Netbird SSH elevation not working on Windows #1341

Closed
opened 2025-11-20 05:28:43 -05:00 by saavagebueno · 5 comments
Owner

Originally created by @al-dubois on GitHub (Oct 15, 2024).

Describe the problem

Using netbird ssh user@host on Windows asks to be ran as admin even when launching the Terminal as an administrator.
The only way to make it work is to login as a user with local admin right and launch the terminal as an admin.

To Reproduce

Steps to reproduce the behavior:

  1. Log in on Windows with a standard account
  2. Right click Terminal --> Run as administrator
  3. Try to run Netbird ssh remoteuser@peer
  4. error: you must have Administrator privileges to run this command

Expected behavior

Be able to run netbird ssh when elevated

Are you using NetBird Cloud?

Netbird Cloud

NetBird version

netbird version
0.30.1

Originally created by @al-dubois on GitHub (Oct 15, 2024). **Describe the problem** Using `netbird ssh user@host` on Windows asks to be ran as admin even when launching the Terminal as an administrator. The only way to make it work is to login as a user with local admin right and launch the terminal as an admin. **To Reproduce** Steps to reproduce the behavior: 1. Log in on Windows with a standard account 2. Right click Terminal --> Run as administrator 3. Try to run `Netbird ssh remoteuser@peer` 4. error: you must have Administrator privileges to run this command **Expected behavior** Be able to run netbird ssh when elevated **Are you using NetBird Cloud?** Netbird Cloud **NetBird version** netbird version 0.30.1
saavagebueno added the clientssh labels 2025-11-20 05:28:43 -05:00
Author
Owner

@lemonzest79 commented on GitHub (Oct 22, 2024):

Same issue here on Fedora Linux 41 Cinnamon, can't use netbird ssh user@host as a non-elevated user

@lemonzest79 commented on GitHub (Oct 22, 2024): Same issue here on Fedora Linux 41 Cinnamon, can't use `netbird ssh user@host` as a non-elevated user
Author
Owner

@nazarewk commented on GitHub (Apr 28, 2025):

Hello @al-dubois,

We're currently reviewing our open issues and would like to verify if this problem still exists in the latest NetBird version.

Could you please confirm if the issue is still there?

We may close this issue temporarily if we don't hear back from you within 2 weeks, but feel free to reopen it with updated information.

Thanks for your contribution to improving the project!

@nazarewk commented on GitHub (Apr 28, 2025): Hello @al-dubois, We're currently reviewing our open issues and would like to verify if this problem still exists in the [latest NetBird version](https://github.com/netbirdio/netbird/releases). Could you please confirm if the issue is still there? We may close this issue temporarily if we don't hear back from you within **2 weeks**, but feel free to reopen it with updated information. Thanks for your contribution to improving the project!
Author
Owner

@al-dubois commented on GitHub (May 2, 2025):

Still happening

Image

@al-dubois commented on GitHub (May 2, 2025): Still happening ![Image](https://github.com/user-attachments/assets/fd6a21d9-76a2-456b-844c-bba8d25852d3)
Author
Owner

@al-dubois commented on GitHub (Jul 14, 2025):

Any news on this ? @nazarewk

On v0.50.3

@al-dubois commented on GitHub (Jul 14, 2025): Any news on this ? @nazarewk On v0.50.3
Author
Owner

@nazarewk commented on GitHub (Jul 15, 2025):

I'm pretty sure this is working as designed. The built-in SSH server doesn't have many guardrails (we have an extensive rework of the feature on the roadmap), resulting in giving unlimited permissions on the host you're connecting to (you can just root@host.netbird.cloud). I'm quite sure there was an issue opened about it, but I can't find it to cross-link right now.

To mitigate this, there is IsAdmin() check enforced while trying to use it on the client side, so it is working as designed.

I'll close this, but feel free to re-open if you feel this is not sufficient.

@nazarewk commented on GitHub (Jul 15, 2025): I'm pretty sure this is working as designed. The built-in SSH server doesn't have many guardrails (we have an extensive rework of the feature on the roadmap), resulting in giving unlimited permissions on the host you're connecting to (you can just `root@host.netbird.cloud`). I'm quite sure there was an issue opened about it, but I can't find it to cross-link right now. To mitigate this, there is [`IsAdmin()` check enforced](https://github.com/netbirdio/netbird/blob/b75a7d923c28c6e848f023680674b28d8254c144/client/cmd/ssh.go#L54-L57) while trying to use it on the client side, so it is working as designed. I'll close this, but feel free to re-open if you feel this is not sufficient.
Sign in to join this conversation.
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: SVI/netbird#1341