nextcloud / nextcloudpi

📦 Build code for NextcloudPi: Raspberry Pi, Odroid, Rock64, curl installer...
https://nextcloudpi.com
2.55k stars 297 forks source link

Polishing setting up SSH #1776

Open rvanlaar opened 1 year ago

rvanlaar commented 1 year ago

After setting up SSH with the webinterface of nextcloud pi I was unable to log in via ssh. There were multiple hurdles that pointed me in the wrong direction. With the gained knowledge I walked through the steps again. I hope some of these hurdles can be fixed.

I tested this with a Raspberry Pi 3B+ and the NextCloud_RaspberryPi_v1.52.0 image. I dd-ed the image to an sd-card and followed the activation steps. Answering no to the questions. Enabled ssh and connected via ssh to the raspberry pi. The following message was shown:

$ ssh ncpadmin@nextcloudpi.local
Please note that SSH may not work until a valid user has been set up.

See http://rptl.io/newuser for details.
Received disconnect from 192.168.88.232 port 22:2: Too many authentication failures
Disconnected from 192.168.88.232 port 22

The https://rptl.io/newuser link led me believe I had to first set it up via physical access.

After connecting a monitor I saw a screen which looks almost identical to this image: https://www.raspberrypi.com/app/uploads/2022/03/newuser-1.png but with the question: "Which user would you like to rename?".

My ideal solution is: when setting up an ssh account, disable of the 'which user user would you like to rename` process. This also removes the newuser warning when connecting via ssh.

The option to add an ssh-key when creating the ssh user would also have solved the issue for me.

For others that are having this problem. I was able to login by forcing ssh to prefer passwords: ssh -o PubkeyAuthentication=no -o PreferredAuthentications=password ncpadmin@nextcloudpi.local

Regards,

Roland

theCalcaholic commented 1 year ago

Sounds like the underlying issue that prevented you from logging in is, that you had too many ssh keys lying around on your machine. SSH will attempt to login with them one by one until one works or it hits the maximum of retries.

However, I agree, that it would be good to remove the login message (and potentially the rename script, I'll have to look into how it works exactly).