SSH timeout when adding physical system

Submitted by nabab on Wed, 09/21/2016 - 14:10 Pro Licensee

I have Cloudmin Pro installed on Ubuntu 16.04 and when I try adding an existing physical system, filling the SSH credentials, with sudo checked, and user is not root, I always get the same error: "SSH connection failed: Timeout connecting (SSH failed to complete in 30 seconds)."

However I found an active connection coming from the Cloudmin server's IP, running the following process:

sudo sh -c grep ^root= /etc/webmin/miniserv.conf ; grep ^port= /etc/webmin/miniserv.conf ; grep ^ssl= /etc/webmin/miniserv.c

But in the end the system has not been added...

It looks like a bug. Can you help ?

Status: 
Closed (fixed)

Comments

Submitted by JamieCameron on Wed, 09/21/2016 - 20:26

If you SSH from the Cloudmin master to this remote system, how long does it take to login?

The cause may be that the remote machine is very slow to login to - ie. because it's doing a reverse DNS lookup on each connection.

Submitted by nabab on Thu, 09/22/2016 - 04:10 Pro Licensee

I can log in by SSH from that same machine in max 5 seconds. Reverse DNS record is present. I'd like to add that we tried with 2 different Cloudmin installations (Debian & Ubuntu), and on different existing physical systems, having the same error each time.

Submitted by nabab on Thu, 09/22/2016 - 06:22 Pro Licensee

So we just allowed direct root access to SSH and now it works. The problem is that we can't have a root access for SSH on production server, but using another user with sudo doesn't work...

Submitted by andreychek on Thu, 09/22/2016 - 09:25

Hmm, what does that user's sudo entry in the /etc/sudoers file look like?

I understand not wanting to leave root access enabled. Temporarily (ie, until this is all sorted out), you could always setup root with SSH key-only access.

To do that, generate SSH keys that allow you to remotely log in as root from your Cloudmin server, and then edit /etc/ssh/sshd_.config on your guest, and set the option "PermitRootLogin" to "without-password".

Submitted by nabab on Thu, 09/22/2016 - 12:31 Pro Licensee

Sorry I don't understand the question, we just have the sudo group to which belongs my user, it's the default configuration:

Defaults env_reset Defaults mail_badpass Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin" root ALL=(ALL:ALL) ALL %admin ALL=(ALL) ALL %sudo ALL=(ALL:ALL) ALL

Submitted by nabab on Sat, 10/15/2016 - 12:57 Pro Licensee

Hi, I'd like to ping you on this issue as it is not possible add physical machine as a user other than root. I tried with many machines and installed cloudmin on different systems.

If I connect with my SSH user without ticking sudo, I have an error about permissions, and if I tick sudo I get a SSH timeout. Only if I allow SSH access to root, and leave the user as root it will work.

I'd be happy to send any needed information to solve this issue...

Thanks

Submitted by JamieCameron on Sat, 10/15/2016 - 18:13

Hmm, this should be supported - there is code in Cloudmin specifically to support the case when connecting to a remote system with a sudo user.

Any chance we could login to your master system to see what's going wrong here?

Submitted by nabab on Sun, 10/16/2016 - 08:59 Pro Licensee

Sure, can you pm me here? Or should I give you an email?

Submitted by JamieCameron on Sun, 10/16/2016 - 19:04

Ok, I think I've fixed the issue - there was a bug in Cloudmin that triggers only when using sudo when it prompts again for a password. I've patched it on your system though, and was able to add the remote host.

That said, I recommend against requiring sudo access for accounts used by Cloudmin. It makes the execution of remote commands tricky - for example, scp to a sudo-only account with root privileges is impossible. Better to login directly as root with an SSH key instead.

Submitted by nabab on Mon, 10/17/2016 - 01:09 Pro Licensee

Thank you so much!

Submitted by nabab on Mon, 03/20/2017 - 14:27 Pro Licensee

Status: Active ยป Closed (fixed)