5

I have installed the ssh utility on an embedded system but I can't connect to it. I am able to ssh from the device to another computer on the network but not the other way around.

The only port opened in the device is the 21st:

userk@dopamine:~$ nmap 160.80.97.X

Starting Nmap 6.40 ( http://nmap.org ) at 2015-02-09 20:49 CET
Nmap scan report for 160.80.97.X
Host is up (0.0092s latency).
Not shown: 999 closed ports
PORT   STATE SERVICE
21/tcp open  ftp

When I try to connect to it I get a connection refused error. I have tried with another port but nothing has changed. The configuration file /etc/ssh/sshd_config is the following

#Port 22
Port 223
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::

# The default requires explicit activation of protocol 1
Protocol 2

# HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
#HostKey /etc/ssh/ssh_host_ed25519_key

# Lifetime and size of ephemeral version 1 server key
KeyRegenerationInterval 1h
ServerKeyBits 1024

# Ciphers and keying
#RekeyLimit default none

# Logging
# obsoletes QuietMode and FascistLogging
SyslogFacility AUTH
LogLevel INFO

# Authentication:

LoginGraceTime 2m
PermitRootLogin yes
StrictModes yes
MaxAuthTries 6
#MaxSessions 10

RSAAuthentication yes
PubkeyAuthentication yes

# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
# but this is overridden so installations will only check .ssh/authorized_keys
AuthorizedKeysFile  .ssh/authorized_keys

I don't have iptables and I can't install it. How can I connect to the device using ssh?

Solution

There was a problem with the generated keys. Move them to the /tmp folder

mv /etc/ssh/ssh_host_* /tmp

And regenerate the keys with

/etc/init.d/S50sshd restart OR /etc/init.d/sshd restart

or

ssh-keygen -A

Thanks to Bratchley, Abrixas2 and 0xC0000022L.

UserK
  • 2,424
  • have you installed sshd? If so type /etc/init.d/ssh restart – ctrl-alt-delor Feb 09 '15 at 20:10
  • 1
    Have you checked that sshd is actually running? – Abrixas2 Feb 09 '15 at 20:11
  • 1
    Joining the choir, I would check netstat -tlpn to see if sshd is both running and listening on the port you're expecting it to run on. – Bratchley Feb 09 '15 at 20:18
  • @richard I get /etc/init.d/ssh not found I have S50sshd in the folder. I have tried /etc/init.d/S50sshd restart but it could not load host keys. I get key_load_public: invalid format – UserK Feb 09 '15 at 20:20
  • @Bratchley. Ssh is not running. Netstat says that only the tcp protocol is active – UserK Feb 09 '15 at 20:21
  • 2
    @narutov6 then the problem is that something is wrong with the host keys. They may need to be re-generated. I would mv /etc/ssh/ssh_host_* /tmp and try to run /etc/init.d/sshd restart and see if it regenerates the keys for you that way. – Bratchley Feb 09 '15 at 20:25
  • 1
    @narutov6 You can run ssh-keygen -A to generate host keys for all known key types, for which host keys do not exist. This should normally be done during the configuration of sshd or during the first start of sshd. – Abrixas2 Feb 09 '15 at 20:27
  • 1
    You're sure the device has that IP, though? What's the output of lsof -i TCP:22 -s TCP:LISTEN say? Did you try to reinstall (apt-get --reinstall openssh-server) sshd or set it to start by default (update-rc.d ssh defaults) and then start (with service)? All assuming Rasbian. Also, did you try to run the SSH server from the command line using $(which sshd) -Ddp 10222 (as superuser) and then connecting to port 10222 from a client? If sshd isn't running you can also leave out the -p 10222 altogether. What about dpkg-reconfigure openssh-server to regenerate all the host keys? – 0xC0000022L Feb 09 '15 at 20:37
  • @0xC0000022L I've read your answer, it was really useful and verbose. Next time I will use it as a debugger. Unfortunately, I could not test apt-get --reinstall openssh because the only package manager I have is opkg (never used so far). Same problem with dpkg-reconfigure. Thanks anyway – UserK Feb 09 '15 at 21:40

1 Answers1

1
#Port 22
Port 223

Is that not 22 being commented out and 223 being active? Have you tried 223 yet?

jasonwryan
  • 73,126
s1ns3nt
  • 121
  • 1
    Nice catch but tcp/223 probably would've came up in his nmap scan as well. – Bratchley Feb 09 '15 at 20:16
  • 3
    Not at all. Maybe 223 is not a "common port" what will be scaned by the command nmap without parameters... –  Feb 09 '15 at 20:59
  • @Bratchley: nwildner is right. The OP should use nmap -p 1-65535 160.80.97.X or similar. – 0xC0000022L Feb 09 '15 at 21:05
  • I stand corrected, I just ran it on a local system and it doesn't scan 223 by default unless I do -p. The OP's problem is with the daemon not starting though. – Bratchley Feb 09 '15 at 21:17
  • Yes, I've tried with ssh user@160.80.97.X -p 223. I deleted the keys and re-generated them. Now it works. Thank you anyway – UserK Feb 10 '15 at 00:29
  • @narutov6: wow, that's really weak. See, people have been swarming to help you find a solution and all you do is to say that you found a solution and it works now? It'd be helpful for future Internauts with a similar problem to find out what steps you followed to solve diagnose and solve the problem. – 0xC0000022L Feb 10 '15 at 08:11
  • I appreciate your help and the fact that you make new users understand what's the aim of StackExchange. I'm still looking for the cause of the problem. – UserK Feb 10 '15 at 14:23
  • @0xC0000022L You could try being less of a jerk. The solution actually is up in the comments if you had bothered to read it. – Bratchley Feb 10 '15 at 15:44
  • So now we're shifting it to saying he should have posted an answer whereas before it was just that he didn't provide any intermediate steps? I also think you're the one who started with the ad hominems. – Bratchley Feb 10 '15 at 16:26
  • @Bratchley: never mind. Whatever you say. – 0xC0000022L Feb 10 '15 at 21:13
  • @narutov6: wait, you said before that it works now. This indicated that you found a solution. Please edit your question to add the steps you have already tested. – 0xC0000022L Feb 10 '15 at 21:14