[PVE-User] ssh tunnel reverse

[Alexandre Kouznetsov]

El 21/11/12 12:33, Luis Díaz escribió:
> we have a proxy, but the proxy never bothered.
> only when we need to connect to the outside.
Try disabling it in your browser completely, and/or use another browser. 
Or another computer. The HTTPS channel to Proxmox GUI is clearly broken 
somehow.

> chequie the fail2ban and apparently was not blocking anything ..
I have googled around (you should try that), it seems like I was wrong.
It's probably not fail2ban's fault.

My guess is that you have disabled password authentication for userxyz, 
and something is wrong with your keys pair. SSH client tries to 
authentify using a broken key, several times because there is no 
fallback to password, and finally gives up.

This looks similar to your case:
http://theandystratton.com/2012/ssh-returns-too-many-authentication-failures-error-hostgator

Use password authentication, fix your keys.
Enable debug options in your SSH client to find out more details.
Google your error messages. http://bit.ly/XCjdcP

> before attempting to use a user that is not root, always needed to make
> a reverse tunnel to use administrative interface .. wonder: is this normal?
No, it is not normal. The Proxmox's administrative GUI is normally 
usable from a browser directly. Failure to do so may be due to several 
factors. If you follow my suggestions (proxy, browsers) we might isolate 
it's nature, otherwise it's nearly impossible to guess.
I believe this has nothing to do with your SSH access failure, this must 
be two separate problems.

> The only novelty here is:
> * Block root access via ssh.
> * Create a "user XZY" with permission to connect via ssh
> * User XYZ uses "sudo" for administrative tasks
Sane habit.

> my language is Spanish (sorry)
You better be proud, it's a nice language.

-- 
Alexandre Kouznetsov