I’ve had this reocurring issue for a while now, where I cannot access my RPis via ssh from my main PC because it refuses to connect. It was working previously.
I have sshd on and started and dont have it blocked from ufw or iptables
Shouldn’t be a problem. But, as @mithrial said, it might be your keys. And indeed it looks that way. It’s been too long since I’ve done it to remember the steps, so can’t give any personally. But I can point you here:
If this is a key problem, the error would be different.
The error suggest that no ssh daemon is running on your PI or at lest it is not listing on port 22. Did you verify that the ssh daemon is running and is listing on port 22?
This is bound to fail because it’s using ssh to copy the id. If ssh doesn’t work, obviously it can’t copy the the new key. You have to transfer the key from either another working computer or unmount the sd-card and edit the ~/.ssh/authorized_keys file manually.
However, the error message should be different. There are so many things that can go wrong, it’s hard to guess.
Can you verify your whole setup is correct, meaning that you are, in fact, connected to the same network. Is any device connected to the guest wifi? (The 188 in the IP address might suggest this.)
Did you disallow network communication in your router?
How are you connecting to the pi currently? If you have ufw running on the pi, you have to allow port 22 there, not on your local machine.
Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled; vendor pres>
Active: active (running) since Mon 2022-01-17 21:52:56 AEDT; 33min ago
Main PID: 699 (sshd)
Tasks: 1 (limit: 9362)
Memory: 3.1M
CPU: 19ms
CGroup: /system.slice/sshd.service
└─699 "sshd: /usr/bin/sshd -D [listener] 0 of 10-100 startups"
Jan 17 21:52:56 pc systemd[1]: Started OpenSSH Daemon.
Jan 17 21:52:57 pc sshd[699]: Server listening on 0.0.0.0 port 2222.
Jan 17 21:52:57 pc sshd[699]: Server listening on :: port 2222.
But a refused error is not an error from sshd, it is from the network stack. If it is a problem with keys you would see it in the server journal. and of course in the debugging output of your ssh command.
Check it on your Pi,
journalctl -b -u sshd --no-host --no-pager
If you don’t see any connection attempt, the ssh sever never processed it.
The setting is default - and it only allows root login using keybased login.
man sshd_config
PermitRootLogin
Specifies whether root can log in using ssh(1). The argument must be yes, prohibit-password,
forced-commands-only, or no. The default is prohibit-password.
If this option is set to prohibit-password (or its deprecated alias, without-password), password and keyboard-in‐
teractive authentication are disabled for root.
If this option is set to forced-commands-only, root login with public key authentication will be allowed, but
only if the command option has been specified (which may be useful for taking remote backups even if root login
is normally not allowed). All other authentication methods are disabled for root.
If this option is set to no, root is not allowed to log in.
By default, you can’t log in as root with a password. Only a normal user can login with a password. If you want to login as root with a password you need to configure sshd, to allow this.
However, it considered less secure. Don’t do it. Either login as a normal user and switch to root (su -) or set up keys. To do this login as a normal user with a passwort and set up keys for this user and the root user.