I provide password in envoy script but it prompts to enter password manually

[sergeynilov]

Hello! With laravel 5.8 envoy command I deploy on remote server and I set password in command line, like:

envoy run Hostels2Deploy --lardeployer_password=111 --app_version=0.105a

and envoy file:

@setup
    $server_login_user= 'lardeployer';
    $lardeployer_password = isset($lardeployer_password) ? $lardeployer_password : "Not Defined";
@endsetup

@servers(['dev' => $server_login_user.':'.$lardeployer_password.'@NNN.NN.NNN.N'])

@task('clean_old_releases')
    echo "Step # 81";
    echo 'The password is: {{ $lardeployer_password }}';
    echo 'The $server_login_user is: {{ $server_login_user }}';
    echo "Step # 00 app_version ::{{ $app_version }}";

    cd {{ $release_number_dir }}
    # php artisan envoy:delete-old-versions  Hostels2Deployed
@endtask

@macro('Hostels2Deploy',['on'=>'dev'])
    clean_old_releases
@endmacro

With credentials in @servers block I expected I will not have to enter password manually, but in command line I see prompt to enter password. I output $server_login_user and $lardeployer_password vars and they have valid values.

Which is valid path ?

[LorenzoSapora]

Not to provide any insight into a fix for this, but you shouldn't keep your passwords in the script.

On your local machine:

ssh-copy-id USER@HOST

It should ask you to login with a password, but after that, you should create an entry in your ssh config file (nano ~/.ssh/config):

Host laravelserver
HostName 1.2.3.4
Port 80
User deploy

Then within your envoy script, you'll just need to call this:

@setup
    # Removed, as not needed
@endsetup

@servers(['dev' => ['laravelserver'] )

@task('clean_old_releases')
    echo "Step # 81";
# Removed because password should never be stored in plaintext    
#    echo 'The password is: {{ $lardeployer_password }}';
#    echo 'The $server_login_user is: {{ $server_login_user }}';
    echo "Step # 00 app_version ::{{ $app_version }}";

    cd {{ $release_number_dir }}
    # php artisan envoy:delete-old-versions  Hostels2Deployed
@endtask

@macro('Hostels2Deploy',['on'=>'dev'])
    clean_old_releases
@endmacro

If you receive an error when trying to copy the ssh key to the server, it's possible you've not created one. Fix it by using this command

ssh-keygen

Any questions, or issues, let me know.

[sergeynilov]

Hello, Thank you for your feedback! I followed your steps : 1) I aready have ssh files generated on my local Kubuntu 19 and with command ssh root@NNN.NN.NN.NNN I successfully enter to my remote server

2) I my local /home/serge/.ssh/config I added item

Host laravelserver
    HostName NNN.NN.NN.NNN
    Port 80
    User lardeployer

3) and modified my Envoy.blade.php @servers(['dev' => 'laravelserver']) 4) but running envoy command I got error :

[laravelserver]: ssh_exchange_identification: Connection closed by remote host
[✗] This task did not complete successfully on one of your servers.

5) on remote server

cd /home/lardeployer/.ssh
root@nsn-do-lamp:/home/lardeployer/.ssh# ls -la
total 28
drwx------ 2 lardeployer lardeployer 4096 Apr 19 04:46 .
drwxr-xr-x 7 lardeployer lardeployer 4096 Apr 29 07:52 ..
-rw-r--r-- 1 root        root         400 Mar 16  2019 authorized_keys
-rwx------ 1 lardeployer lardeployer  182 Mar 10  2019 config
-rw------- 1 lardeployer lardeployer 1680 Mar 10  2019 id_rsa
-rw-r--r-- 1 lardeployer lardeployer  394 Mar  9  2019 id_rsa.pub
-rwxrwxrwx 1 lardeployer lardeployer 1768 Mar 10  2019 known_hosts

sudo nano config

```has content:

Host bitbucket.org IdentityFile ~/.ssh/id_rsa Hostname bitbucket.org User git

Host github.com IdentityFile ~/.ssh/id_rsa Hostname github.com User git

Which options do I lack ?

[LorenzoSapora]

It's possibly the servers directive itself. Try this:

@servers(['dev' => ['laravelserver']])

The main difference being the server name wrapped in an array. I had some parsing issues with attempting to run this locally, so all my servers are double wrapped.

Example

@servers(['local' => ['127.0.0.1'], 'larastage' => ['larastage'], 'laraprod' => ['laraprod']])

[sergeynilov]

I modified my envoy file as : @servers( [ 'dev' => [ "laravelserver" ] ] ) but the same error :

$ envoy run Hostels2Deploy  --lardeployer_password=mypass1112233 --app_version=0.103
[laravelserver]: ssh_exchange_identification: Connection closed by remote host
[✗] This task did not complete successfully on one of your servers.

?

[LorenzoSapora]

FYI, you'll not need to use --lardeployer_password=mypass1112233 anymore. Plus, using that will store your password in ~/.bash_history in plaintext.

Try grep sshd /etc/hosts.allow on your remote server, you might be blocking key based logins.

[LorenzoSapora]

Have you attempted to login with keys? i.e. ssh laravelserver on your local machine?

[sergeynilov]

grep sshd /etc/hosts.allow on remote server with OS rebooting did not help.

On my local laptop :

$  ssh laravelserver 
ssh_exchange_identification: Connection closed by remote host

[LorenzoSapora]

Ah, then it's nothing to do with the script itself, but the server accepting ssh keys.

Check out this https://unix.stackexchange.com/questions/128894/ssh-exchange-identification-connection-closed-by-remote-host-not-using-hosts-d

or if that doesn't help http://edoceo.com/notabene/ssh-exchange-identification

[sergeynilov]

I tried to run on remote server (I suppose with my ip and 22 port):

root@nsn-do-lamp:~# ssh -vvv root@NNN.NN.NN.NNN.4 -p 22    
OpenSSH_7.6p1 Ubuntu-4ubuntu0.3, OpenSSL 1.0.2n  7 Dec 2017
debug1: Reading configuration data /root/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug2: resolving "NNN.NN.NN.NNN.4" port 22
debug2: ssh_connect_direct: needpriv 0
debug1: Connecting to NNN.NN.NN.NNN.4 [NNN.NN.NN.NNN.4] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /root/.ssh/id_rsa type 0
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_ed25519-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_7.6p1 Ubuntu-4ubuntu0.3
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.6p1 Ubuntu-4ubuntu0.3
debug1: match: OpenSSH_7.6p1 Ubuntu-4ubuntu0.3 pat OpenSSH* compat 0x04000000
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to NNN.NN.NN.NNN.4:22 as 'root'
debug3: hostkeys_foreach: reading file "/root/.ssh/known_hosts"
debug3: send packet: type 20
debug1: SSH2_MSG_KEXINIT sent
debug3: receive packet: type 20
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c
debug2: host key algorithms: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib@openssh.com,zlib
debug2: compression stoc: none,zlib@openssh.com,zlib
debug2: languages ctos: 
debug2: languages stoc: 
debug2: first_kex_follows 0 
debug2: reserved 0 
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1
debug2: host key algorithms: ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib@openssh.com
debug2: compression stoc: none,zlib@openssh.com
debug2: languages ctos: 
debug2: languages stoc: 
debug2: first_kex_follows 0 
debug2: reserved 0 
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug3: send packet: type 30
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug3: receive packet: type 31
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:Ec049DrZ66P6Ly5y/yiTGZcVssyQM60tBxE7ctIVe90
debug3: hostkeys_foreach: reading file "/root/.ssh/known_hosts"
The authenticity of host 'NNN.NN.NN.NNN.4 (NNN.NN.NN.NNN.4)' can't be established.
ECDSA key fingerprint is SHA256:Ec049DrZ66P6Ly5y/yiTGZcVssyQM60tBxE7ctIVe90.
Are you sure you want to continue connecting (yes/no)? 
Warning: Permanently added 'NNN.NN.NN.NNN.4' (ECDSA) to the list of known hosts. 
debug3: send packet: type 21 
debug2: set_newkeys: mode 1 
debug1: rekey after 134217728 blocks 
debug1: SSH2_MSG_NEWKEYS sent 
debug1: expecting SSH2_MSG_NEWKEYS 
debug3: receive packet: type 21 
debug1: SSH2_MSG_NEWKEYS received 
debug2: set_newkeys: mode 0 
debug1: rekey after 134217728 blocks 
debug2: key: /root/.ssh/id_rsa (0x56450110cd80) 
debug2: key: /root/.ssh/id_dsa ((nil)) 
debug2: key: /root/.ssh/id_ecdsa ((nil)) 
debug2: key: /root/.ssh/id_ed25519 ((nil)) 
debug3: send packet: type 5 
ssh_dispatch_run_fatal: Connection to NNN.NN.NN.NNN.4 port 22: Broken pipe

and after that :

# $(which sshd) -Ddp 10222
debug1: sshd version OpenSSH_7.6, OpenSSL 1.0.2n  7 Dec 2017
debug1: private host key #0: ssh-rsa SHA256:pGYl1kzZ8284XdRBd8hMVaUEKRmf96GGrz5TFT/uhgM
debug1: private host key #1: ecdsa-sha2-nistp256 SHA256:Ec049DrZ66P6Ly5y/yiTGZcVssyQM60tBxE7ctIVe90
debug1: private host key #2: ssh-ed25519 SHA256:S4bM+QnNNeHjyD92bZ+ITlhc0mpHAayNzhfiT5m/NtA
debug1: rexec_argv[0]='/usr/sbin/sshd'
debug1: rexec_argv[1]='-Ddp'
debug1: rexec_argv[2]='10222'
debug1: Set /proc/self/oom_score_adj from 0 to -1000
debug1: Bind to port 10222 on 0.0.0.0.
Server listening on 0.0.0.0 port 10222.
debug1: Bind to port 10222 on ::.
Server listening on :: port 10222.

```Sorry, but I am not sure what does it mean...

and my firewall options at remote server :

root@nsn-do-lamp:~# sudo ufw status numbered Status: active

 To                         Action      From 
 --                         ------      ---- 

[ 1] Apache Full ALLOW IN Anywhere
[ 2] 443 ALLOW IN Anywhere
[ 3] 80 ALLOW IN Anywhere
[ 4] 22/tcp ALLOW IN Anywhere
[ 5] Apache Full (v6) ALLOW IN Anywhere (v6)
[ 6] 443 (v6) ALLOW IN Anywhere (v6)
[ 7] 80 (v6) ALLOW IN Anywhere (v6)
[ 8] 22/tcp (v6) ALLOW IN Anywhere (v6)

Can it be issue with it?

[LorenzoSapora]

A little concerned that you have a broken pipe at the end of that output ssh_dispatch_run_fatal: Connection to NNN.NN.NN.NNN.4 port 22: Broken pipe. Was that due to you?

Try this.

• SSH into server ssh root@n.n.n.4 (using your password)
• Run sudo lsof -n | grep ssh | grep DEL on the remote server
  • Did you receive any output? You should see something like this 2268 /usr/lib/x86_64-linux-gnu/libcrypto.so.1.0.3. If you receive any errors, post them here.
• Run sudo grep MaxStartups /etc/ssh/sshd_config and post your output here.

Are you running on a shared server? sometimes ssh limits are in place on shared servers.

Running up to the limit of my helpfulness without direct access to the server itself. This is a strange issue, as I've not once had an issue connecting to servers via ssh keys in 15+ years. Either there's a misconfiguration somewhere in your sshd_config, or you're using a shared server, or the sshd isn't running.

Anyway, hope this helps. Nothing worse than a problem that lasts multiple days :)

[sergeynilov]

My server is Ubuntu 18 under Digital Ocean

$ ssh root@NNN.NN.NNN.4
Welcome to Ubuntu 18.04.3 LTS (GNU/Linux 4.15.0-64-generic x86_64)

 * Documentation:  https://help.ubuntu.com
 * Management:     https://landscape.canonical.com
 * Support:        https://ubuntu.com/advantage

  System information as of Fri Sep 20 10:04:27 UTC 2019

  System load:  0.1                Users logged in:                0
  Usage of /:   71.1% of 24.06GB   IP address for eth0:            NNN.NN.NNN.4
  Memory usage: 44%                IP address for docker0:         172.17.0.1
  Swap usage:   9%                 IP address for br-fced6186127b: 172.19.0.1
  Processes:    109

  Get cloud support with Ubuntu Advantage Cloud Guest:
    http://www.ubuntu.com/business/services/cloud

 * Canonical Livepatch is available for installation.
   - Reduce system reboots and improve kernel security. Activate at:
     https://ubuntu.com/livepatch

38 packages can be updated.
0 updates are security updates.

Last login: Fri Sep 20 10:04:00 2019 from 213.109.234.130

sudo lsof -n | grep ssh | grep DEL
## very long output lines :
...
lsof: no pwd entry for UID 999
lsof: no pwd entry for UID 999
lsof: no pwd entry for UID 999
lsof: no pwd entry for UID 999
lsof: no pwd entry for UID 999
lsof: no pwd entry for UID 999
lsof: no pwd entry for UID 999
lsof: no pwd entry for UID 999
lsof: no pwd entry for UID 999
lsof: no pwd entry for UID 999
lsof: no pwd entry for UID 999
lsof: no pwd entry for UID 999

root@nsn-do-lamp:~# sudo grep MaxStartups /etc/ssh/sshd_config
#MaxStartups 10:30:100
root@nsn-do-lamp:~#  lsb_release -d; uname -r; uname -i
Description:    Ubuntu 18.04.3 LTS
4.15.0-64-generic
x86_64

[LorenzoSapora]

• Log into server in two tabs
• First tab, run tail -f /var/log/messages
• Second tab, run sudo /etc/init.d/ssh restart (I can't remember if it's a service or not, so if that fails, try sudo service ssh restart)
• Look at first tab, what's the output? anything stand out as a failure?
• Now attempt to log in using the ssh key (ssh laraveldeploy)
• Does the first tab (the tail) show anything about this log in?

[sergeynilov]

I got :

tail -f /var/log/messages
tail: cannot open '/var/log/messages' for reading: No such file or directory
tail: no files remaining

Have I to create subdir var/log/messages manually or install some package ?

[LorenzoSapora]

My mistake, Ubuntu no longer uses /var/log/messages, but /var/log/syslog, try with that instead

[LorenzoSapora]

If you'd prefer to keep that output private, my email is my name [at] gmail

[sergeynilov]

That is what I see at first tab :

# tail -f /var/log/syslog
Sep 20 13:47:09 nsn-do-lamp systemd[3171]: Listening on GnuPG cryptographic agent and passphrase cache.
Sep 20 13:47:09 nsn-do-lamp systemd[3171]: Listening on GnuPG network certificate management daemon.
Sep 20 13:47:09 nsn-do-lamp systemd[3171]: Reached target Sockets.
Sep 20 13:47:09 nsn-do-lamp systemd[3171]: Reached target Basic System.
Sep 20 13:47:09 nsn-do-lamp systemd[1]: Started User Manager for UID 0.
Sep 20 13:47:09 nsn-do-lamp systemd[3171]: Reached target Default.
Sep 20 13:47:09 nsn-do-lamp systemd[3171]: Startup finished in 60ms.
Sep 20 13:47:12 nsn-do-lamp systemd[1]: Started Session 256 of user root.                                                                                                                                                                    
Sep 20 13:47:18 nsn-do-lamp kernel: [92912.163629] [UFW BLOCK] IN=eth0 OUT= MAC=b2:8e:9d:07:f1:88:40:a6:77:4f:3f:f0:08:00 SRC=185.175.93.14 DST=138.68.107.4 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=33643 PROTO=TCP SPT=50416 DPT=6006 WINDOW=1024 RES=0x00 SYN URGP=0                                                                                                                                                                                                                      
Sep 20 13:47:53 nsn-do-lamp kernel: [92947.066404] [UFW BLOCK] IN=eth0 OUT= MAC=b2:8e:9d:07:f1:88:40:a6:77:34:67:f0:08:00 SRC=81.22.45.239 DST=138.68.107.4 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=57418 PROTO=TCP SPT=41795 DPT=61209 WINDOW=1024 RES=0x00 SYN URGP=0                                                                                                                                                                                                                      
Sep 20 13:49:57 nsn-do-lamp kernel: [93071.073320] [UFW BLOCK] IN=eth0 OUT= MAC=b2:8e:9d:07:f1:88:40:a6:77:34:67:f0:08:00 SRC=185.209.0.32 DST=138.68.107.4 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=59277 PROTO=TCP SPT=57883 DPT=4079 WINDOW=1024 RES=0x00 SYN URGP=0                                                                                                                                                                                                                       
Sep 20 13:50:07 nsn-do-lamp systemd[1]: Stopping OpenBSD Secure Shell server...                                                                                                                                                              
Sep 20 13:50:07 nsn-do-lamp systemd[1]: Stopped OpenBSD Secure Shell server.                                                                                                                                                                 
Sep 20 13:50:07 nsn-do-lamp systemd[1]: Starting OpenBSD Secure Shell server...                                                                                                                                                              
Sep 20 13:50:07 nsn-do-lamp systemd[1]: Started OpenBSD Secure Shell server.                                                                                                                                                                 
Sep 20 13:50:28 nsn-do-lamp kernel: [93101.922397] [UFW BLOCK] IN=eth0 OUT= MAC=b2:8e:9d:07:f1:88:40:a6:77:34:67:f0:08:00 SRC=80.82.65.74 DST=138.68.107.4 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=35002 PROTO=TCP SPT=44443 DPT=3098 WINDOW=1024 RES=0x00 SYN URGP=0                                                                                                                                                                                                                        
Sep 20 13:50:47 nsn-do-lamp kernel: [93121.074942] [UFW BLOCK] IN=eth0 OUT= MAC=b2:8e:9d:07:f1:88:40:a6:77:4f:3f:f0:08:00 SRC=74.215.200.125 DST=138.68.107.4 LEN=40 TOS=0x08 PREC=0x20 TTL=47 ID=17108 PROTO=TCP SPT=12738 DPT=23 WINDOW=63035 RES=0x00 SYN URGP=0                                                                                                                                                                                                                       
Sep 20 13:51:02 nsn-do-lamp kernel: [93136.255437] [UFW BLOCK] IN=eth0 OUT= MAC=b2:8e:9d:07:f1:88:40:a6:77:4f:3f:f0:08:00 SRC=1.161.28.217 DST=138.68.107.4 LEN=40 TOS=0x00 PREC=0x00 TTL=55 ID=50048 PROTO=TCP SPT=32444 DPT=23 WINDOW=22161 RES=0x00 SYN URGP=0                                                                                                                                                                                                                         
Sep 20 13:51:14 nsn-do-lamp kernel: [93148.061534] [UFW BLOCK] IN=eth0 OUT= MAC=b2:8e:9d:07:f1:88:40:a6:77:4f:3f:f0:08:00 SRC=80.82.65.74 DST=138.68.107.4 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=46321 PROTO=TCP SPT=44443 DPT=4241 WINDOW=1024 RES=0x00 SYN URGP=0                                                                                                                                                                                                                        
Sep 20 13:51:33 nsn-do-lamp kernel: [93167.149585] [UFW BLOCK] IN=eth0 OUT= MAC=b2:8e:9d:07:f1:88:40:a6:77:4f:3f:f0:08:00 SRC=58.232.65.104 DST=138.68.107.4 LEN=40 TOS=0x00 PREC=0x00 TTL=54 ID=18350 PROTO=TCP SPT=46700 DPT=37215 WINDOW=19084 RES=0x00 SYN URGP=0                                                                                                                                                                                                                     
Sep 20 13:51:49 nsn-do-lamp kernel: [93182.864304] [UFW BLOCK] IN=eth0 OUT= MAC=b2:8e:9d:07:f1:88:40:a6:77:34:67:f0:08:00 SRC=81.22.45.29 DST=138.68.107.4 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=16719 PROTO=TCP SPT=40380 DPT=6057 WINDOW=1024 RES=0x00 SYN URGP=0 
Sep 20 13:51:53 nsn-do-lamp kernel: [93187.437146] [UFW BLOCK] IN=eth0 OUT= MAC=b2:8e:9d:07:f1:88:40:a6:77:34:67:f0:08:00 SRC=121.132.88.242 DST=138.68.107.4 LEN=40 TOS=0x00 PREC=0x00 TTL=52 ID=44425 PROTO=TCP SPT=3512 DPT=8888 WINDOW=19066 RES=0x00 SYN URGP=0 
Sep 20 13:52:21 nsn-do-lamp kernel: [93215.396483] [UFW BLOCK] IN=eth0 OUT= MAC=b2:8e:9d:07:f1:88:40:a6:77:34:67:f0:08:00 SRC=80.82.65.74 DST=138.68.107.4 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=63812 PROTO=TCP SPT=44443 DPT=55142 WINDOW=1024 RES=0x00 SYN URGP=0 
Sep 20 13:52:29 nsn-do-lamp kernel: [93223.544237] [UFW BLOCK] IN=eth0 OUT= MAC=b2:8e:9d:07:f1:88:40:a6:77:4f:3f:f0:08:00 SRC=80.82.65.74 DST=138.68.107.4 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=20471 PROTO=TCP SPT=44443 DPT=47635 WINDOW=1024 RES=0x00 SYN URGP=0 
Sep 20 13:52:59 nsn-do-lamp kernel: [93253.250748] [UFW BLOCK] IN=eth0 OUT= MAC=b2:8e:9d:07:f1:88:40:a6:77:34:67:f0:08:00 SRC=182.113.187.247 DST=138.68.107.4 LEN=40 TOS=0x00 PREC=0x00 TTL=45 ID=36520 PROTO=TCP SPT=48889 DPT=23 WINDOW=16274 RES=0x00 SYN URGP=0 
Sep 20 13:53:18 nsn-do-lamp kernel: [93272.728089] [UFW BLOCK] IN=eth0 OUT= MAC=b2:8e:9d:07:f1:88:40:a6:77:34:67:f0:08:00 SRC=81.22.45.165 DST=138.68.107.4 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=17766 PROTO=TCP SPT=46887 DPT=5792 WINDOW=1024 RES=0x00 SYN URGP=0 

and nothing was changed at the first tab when at my local server I run :

$ ssh laravelserver
ssh_exchange_identification: Connection closed by remote host

[LorenzoSapora]

Ok, final request: cat /etc/ssh/sshd_config show the output (or email it)

If I can't spot anything wrong in that file, then I'm completely out of ideas.

[sergeynilov]

Thank you for your help!

root@nsn-do-lamp:~# cat /etc/ssh/sshd_config
#       $OpenBSD: sshd_config,v 1.101 2017/03/14 07:19:07 djm Exp $

# This is the sshd server system-wide configuration file.  See
# sshd_config(5) for more information.

# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin

# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented.  Uncommented options override the
# default value.

#Port 22                                                                                                                                                                                                                                     
#AddressFamily any                                                                                                                                                                                                                           
#ListenAddress 0.0.0.0                                                                                                                                                                                                                       
#ListenAddress ::                                                                                                                                                                                                                            

#HostKey /etc/ssh/ssh_host_rsa_key                                                                                                                                                                                                           
#HostKey /etc/ssh/ssh_host_ecdsa_key                                                                                                                                                                                                         
#HostKey /etc/ssh/ssh_host_ed25519_key                                                                                                                                                                                                       

# Ciphers and keying                                                                                                                                                                                                                         
#RekeyLimit default none                                                                                                                                                                                                                     

# Logging                                                                                                                                                                                                                                    
#SyslogFacility AUTH                                                                                                                                                                                                                         
#LogLevel INFO                                                                                                                                                                                                                               

# Authentication:

#LoginGraceTime 2m
PermitRootLogin yes
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10

#PubkeyAuthentication yes

# Expect .ssh/authorized_keys2 to be disregarded by default in future.
#AuthorizedKeysFile     .ssh/authorized_keys .ssh/authorized_keys2

#AuthorizedPrincipalsFile none

#AuthorizedKeysCommand none
#AuthorizedKeysCommandUser nobody

# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes

# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication yes
#PermitEmptyPasswords no

# Change to yes to enable challenge-response passwords (beware issues with
# some PAM modules and threads)
ChallengeResponseAuthentication no

# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no

# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes
#GSSAPIStrictAcceptorCheck yes
#GSSAPIKeyExchange no

# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication.  Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin yes
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
UsePAM yes

#AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PermitTTY yes
PrintMotd no
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS no
#PidFile /var/run/sshd.pid
#MaxStartups 10:30:100
#PermitTunnel no
#ChrootDirectory none
#VersionAddendum none

# no default banner path
#Banner none

# Allow client to pass locale environment variables
AcceptEnv LANG LC_*

# override default of no subsystems
Subsystem sftp  /usr/lib/openssh/sftp-server

# Example of overriding settings on a per-user basis
#Match User anoncvs
#       X11Forwarding no
#       AllowTcpForwarding no
#       PermitTTY no
#       ForceCommand cvs server

[LorenzoSapora]

So I cross referenced your config with my own, and the only differences we had were being able to login as root. I have that disabled. That, however, wouldn't make any difference, because you're trying to use the deploy user. I'm stumped. Sorry, without actually seeing the server myself, I've reached the limit of my usefulness. Hopefully someone else will know a solution.

[sergeynilov]

Thank you for your help! Please do not delete this branch, maybe I will show it to somebody else...