Ssh Access denied only local Login possible

i Hope anyone can help:-)

I have nextcloudpi installed on my raspberry. Also letsencrypt and enabled ssh Access over ncp config. I run the latest version of Nextcloudpi 18.0.4.2

Hello @Ency !!

Can you try ssh -vvv pi@your-ip and return the result ?

Thank you

Yes here is the output:
PS C:\WINDOWS\system32> ssh -vvv pi@192.168.0.11
OpenSSH_for_Windows_7.7p1, LibreSSL 2.6.5
debug3: Failed to open file:C:/Users/cen1wa3/.ssh/config error:2
debug3: Failed to open file:C:/ProgramData/ssh/ssh_config error:2
debug2: resolve_canonicalize: hostname 192.168.0.11 is address
debug2: ssh_connect_direct: needpriv 0
debug1: Connecting to 192.168.0.11 [192.168.0.11] port 22.
debug1: Connection established.
debug1: identity file C:\Users\cen1wa3/.ssh/id_rsa type 0
debug3: Failed to open file:C:/Users/cen1wa3/.ssh/id_rsa-cert error:2
debug3: Failed to open file:C:/Users/cen1wa3/.ssh/id_rsa-cert.pub error:2
debug1: key_load_public: No such file or directory
debug1: identity file C:\Users\cen1wa3/.ssh/id_rsa-cert type -1
debug3: Failed to open file:C:/Users/cen1wa3/.ssh/id_dsa error:2
debug3: Failed to open file:C:/Users/cen1wa3/.ssh/id_dsa.pub error:2
debug1: key_load_public: No such file or directory
debug1: identity file C:\Users\cen1wa3/.ssh/id_dsa type -1
debug3: Failed to open file:C:/Users/cen1wa3/.ssh/id_dsa-cert error:2
debug3: Failed to open file:C:/Users/cen1wa3/.ssh/id_dsa-cert.pub error:2
debug1: key_load_public: No such file or directory
debug1: identity file C:\Users\cen1wa3/.ssh/id_dsa-cert type -1
debug3: Failed to open file:C:/Users/cen1wa3/.ssh/id_ecdsa error:2
debug3: Failed to open file:C:/Users/cen1wa3/.ssh/id_ecdsa.pub error:2
debug1: key_load_public: No such file or directory
debug1: identity file C:\Users\cen1wa3/.ssh/id_ecdsa type -1
debug3: Failed to open file:C:/Users/cen1wa3/.ssh/id_ecdsa-cert error:2
debug3: Failed to open file:C:/Users/cen1wa3/.ssh/id_ecdsa-cert.pub error:2
debug1: key_load_public: No such file or directory
debug1: identity file C:\Users\cen1wa3/.ssh/id_ecdsa-cert type -1
debug3: Failed to open file:C:/Users/cen1wa3/.ssh/id_ed25519 error:2
debug3: Failed to open file:C:/Users/cen1wa3/.ssh/id_ed25519.pub error:2
debug1: key_load_public: No such file or directory
debug1: identity file C:\Users\cen1wa3/.ssh/id_ed25519 type -1
debug3: Failed to open file:C:/Users/cen1wa3/.ssh/id_ed25519-cert error:2
debug3: Failed to open file:C:/Users/cen1wa3/.ssh/id_ed25519-cert.pub error:2
debug1: key_load_public: No such file or directory
debug1: identity file C:\Users\cen1wa3/.ssh/id_ed25519-cert type -1
debug3: Failed to open file:C:/Users/cen1wa3/.ssh/id_xmss error:2
debug3: Failed to open file:C:/Users/cen1wa3/.ssh/id_xmss.pub error:2
debug1: key_load_public: No such file or directory
debug1: identity file C:\Users\cen1wa3/.ssh/id_xmss type -1
debug3: Failed to open file:C:/Users/cen1wa3/.ssh/id_xmss-cert error:2
debug3: Failed to open file:C:/Users/cen1wa3/.ssh/id_xmss-cert.pub error:2
debug1: key_load_public: No such file or directory
debug1: identity file C:\Users\cen1wa3/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_for_Windows_7.7
debug1: Remote protocol version 2.0, remote software version OpenSSH_8.0
debug1: match: OpenSSH_8.0 pat OpenSSH* compat 0x04000000
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to 192.168.0.11:22 as ‘pi’
debug3: hostkeys_foreach: reading file “C:\Users\cen1wa3/.ssh/known_hosts”
debug3: Failed to open file:C:/Users/cen1wa3/.ssh/known_hosts2 error:2
debug3: Failed to open file:C:/ProgramData/ssh/ssh_known_hosts error:2
debug3: Failed to open file:C:/ProgramData/ssh/ssh_known_hosts2 error:2
debug3: send packet: type 20
debug1: SSH2_MSG_KEXINIT sent
debug3: receive packet: type 20
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c
debug2: host key algorithms: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none
debug2: compression stoc: none
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1
debug2: host key algorithms: rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib@openssh.com
debug2: compression stoc: none,zlib@openssh.com
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: compression: none
debug3: send packet: type 30
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug3: receive packet: type 31
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:Ucea4ZcjzBXiRTumMs5JgxoQBaxm+9NGQyFLTqqkg+U
debug3: hostkeys_foreach: reading file “C:\Users\cen1wa3/.ssh/known_hosts”
debug3: Failed to open file:C:/Users/cen1wa3/.ssh/known_hosts2 error:2
debug3: Failed to open file:C:/ProgramData/ssh/ssh_known_hosts error:2
debug3: Failed to open file:C:/ProgramData/ssh/ssh_known_hosts2 error:2
debug3: failed to open file:C:/dev/tty error:3
debug1: read_passphrase: can’t open /dev/tty: No such file or directory
The authenticity of host ‘192.168.0.11 (192.168.0.11)’ can’t be established.
ECDSA key fingerprint is SHA256:Ucea4ZcjzBXiRTumMs5JgxoQBaxm+9NGQyFLTqqkg+U.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added ‘192.168.0.11’ (ECDSA) to the list of known hosts.
debug3: send packet: type 21
debug2: set_newkeys: mode 1
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: receive packet: type 21
debug1: SSH2_MSG_NEWKEYS received
debug2: set_newkeys: mode 0
debug1: rekey after 134217728 blocks
debug3: unable to connect to pipe \\.\pipe\openssh-ssh-agent, error: 2
debug1: pubkey_prepare: ssh_get_authentication_socket: No such file or directory
debug2: key: C:\Users\cen1wa3/.ssh/id_rsa (0000023C368910A0)
debug2: key: C:\Users\cen1wa3/.ssh/id_dsa (0000000000000000)
debug2: key: C:\Users\cen1wa3/.ssh/id_ecdsa (0000000000000000)
debug2: key: C:\Users\cen1wa3/.ssh/id_ed25519 (0000000000000000)
debug2: key: C:\Users\cen1wa3/.ssh/id_xmss (0000000000000000)
debug3: send packet: type 5
debug3: receive packet: type 7
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521>
debug3: receive packet: type 6
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug3: send packet: type 50
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug3: start over, passed a different list publickey,password,keyboard-interactive
debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering public key: RSA SHA256:LyssUOVLhyDePX0EN9TAWaz6XWrSAoQMma76t0UIoqY C:\Users\cen1wa3/.ssh/id_rsa
debug3: send_pubkey_test
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Trying private key: C:\Users\cen1wa3/.ssh/id_dsa
debug3: no such identity: C:\Users\cen1wa3/.ssh/id_dsa: No such file or directory
debug1: Trying private key: C:\Users\cen1wa3/.ssh/id_ecdsa
debug3: no such identity: C:\Users\cen1wa3/.ssh/id_ecdsa: No such file or directory
debug1: Trying private key: C:\Users\cen1wa3/.ssh/id_ed25519
debug3: no such identity: C:\Users\cen1wa3/.ssh/id_ed25519: No such file or directory
debug1: Trying private key: C:\Users\cen1wa3/.ssh/id_xmss
debug3: no such identity: C:\Users\cen1wa3/.ssh/id_xmss: No such file or directory
debug2: we did not send a packet, disable method
debug3: authmethod_lookup keyboard-interactive
debug3: remaining preferred: password
debug3: authmethod_is_enabled keyboard-interactive
debug1: Next authentication method: keyboard-interactive
debug2: userauth_kbdint
debug3: send packet: type 50
debug2: we sent a keyboard-interactive packet, wait for reply
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug3: userauth_kbdint: disable: no info_req_seen
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred:
debug3: authmethod_is_enabled password
debug1: Next authentication method: password
debug3: failed to open file:C:/dev/tty error:3
debug1: read_passphrase: can’t open /dev/tty: No such file or directory
pi@192.168.0.11’s password:
debug3: send packet: type 50
debug2: we sent a password packet, wait for reply
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,password,keyboard-interactive
Permission denied, please try again.
debug3: failed to open file:C:/dev/tty error:3
debug1: read_passphrase: can’t open /dev/tty: No such file or directory
pi@192.168.0.11’s password:

Also the webui and the app on my mobile phone do not have access to nextloudpi

Thank you,

Maybe the keys are missing. Try it on your Raspberry Pi please.
ssh-keygen -A

And connect with ssh -vvv pi@192.168.0.11

still not able to connect:-(

pi@192.168.0.11’s password:
debug3: send packet: type 50
debug2: we sent a password packet, wait for reply
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,password,keyboard-interactive
Permission denied, please try again.
debug3: failed to open file:C:/dev/tty error:3
debug1: read_passphrase: can’t open /dev/tty: No such file or directory

And the sshd service work on your raspberry pi (sudo systemctl status sshd)?
The interface is enable ?
To check it : sudo raspi-config > Interfacing Options > ssh > enable

Yes i habe just checked iz.
No ssh Access
No WebUI Access
No App access

Only local login possible

Can you try sudo dpkg-reconfigure openssh-server please ?

just tried it:

pi@192168.0.11: dpkg-reconfigure openssh-server
Creating SSH2 RSA key; this may take some time …
2048 SHA256:X6SRuRM9Cr4NA5mPkOpl31oK05bydgSr4caqusB4obA root@192.168.0.11 (RSA)
Creating SSH2 ECDSA key; this may take some time …
256 SHA256:JWgiaI2tSN+z0JEmFaaQjFcarLdf9EWwSqLGysH3128 root@192.168.0.11 (ECDSA)
Creating SSH2 ED25519 key; this may take some time …
256 SHA256:hpifL6npGUERufabh34EyrfzGmLQXPTqinECUM9PnKk root@192.168.0.11 (ED25519)
rescue-ssh.target is a disabled or a static unit, not starting it.

Hmm, that’s strange…

Can I have your log ?
journactl --since « -1 day » | grep ssh

Cannot copy the log Here Claude i do not have really Access to my system.

Is there a way to reconfigure/repair My nextcloudpi System???

Ok, and Can you do this sudo apt purge openssh-server; apt install openssh-server please

I think the configuration von the ssh-server is not correct. Look /etc/ssh/sshd_config . Perhaps there is an entry
127.0.0.1:22
Please post somethink about “listen”.

Post interesting parts from
netstat -tulpen

Can you local access from pi to the pi:

ssh pi@localhost
ssh pi@192.168.0.11

Test both and post results. (yes/no).

thx a lot it was really a failure in the sshd_config. After recovering this file now i am able to ssh to my system.

BUT i have still problems with my WebUI and cannot connect my nextcloud from the browser. “Site not found”. And when i do in ncp-config the letencrypt again i get the following issue:
Running letsencrypt
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for mynextcloud.ddns.net
Using the webroot path /var/www/nextcloud for all unmatched domains.
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. mynextcloud.ddns.net (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://mynextcloud.ddns.net/.well-known/acme-challenge/cwyeLHJl9z7WjD45nIBw33HTe8YM6EuMj0pKFvao-Uo: Connection refused
IMPORTANT NOTES:

  • The following errors were reported by the server:

    Domain: mynextcloud.ddns.net
    Type: connection
    Detail: Fetching
    http://mynextcloud.ddns.net/.well-known/acme-challenge/cwyeLHJl9z7WjD45nIBw33HTe8YM6EuMj0pKFvao-Uo:
    Connection refused

    To fix these errors, please make sure that your domain name was
    entered correctly and the DNS A/AAAA record(s) for that domain
    contain(s) the right IP address. Additionally, please check that
    your computer has a publicly routable IP address and that no
    firewalls are preventing the server from communicating with the
    client. If you’re using the webroot plugin, you should also verify
    that you are serving files from the webroot path you provided.
    Done. Press any key…

Do you forward also port 80 and not only port 443 ?

how can i check or to configure it properly through ncp-config??

I you use a private network behind a nat-router (perhaps dsl) you must configure your router to forward port 443 and 80 to your Pi.

Yes you are Right just saw that my nextcloudpi got a News internal IP, so i have Updated it and can Access ssh and also the web panel from my nextcloud.

After Setting the password for my ncp admin account i habe tried to login via webpanel and app But it is not accepting the previously updated pwd.

So i will reboot again. And idea why its Not accepting the password?? Its an easy one without special Charakters

When doing nc-admin i set the ncp User with my password. Then i do nc-passwd and Type again the same password.

In my webpanel my net Passwort for ncp is not accepted and also When i Click reset password i do not receive and reset-email

just tried this and it works :slight_smile:

sudo -u www-data php /var/www/nextcloud/occ user:resetpassword ncp