No SSH Access

  • I cannot ssh into my LibreElec 8 Generic ...... connection refused by server.

    I can manage to get a display attached and I have turned on and off SSH and SSH password, all to no avail.

    Is there a setting in some file that I can check manually and maybe edit that will resolve this?

    I am dual booting LE with PCLinuxOS using Grub bootloader.

    Code
    title LibreElec
    root (hd0,1)
    kernel /KERNEL boot=UUID=...... disk=UUID=....... quiet


    It has been working in this manner since 2004 using OE and then LE.
    Something went awry about the 7.9 update. I thought later updates would fix it, but unfortunately not.

    Thanks.

  • Cipher changes in LibreSSL that invalidate old/cached keys or an outdated PuTTY version or invalid permissions on the /storage/.cache folder where the SSH private keys are stored (if insecure sshd will not start) are the normal culprit. If you add "tty" to boot params you should end up with a console on CTRL+ALT+F3 that you can investigate from.


  • Cipher changes in LibreSSL that invalidate old/cached keys or an outdated PuTTY version or invalid permissions on the /storage/.cache folder where the SSH private keys are stored (if insecure sshd will not start) are the normal culprit. If you add "tty" to boot params you should end up with a console on CTRL+ALT+F3 that you can investigate from.

    Thanks, I can get the terminal ok, but am lost as I do not know what commands are available.
    For instance I would use

    Code
    # service --help
    Usage: service -[Rfshv] SERVICE ARGUMENTS
            -f|--full-restart:      Do a fullrestart of the service.
            -R|--full-restart-all:  Do a fullrestart of all running services.
            -s|--status-all:        Print a status of all services.
            --ignore-dependencies:  Do not start required systemd services
            --skip-redirect:        Do not redirect to systemd
            -d|--debug:             Launch with debug.
            -h|--help:              This help.

    but that command is not available on LibreElec and I have no clue what to use as an equivalent. On this PC I get

    Code
    # service -s | grep ssh
    openssh-daemon (pid  4835) is running...

    Is there some reference material I could access that would help?

    I appreciate the assistance ;)

    Edited once, last by JohnBoyz (May 2, 2017 at 2:43 PM).


  • LE uses systemd, the equivalent would be "systemctl status sshd", see "systemctl --help" for more.

    Thanks for that info. ;)
    [hr]
    Thank you both.
    It was indeed a permission problem ...... apparently the permissions were too open.

    Could you be so kind as to tell me what permissions are optimum for the various stages of the following path?
    /storage/cache/.ssh/ssh_host_xxxxx_key

    /storage
    /storage/cache/
    /storage/cache/.ssh/
    /storage/cache/.ssh/ssh_host_xxxxx_key

    Are all the same? If so then a chmod -R XXX would do I guess. Would XXX be 700 or other?

    I have made changes to get things working, but would appreciate the info so I can now put in the correct permissions.

    Thanks.

    Edited once, last by JohnBoyz (May 2, 2017 at 4:09 PM).

  • Code
    chmod 700 /storage/.cache/ssh
    chmod 600 /storage/.cache/ssh/*
    chmod 644 /storage/.cache/ssh/*.pub

    ^^ I believe that should restore things back to defaults

    Thank you!
    Will apply them soon.
    What about /storage & /storage/.cache ?
    Do they get 700?
    regards.

    EDIT:
    All OK, found what I needed.
    755 it seems is correct.

    Edited once, last by JohnBoyz (May 2, 2017 at 7:13 PM).

  • Running the latest Milhouse build (9.0) on a Raspberry Pi 3. After the last update ssh is not working anymore.

    ssh -vvv root@@192.168.2.153

    OpenSSH_7.6p1, LibreSSL 2.6.2

    debug1: Reading configuration data /etc/ssh/ssh_config

    debug1: /etc/ssh/ssh_config line 48: Applying options for *

    debug2: ssh_connect_direct: needpriv 0

    debug1: Connecting to 192.168.2.153 port 22.

    ssh: connect to host 192.168.2.153 port 22: Connection refused

    FTP isn't working either. Now I read the solutions above, but this is not working for me? I've tried installing system tools to open a terminal windows on the Pi, but nothing happens.

    How can I correct this without doing a fresh install?

  • ssh -vvv root@@192.168.2.153

    Is the double-@ a typo?

    Are you sure the IP address is correct?

    Can you ping the device?

    Is Samba enabled and working?

    Can you downgrade to the previous version (using either Samba, or the built-in upgrade mechanism)?

    Does ssh work again with the previous version?

    I know of no particular reason why ssh should stop working, unless the configuration is corrupted, or ssh is not starting (crashing?) Very occasionally this type of issue is reported but clears up with a reboot or the next upgrade (which doesn't make much sense, but I suspect it's the reboot that fixes it not the upgrade itself).

    • Official Post

    Have you been reading the SD card in other machines? .. apart from a complete networking failure the only reason the SSH daemon will fail to start is a change to permissions on the server private key. I've occasionally seen people mounting the /storage partition in another OS to copy media to the card faster and an inadvertent perms change on /storage/.cache breaks stuff.

  • Hi Guys,

    Thnx for responding!

    I know the IP address is 100% correct. I can ping the device.

    PING 192.168.2.153 (192.168.2.153): 56 data bytes

    64 bytes from 192.168.2.153: icmp_seq=0 ttl=64 time=5.562 ms

    64 bytes from 192.168.2.153: icmp_seq=1 ttl=64 time=2.374 ms

    Samba is enabled. I can connect to the device. SSH is not working as is sFTP off course....

    ssh: connect to host 192.168.2.153 port 22: Connection refused.

    Now trying an update to the latest Millhouse build.

  • Hi All,

    I have made that same mistake too.

    While willing to mount an NFS share from my NAS to my wetekplay with libreelec I have changed the entire /storage folder with chmod 777. arrrrg. Since, impossible to log with SSH to my device.

    Fortunately, the NFS share work :D (at least).

    Thing is I would like to roll back and restore the correct rights to the /storage folder. But how... since I cannot connect via SSH is there any option to have a local terminal on the week play ? If yes, what will be the procedure ?

    Thanks in advance for your help

    Cheers !

  • Do you have access to the /storage/.config folder? .. If yes, you could create an autostart.sh script file that runs commands at the start of userspace boot to set/change permissions on the folders.

  • Hi Hewitt and thanks for the response.

    Not, unfortunately not. That is my question, is it a way to have access to a console direct to the device. I saw in some other topic that you suggested to do a CTRL + ALT + F3. I connected a keyboard on my WETEK PLAY 2 but and did that manip. doesn^t do anything.

    Is there an eventually recovery mode or something ? or any kind of other possibility to modify those right by importing the save

    As far The only option I see is to use the libreelec option "reset to default" but I will loose my entire TVHEADEND config. If possible I do not want to restart that hours long process

    Cheers

  • If the SMB share is active you can use the Kodi file manager to copy the TVH add-on config folder to a location accessible via the SMB share to back-up the data. Then you can nuke the setup and restore the TVH files (using SSH) later.

    CTRL+ALT+F3 will not work as we're not using Xorg/X11.

    If this is a WP2 box not a WP(1) as previously stated, which LE release is installed?

  • Hi chewitt.

    Thanks for the answer. I have checked where I could find that folder from TVH. Unfortunately after minutes of checking, I do not have find the folder. Any clue where it can be ?

    Other thing I fear. Actually it is impossible to update anything on the Libreelec wetekplay. I fear that if I nuke it, I won't be able to download TVH again. If im not wrong there is a topic here talking about the fact that week plan / libre elec have some issue connecting to internet or repos for KODI.

    To be honnest it is a mess in my head :P

    Cheers

  • The TVH client addon data will be in /storage/.kodi/userdata/addon_data/pvr.hts .. so you will need to enable support for "hidden files and folders" in Kodi GUI settings else the file manager will ignore the .kodi folder (in linux the . prefix denotes a hidden folder).