you can set an initial > password with something like (password (crypt "alice" "$6$abc")) [1] Password was set interactively. Now I've added a third user "test" with a prescribed/crypted password and I can login to it from terminal but, again, not from ssh client. > Either way, I would also have a look at the output of > > fgrep -i ssh /var/log/messages > > on the server. Sure. I receive a bunch of messages of this form: Oct 14 10:04:23 localhost vmunix: [ 5869.880044] audit: type=1326 audit(1665734663.369:6): auid=4294967295 uid=989 gid=983 ses=4294967295 subj=unconfined pid=599 comm="sshd" exe="/gnu/store/jgw64z5w2q6b4nph7a74jc97ihfxkfsf-openssh-8.9p1/sbin/sshd" sig=31 arch=40000003 syscall=414 compat=0 ip=0xb7f94549 code=0x0 Oct 14 10:04:23 localhost shepherd[1]: 0 connections still in use after sshd-5 termination. Oct 14 10:04:23 localhost shepherd[1]: Service sshd-5 (PID 598) exited with 255. Oct 14 10:04:23 localhost shepherd[1]: Service sshd-5 has been disabled. Oct 14 10:04:23 localhost shepherd[1]: Transient service sshd-5 terminated, now unregistered. Oct 14 10:05:43 localhost shepherd[1]: Service sshd-6 has been started. Oct 14 10:05:43 localhost vmunix: [ 5950.061859] audit: type=1326 audit(1665734743.553:7): auid=4294967295 uid=989 gid=983 ses=4294967295 subj=unconfined pid=601 comm="sshd" exe="/gnu/store/jgw64z5w2q6b4nph7a74jc97ihfxkfsf-openssh-8.9p1/sbin/sshd" sig=31 arch=40000003 syscall=414 compat=0 ip=0xb7fba549 code=0x0 Oct 14 10:05:43 localhost shepherd[1]: 0 connections still in use after sshd-6 termination. Oct 14 10:05:43 localhost shepherd[1]: Service sshd-6 (PID 600) exited with 255. Oct 14 10:05:43 localhost shepherd[1]: Service sshd-6 has been disabled. Oct 14 10:05:43 localhost shepherd[1]: Transient service sshd-6 terminated, now unregistered. I see "Service sshd-6 (PID 600) exited with 255." but I don't know what it means nor why. In order to gain more insight I've tried to connect with verbose output "ssh -v test@localhost" and this is the output OpenSSH_8.9p1, OpenSSL 1.1.1q 5 Jul 2022 debug1: Connecting to localhost [127.0.0.1] port 22. debug1: Connection established. debug1: identity file /home/pcp/.ssh/id_rsa type 0 debug1: identity file /home/pcp/.ssh/id_rsa-cert type -1 debug1: identity file /home/pcp/.ssh/id_ecdsa type -1 debug1: identity file /home/pcp/.ssh/id_ecdsa-cert type -1 debug1: identity file /home/pcp/.ssh/id_ecdsa_sk type -1 debug1: identity file /home/pcp/.ssh/id_ecdsa_sk-cert type -1 debug1: identity file /home/pcp/.ssh/id_ed25519 type -1 debug1: identity file /home/pcp/.ssh/id_ed25519-cert type -1 debug1: identity file /home/pcp/.ssh/id_ed25519_sk type -1 debug1: identity file /home/pcp/.ssh/id_ed25519_sk-cert type -1 debug1: identity file /home/pcp/.ssh/id_xmss type -1 debug1: identity file /home/pcp/.ssh/id_xmss-cert type -1 debug1: identity file /home/pcp/.ssh/id_dsa type -1 debug1: identity file /home/pcp/.ssh/id_dsa-cert type -1 debug1: Local version string SSH-2.0-OpenSSH_8.9 debug1: Remote protocol version 2.0, remote software version OpenSSH_8.9 debug1: compat_banner: match: OpenSSH_8.9 pat OpenSSH* compat 0x04000000 debug1: Authenticating to localhost:22 as 'test' debug1: load_hostkeys: fopen /home/pcp/.ssh/known_hosts: No such file or directory debug1: load_hostkeys: fopen /home/pcp/.ssh/known_hosts2: No such file or directory debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: algorithm: curve25519-sha256 debug1: kex: host key algorithm: ssh-ed25519 debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: compression: none debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: compression: none debug1: expecting SSH2_MSG_KEX_ECDH_REPLY Connection reset by 127.0.0.1 port 22 The lines about missing known_hosts were suspicious, but even touching a new .ssh/knwon_hosts does not help. The line with "expecting SSH2_MSG_KEX_ECDH_REPLY" is also suspicious but I don't know how to solve it. Finally, I also tried to manually start sshd on port 2222 and this is the output /etc/ssh/sshd_config: No such file or directory I don't know if shepherd has a different way of launching the daemon. I expect that a sshd_config must exist somewhere... I would really like to give a look at it > Kind regards > Felix Lechner > > [1] https://guix.gnu.org/en/manual/devel/en/html_node/Using-the-Configuration-System.html Thank you, regards