Can't enable SSH access: "Running SSH server is not permitted"

[florian-obradovic]

Describe the problem

I tried to enable SSH Access for a few of my peers (Linux & macOS) but it doesn't work

To Reproduce

1. Enable SSH Access for a peer in dashboard
2. client.log on the peer shows: WARN client/internal/engine.go:554: running SSH server is not permitted
3. try to connect connect:

Error: dial tcp 100.102.98.127:44338: i/o timeout
Couldn't connect. Please check the connection status or if the ssh server is enabled on the other peer

Expected behavior

• Enable SSH access

Are you using NetBird Cloud?
Self hosted!

NetBird version
0.29.3

NetBird status -dA output:

OS: linux/amd64
Daemon version: 0.29.3
CLI version: 0.29.3
Management: Connected to https://netbird.anon-ZsVFN.domain:33073
Signal: Connected to http://netbird.anon-ZsVFN.domain:10000
Relays:
[stun:netbird.anon-ZsVFN.domain:3478] is Available
[turn:netbird.anon-ZsVFN.domain:3478?transport=udp] is Available
Nameservers:
FQDN: anon-poKed.domain
NetBird IP: 100.102.98.127/16
Interface type: Kernel
Quantum resistance: false
Routes: -
Peers count: 5/11 Connected

Screenshots

[mlsmaycon]

Hi @florian-obradovic, you need to run this on the client:

netbird down
netbird up --allow-server-ssh

We will update our docs since this information is missing.

[sirvar]

@mlsmaycon has this been updated in the docker image as well?

[mlsmaycon]

allow-server-ssh

Yes its been @sirvar. For docker you need the following environment variable:

NB_ALLOW_SERVER_SSH=true

[florian-obradovic]

Thanks for heads up @mlsmaycon

We should add a note to the documentation, that you also need an ACL which allows tcp port 44338 access.
2024-09-25T23:20:12+02:00 INFO client/ssh/server.go:248: starting SSH server on addr: 100.102.98.127:44338