No SSH Access

  • I cannot ssh into my LibreElec 8 Generic ...... connection refused by server.


    I can manage to get a display attached and I have turned on and off SSH and SSH password, all to no avail.


    Is there a setting in some file that I can check manually and maybe edit that will resolve this?


    I am dual booting LE with PCLinuxOS using Grub bootloader.

    Code
    1. title LibreElec
    2. root (hd0,1)
    3. kernel /KERNEL boot=UUID=...... disk=UUID=....... quiet



    It has been working in this manner since 2004 using OE and then LE.
    Something went awry about the 7.9 update. I thought later updates would fix it, but unfortunately not.


    Thanks.

  • Cipher changes in LibreSSL that invalidate old/cached keys or an outdated PuTTY version or invalid permissions on the /storage/.cache folder where the SSH private keys are stored (if insecure sshd will not start) are the normal culprit. If you add "tty" to boot params you should end up with a console on CTRL+ALT+F3 that you can investigate from.


  • Cipher changes in LibreSSL that invalidate old/cached keys or an outdated PuTTY version or invalid permissions on the /storage/.cache folder where the SSH private keys are stored (if insecure sshd will not start) are the normal culprit. If you add "tty" to boot params you should end up with a console on CTRL+ALT+F3 that you can investigate from.


    Thanks, I can get the terminal ok, but am lost as I do not know what commands are available.
    For instance I would use

    Code
    1. # service --help
    2. Usage: service -[Rfshv] SERVICE ARGUMENTS
    3.         -f|--full-restart:      Do a fullrestart of the service.
    4.         -R|--full-restart-all:  Do a fullrestart of all running services.
    5.         -s|--status-all:        Print a status of all services.
    6.         --ignore-dependencies:  Do not start required systemd services
    7.         --skip-redirect:        Do not redirect to systemd
    8.         -d|--debug:             Launch with debug.
    9.         -h|--help:              This help.


    but that command is not available on LibreElec and I have no clue what to use as an equivalent. On this PC I get

    Code
    1. # service -s | grep ssh
    2. openssh-daemon (pid  4835) is running...


    Is there some reference material I could access that would help?


    I appreciate the assistance ;)

    Edited once, last by JohnBoyz ().

  • LE uses systemd, the equivalent would be "systemctl status sshd", see "systemctl --help" for more.


  • LE uses systemd, the equivalent would be "systemctl status sshd", see "systemctl --help" for more.


    Thanks for that info. ;)
    [hr]
    Thank you both.
    It was indeed a permission problem ...... apparently the permissions were too open.


    Could you be so kind as to tell me what permissions are optimum for the various stages of the following path?
    /storage/cache/.ssh/ssh_host_xxxxx_key


    /storage
    /storage/cache/
    /storage/cache/.ssh/
    /storage/cache/.ssh/ssh_host_xxxxx_key


    Are all the same? If so then a chmod -R XXX would do I guess. Would XXX be 700 or other?


    I have made changes to get things working, but would appreciate the info so I can now put in the correct permissions.


    Thanks.

    Edited once, last by JohnBoyz ().

  • Code
    1. chmod 700 /storage/.cache/ssh
    2. chmod 600 /storage/.cache/ssh/*
    3. chmod 644 /storage/.cache/ssh/*.pub


    ^^ I believe that should restore things back to defaults

  • Code
    1. chmod 700 /storage/.cache/ssh
    2. chmod 600 /storage/.cache/ssh/*
    3. chmod 644 /storage/.cache/ssh/*.pub


    ^^ I believe that should restore things back to defaults


    Thank you!
    Will apply them soon.
    What about /storage & /storage/.cache ?
    Do they get 700?
    regards.


    EDIT:
    All OK, found what I needed.
    755 it seems is correct.

    Edited once, last by JohnBoyz ().

  • Running the latest Milhouse build (9.0) on a Raspberry Pi 3. After the last update ssh is not working anymore.


    ssh -vvv [email protected]@192.168.2.153

    OpenSSH_7.6p1, LibreSSL 2.6.2

    debug1: Reading configuration data /etc/ssh/ssh_config

    debug1: /etc/ssh/ssh_config line 48: Applying options for *

    debug2: ssh_connect_direct: needpriv 0

    debug1: Connecting to 192.168.2.153 port 22.

    ssh: connect to host 192.168.2.153 port 22: Connection refused


    FTP isn't working either. Now I read the solutions above, but this is not working for me? I've tried installing system tools to open a terminal windows on the Pi, but nothing happens.


    How can I correct this without doing a fresh install?

  • ssh -vvv [email protected]@192.168.2.153

    Is the [email protected] a typo?


    Are you sure the IP address is correct?

    Can you ping the device?

    Is Samba enabled and working?

    Can you downgrade to the previous version (using either Samba, or the built-in upgrade mechanism)?

    Does ssh work again with the previous version?


    I know of no particular reason why ssh should stop working, unless the configuration is corrupted, or ssh is not starting (crashing?) Very occasionally this type of issue is reported but clears up with a reboot or the next upgrade (which doesn't make much sense, but I suspect it's the reboot that fixes it not the upgrade itself).

  • Have you been reading the SD card in other machines? .. apart from a complete networking failure the only reason the SSH daemon will fail to start is a change to permissions on the server private key. I've occasionally seen people mounting the /storage partition in another OS to copy media to the card faster and an inadvertent perms change on /storage/.cache breaks stuff.

  • Hi Guys,


    Thnx for responding!


    I know the IP address is 100% correct. I can ping the device.


    PING 192.168.2.153 (192.168.2.153): 56 data bytes

    64 bytes from 192.168.2.153: icmp_seq=0 ttl=64 time=5.562 ms

    64 bytes from 192.168.2.153: icmp_seq=1 ttl=64 time=2.374 ms


    Samba is enabled. I can connect to the device. SSH is not working as is sFTP off course....


    ssh: connect to host 192.168.2.153 port 22: Connection refused.


    Now trying an update to the latest Millhouse build.