search

netbirdio / netbird

Connect your devices into a secure WireGuard®-based overlay network with SSO, MFA and granular access controls.
https://netbird.io
BSD 3-Clause "New" or "Revised" License
11.02k stars 505 forks source link

NetBird SSH Server Access Requiring Machine Reboot #2816

Open AV3T opened 2 days ago

AV3T commented 2 days ago

Hi, I have recently encountered issues with the NetBird's built-in SSH server.

Previously I could do:

  1. netbird up --allow-server-ssh -k <key>.
  2. Once the peer shows up in dashboard, then enable the SSH access on it.
  3. Last step would be sudo netbird ssh <target> which would grant SSH access to the peer as the root user.

However, at the moment, for the SSH server to work, the peer requires a reboot, or issuing netbird down followed by netbird up --allow-server-ssh, while the SSH Access is enabled within NetBird's dashboard.

Same issue regarding disabling of the SSH access. The peer needs to be rebooted for the dashboard SSH access change to take place.

I tried disabling the SSH server access while the peer is powered off, and then enabling it once the peer is powered on via the NetBird's dashboard, however, I have faced issues connecting to it. It almost seems like the netbird service on the peer now requires a restart for the dashboard SSH access changes to take place, which was not the case before.

This defeats the purpose of the SSH server as if deployed remotely, the peer can't be accessed, and the peer requires remote access to fix the issue.

Please let me know if I can provide any additional details. Thank you,

mgarces commented 2 days ago

hey @AV3T thank you for this report. Can you please tell us:

I would try to replicate on our side before asking for anything else. Thanks for the info!

AV3T commented 2 days ago

Hello @mgarces , you are most welcome.

The client version in this case is 0.30.3.

I was previously able to use the built-in SSH feature on version 0.30.1 of the client without issues, but that is no longer the case. I experience the same issue on the 0.30.1 client version now as well.

The host OS version is Ubuntu 24.04.1 LTS, kernel is 6.8.0-47-generic.

The peer OS is Ubuntu 24.04 LTS, kernel is 6.8.0-41-generic.

Edit: The NetBird in use if the official version, and not the self-hosted one - if that helps as well. Thank you

AV3T commented 2 days ago

Additional update:

I was able to SSH to the peer with built-in server after changing the group to which the peer belongs to. 44338/TCP is whitelisted/allowed within both groups. I wonder if the group change caused the netbird service to communicate to the dashboard and fetch the SSH access information at that point. Weird, but hope additional information helps.