Giter VIP home page Giter VIP logo

Comments (5)

amalshaji avatar amalshaji commented on June 3, 2024

We are already doing auth using the secret key

portr/tunnel/internal/server/ssh/sshd.go

Lines 126 to 128 in 1afaa67

PasswordHandler: func(ctx ssh.Context, password string) bool {
_, err := s.GetReservedConnectionFromSshContext(ctx)
return err == nil

from portr.

3h04m1 avatar 3h04m1 commented on June 3, 2024

We are already doing auth using the secret key

portr/tunnel/internal/server/ssh/sshd.go

Lines 126 to 128 in 1afaa67

PasswordHandler: func(ctx ssh.Context, password string) bool {
_, err := s.GetReservedConnectionFromSshContext(ctx)
return err == nil

Maybe I misunderstood something, I am getting this error: ssh: handshake failed: ssh: unable to authenticate, attempted methods [none password], no supported methods remain

when setting up the server I completed all the required fields in .env file:

PORTR_SERVER_URL=example.com
PORTR_SSH_URL=example.com:2222

here is no field for the ssh password or some public key, my ssh auth is based on password and I thought that maybe there is an issue with authentication

from portr.

amalshaji avatar amalshaji commented on June 3, 2024

Are you running the server locally? Can you provide more information about your setup? And the steps you ran that lead to this error?

from portr.

3h04m1 avatar 3h04m1 commented on June 3, 2024

Are you running the server locally? Can you provide more information about your setup? And the steps you ran that lead to this error?

Docker Compose file:

services:
  admin:
    image: amalshaji/portr-admin:0.0.10-beta
    env_file: .env
    restart: unless-stopped
    ports:
      - "6300:8000"

    healthcheck:
      test: ["CMD", "curl", "-f", "http://localhost:8000/api/v1/healthcheck"]
      interval: 10s
      timeout: 5s
      retries: 5

  tunnel:

    image: amalshaji/portr-tunnel:0.0.10-beta
    command: ["start"]
    ports:
      - "6301:8001"
    env_file: .env
    restart: unless-stopped
    depends_on:
      admin:
        condition: service_healthy

.env file:

PORTR_ADMIN_GITHUB_CLIENT_ID=******
PORTR_ADMIN_GITHUB_CLIENT_SECRET=******

PORTR_DOMAIN=portr.******
PORTR_DB_URL=postgres://portr:******@******:5432/portr

PORTR_SERVER_URL=******
PORTR_SSH_URL=******:2222

PORTR_ADMIN_ENCRYPTION_KEY=******

I am using a manged postgress, and for proxy nginx

sshd_config

# This is the sshd server system-wide configuration file.  See
# sshd_config(5) for more information.

# This sshd was compiled with PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games

# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented.  Uncommented options override the
# default value.

Include /etc/ssh/sshd_config.d/*.conf

Port 22
Port 2222
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::

#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_ecdsa_key
#HostKey /etc/ssh/ssh_host_ed25519_key

# Ciphers and keying
#RekeyLimit default none

# Logging
#SyslogFacility AUTH
#LogLevel INFO

# Authentication:

#LoginGraceTime 2m
#PermitRootLogin prohibit-password
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10

#PubkeyAuthentication yes

# Expect .ssh/authorized_keys2 to be disregarded by default in future.
#AuthorizedKeysFile     .ssh/authorized_keys .ssh/authorized_keys2

#AuthorizedPrincipalsFile none

#AuthorizedKeysCommand none
#AuthorizedKeysCommandUser nobody

# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes

# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no

# Change to yes to enable challenge-response passwords (beware issues with
# some PAM modules and threads)
KbdInteractiveAuthentication no

# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no

# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes
#GSSAPIStrictAcceptorCheck yes
#GSSAPIKeyExchange no

# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the KbdInteractiveAuthentication and
# PasswordAuthentication.  Depending on your PAM configuration,
# PAM authentication via KbdInteractiveAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and KbdInteractiveAuthentication to 'no'.
UsePAM yes

#AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PermitTTY yes
PrintMotd no
#PrintLastLog yes
#TCPKeepAlive yes
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS no
#PidFile /run/sshd.pid
#MaxStartups 10:30:100
#PermitTunnel no
#ChrootDirectory none
#VersionAddendum none

# no default banner path
#Banner none

# Allow client to pass locale environment variables
AcceptEnv LANG LC_*

# override default of no subsystems
Subsystem       sftp    /usr/lib/openssh/sftp-server

# Example of overriding settings on a per-user basis
#Match User anoncvs
#       X11Forwarding no
#       AllowTcpForwarding no
#       PermitTTY no
#       ForceCommand cvs server

from portr.

amalshaji avatar amalshaji commented on June 3, 2024

portr comes with its ssh server, running on port 2222 by default. I don't think you have to configure sshd.

from portr.

Related Issues (9)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.