Can't enable SSH access: "Running SSH server is not permitted"

[florian-obradovic]

Describe the problem

I tried to enable SSH Access for a few of my peers (Linux & macOS) but it doesn't work

To Reproduce

1. Enable SSH Access for a peer in dashboard
2. client.log on the peer shows: WARN client/internal/engine.go:554: running SSH server is not permitted
3. try to connect connect:

   Error: dial tcp 100.102.98.127:44338: i/o timeout
   Couldn't connect. Please check the connection status or if the ssh server is enabled on the other peer

Expected behavior

• Enable SSH access

Are you using NetBird Cloud? Self hosted!

NetBird version 0.29.3

NetBird status -dA output:

OS: linux/amd64 Daemon version: 0.29.3 CLI version: 0.29.3 Management: Connected to https://netbird.anon-ZsVFN.domain:33073 Signal: Connected to http://netbird.anon-ZsVFN.domain:10000 Relays: [stun:netbird.anon-ZsVFN.domain:3478] is Available [turn:netbird.anon-ZsVFN.domain:3478?transport=udp] is Available Nameservers: FQDN: anon-poKed.domain NetBird IP: 100.102.98.127/16 Interface type: Kernel Quantum resistance: false Routes: - Peers count: 5/11 Connected

Screenshots

[mlsmaycon]

Hi @florian-obradovic, you need to run this on the client:

netbird down
netbird up --allow-server-ssh

We will update our docs since this information is missing.

[sirvar]

@mlsmaycon has this been updated in the docker image as well?

[mlsmaycon]

allow-server-ssh

Yes its been @sirvar. For docker you need the following environment variable:

NB_ALLOW_SERVER_SSH=true

[florian-obradovic]

Thanks for heads up @mlsmaycon

We should add a note to the documentation, that you also need an ACL which allows tcp port 44338 access. 2024-09-25T23:20:12+02:00 INFO client/ssh/server.go:248: starting SSH server on addr: 100.102.98.127:44338