Raspberry Pis will not connect via SSH

gnoblin_44 · 13 January 2022 13:10

Hi everyone

I’ve had this reocurring issue for a while now, where I cannot access my RPis via ssh from my main PC because it refuses to connect. It was working previously.
I have sshd on and started and dont have it blocked from ufw or iptables

Thanks guys

Mirdarthos · 13 January 2022 13:23

Hi @gnoblin_44,

Are the Raspberry PIs port 22 open?

What is the output of:

telnet <IP_of_pi> 22

Where <IP_of_pi> is the IP address of the Raspberry PI (s) you’re trying to connect to?

Do you have non-SSH access to the Raspberry PI(s)?

mithrial · 13 January 2022 13:58

One of the last updates removed deprecated algorithms. Maybe your ssh keys are outdated and you should create new ones.

But without an the error messages of client and server, there’s only so much to hypothesize.

gnoblin_44 · 17 January 2022 09:29

Sorry for the late response but, is that just a simple sudo pacman ssh-keygen? Or perhaps there’s something more to it?

But without an the error messages of client and server, there’s only so much to hypothesize.

Sorry about that. Heres an error message of sudo -vvv

debug1: Reading configuration data /etc/ssh/ssh_config
debug2: resolve_canonicalize: hostname 192.168.188.25 is address
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts' -> '/root/.ssh/known_hosts'
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts2' -> '/root/.ssh/known_hosts2'
debug3: ssh_connect_direct: entering
debug1: Connecting to 192.168.188.25 [192.168.188.25] port 22.
debug3: set_sock_tos: set socket 3 IP_TOS 0x48
debug1: connect to address 192.168.188.25 port 22: Connection refused
ssh: connect to host 192.168.188.25 port 22: Connection refused

gnoblin_44 · 17 January 2022 09:38

Here’s the output:

Trying 192.168.188.25...
telnet: Unable to connect to remote host: Connection refused

and output of ufw
ufw status:

Status: active

To                         Action      From
--                         ------      ----
22                         ALLOW       Anywhere                  
22 (v6)                    ALLOW       Anywhere (v6)

I do have the port opened. I’m wondering if this is an issue because I am using a wifi router and not a network switch. My router is a Fritzbox 7490.

Mirdarthos · 17 January 2022 09:48

Shouldn’t be a problem. But, as @mithrial said, it might be your keys. And indeed it looks that way. It’s been too long since I’ve done it to remember the steps, so can’t give any personally. But I can point you here:

However, IIRC you shouldn’t user rsa keys. So this will most likely be of more help: Ssh-keygen is a tool for creating new authentication key pairs for SSH. This is a tutorial on its use, and covers several special use cases.

gnoblin_44 · 17 January 2022 10:09

As I try to copy the ssh-id to the pi, I get this message
/usr/bin/ssh-copy-id: ERROR: ssh: connect to host 192.168.188.25 port 22: Connection refused

xabbu · 17 January 2022 10:12

If this is a key problem, the error would be different.

The error suggest that no ssh daemon is running on your PI or at lest it is not listing on port 22. Did you verify that the ssh daemon is running and is listing on port 22?

gnoblin_44 · 17 January 2022 10:28

Can you guide me on that? Sorry

mithrial · 17 January 2022 10:28

This is bound to fail because it’s using ssh to copy the id. If ssh doesn’t work, obviously it can’t copy the the new key. You have to transfer the key from either another working computer or unmount the sd-card and edit the ~/.ssh/authorized_keys file manually.

However, the error message should be different. There are so many things that can go wrong, it’s hard to guess.

Can you verify your whole setup is correct, meaning that you are, in fact, connected to the same network. Is any device connected to the guest wifi? (The 188 in the IP address might suggest this.)
Did you disallow network communication in your router?

How are you connecting to the pi currently? If you have ufw running on the pi, you have to allow port 22 there, not on your local machine.

xabbu · 17 January 2022 10:42

All commands need to run on your Pi, not on the client. You might need connect your Pi to a screen and keyboard.

systemctl status sshd

and check with ss if something is listing on port 22

 ss -nlt | grep 22

gnoblin_44 · 17 January 2022 11:28

     Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled; vendor pres>
     Active: active (running) since Mon 2022-01-17 21:52:56 AEDT; 33min ago
   Main PID: 699 (sshd)
      Tasks: 1 (limit: 9362)
     Memory: 3.1M
        CPU: 19ms
     CGroup: /system.slice/sshd.service
             └─699 "sshd: /usr/bin/sshd -D [listener] 0 of 10-100 startups"

Jan 17 21:52:56 pc systemd[1]: Started OpenSSH Daemon.
Jan 17 21:52:57 pc sshd[699]: Server listening on 0.0.0.0 port 2222.
Jan 17 21:52:57 pc sshd[699]: Server listening on :: port 2222.

LISTEN 0      128          0.0.0.0:2222      0.0.0.0:*          
LISTEN 0      128             [::]:2222         [::]:*

Not sure why its listening on port 2222, I may have changed something

xabbu · 17 January 2022 11:34

Then you need to connect to port 2222 and not 22. You can use the -p 2222 option.

If you use a firewall on your Pi, make sure you open port 2222.

gnoblin_44 · 17 January 2022 11:39

It still comes up as connection refused. The underlying issue may be the outdated keygens

xabbu · 17 January 2022 11:48

But a refused error is not an error from sshd, it is from the network stack. If it is a problem with keys you would see it in the server journal. and of course in the debugging output of your ssh command.

Check it on your Pi,

journalctl -b -u sshd --no-host --no-pager

If you don’t see any connection attempt, the ssh sever never processed it.

Also is there any reason why you use sudo?

If you want to log in as root do

ssh -p 2222 root@192.168.188.25

gnoblin_44 · 17 January 2022 11:50

I’ve installed a minimal image on my pi, due to creating a pi cluster

linux-aarhus · 17 January 2022 11:52

You cannot login as root without keyfile unless you have specifically enabled this in your host’s

/etc/ssh/sshd_config

#PermitRootLogin prohibit-password

For any change to have effect you must reload the ssh daemon.

gnoblin_44 · 17 January 2022 11:59

Sorry, what does this do again?

linux-aarhus · 17 January 2022 12:04

The setting is default - and it only allows root login using keybased login.

man sshd_config

     PermitRootLogin
             Specifies whether root can log in using ssh(1).  The argument must be yes, prohibit-password,
             forced-commands-only, or no.  The default is prohibit-password.

             If this option is set to prohibit-password (or its deprecated alias, without-password), password and keyboard-in‐
             teractive authentication are disabled for root.

             If this option is set to forced-commands-only, root login with public key authentication will be allowed, but
             only if the command option has been specified (which may be useful for taking remote backups even if root login
             is normally not allowed).  All other authentication methods are disabled for root.

             If this option is set to no, root is not allowed to log in.

xabbu · 17 January 2022 12:07

By default, you can’t log in as root with a password. Only a normal user can login with a password. If you want to login as root with a password you need to configure sshd, to allow this.

However, it considered less secure. Don’t do it. Either login as a normal user and switch to root (su -) or set up keys. To do this login as a normal user with a passwort and set up keys for this user and the root user.

A little bit to read
https://wiki.archlinux.org/title/SSH_keys