User avatar
jojopi
Posts: 3146
Joined: Tue Oct 11, 2011 8:38 pm

Re: SSH not working

Tue Sep 04, 2012 12:39 pm

Alesbi wrote:Can the new SSH keys be generated offline?
Yes, both methods should work without a network connection.

Joe Schmoe
Posts: 4277
Joined: Sun Jan 15, 2012 1:11 pm

Re: SSH not working

Tue Sep 04, 2012 1:04 pm

What makes this all interesting, of course, is the "Catch 22" aspect of it. I'm sure that if we could just hook up a keyboard and screen, we'd have solved this very easily (and a long time ago).

That said, a couple of things come to mind that might get you more information:

1) Hook up a serial line (I'm told this will allow you to see the boot-up messages even without a regular keyboard/screen attached). Check out: http://www.trainelectronics.com/RaspberryPi/

2) From Linux (e.g., a booted "Live CD"), do: ssh -v ...
I know someone else suggested this already, but this would probably give you more info as to exactly how and why it is bombing.

Also, I doubt this is significant yet (i.e., you haven't really gotten this far in the process yet), but you should be doing:

ssh [email protected]_IP_Address

In your screenshots, you were just doing: ssh rpi_IP_Address, which causes it to default to user "alex" (which I think is who you were logged in as on the booted Linux), and that ID (probably) doesn't exist on the Pi.

There is, of course, a way to set this value in PuTTY as well, somewhere in the GUI screens.
And some folks need to stop being fanboys and see the forest behind the trees.

(One of the best lines I've seen on this board lately)

Alesbi
Posts: 109
Joined: Wed Aug 22, 2012 3:18 pm

Re: SSH not working

Tue Sep 04, 2012 1:23 pm

Joe Schmoe wrote:What makes this all interesting, of course, is the "Catch 22" aspect of it. I'm sure that if we could just hook up a keyboard and screen, we'd have solved this very easily (and a long time ago).

That said, a couple of things come to mind that might get you more information:

1) Hook up a serial line (I'm told this will allow you to see the boot-up messages even without a regular keyboard/screen attached). Check out: http://www.trainelectronics.com/RaspberryPi/

2) From Linux (e.g., a booted "Live CD"), do: ssh -v ...
I know someone else suggested this already, but this would probably give you more info as to exactly how and why it is bombing.

Also, I doubt this is significant yet (i.e., you haven't really gotten this far in the process yet), but you should be doing:

ssh [email protected]_IP_Address

In your screenshots, you were just doing: ssh rpi_IP_Address, which causes it to default to user "alex" (which I think is who you were logged in as on the booted Linux), and that ID (probably) doesn't exist on the Pi.

There is, of course, a way to set this value in PuTTY as well, somewhere in the GUI screens.
OK well I just tried the family PC's keyboard using a PS/2 adapter and it still doesn't work, not with USB hub either.

I don't really understand that serial line stuff. I think it's too complicated for me anyway, just looking at the page.

On Raspbian I get stuck at raspi-config, and on Raspbmc it gets stuck on boot because it can't find Ethernet connection (because to plug it into my TV, I had to unplug it from my router due to different rooms).

I myself noticed that I didn't put "[email protected]" in, so I went back and tried it again. Got connection refused.

Image

ssh -v gave me this:

Image


Tomorrow I should get my USB->SD card reader and assuming that works (which is probably a bad assumption given my track record), I should be able to try generating the new SSH keys using Wubi. "jojopi" has already given me the commands, would you be able to break it down for me, as to how exactly I would execute those commands?

itimpi
Posts: 1090
Joined: Sun Sep 25, 2011 11:44 am
Location: Potters Bar, United Kingdom
Contact: Website

Re: SSH not working

Tue Sep 04, 2012 1:42 pm

I thought the 192.168.0.3 address was your machine and the Pi was on 192.168.0.5?

Alesbi
Posts: 109
Joined: Wed Aug 22, 2012 3:18 pm

Re: SSH not working

Tue Sep 04, 2012 1:46 pm

itimpi wrote:I thought the 192.168.0.3 address was your machine and the Pi was on 192.168.0.5?
It changes each time I plug them in/out, switch between Windows and Ubunutu etc. I always make sure of the new IP in my router page before I start

Alesbi
Posts: 109
Joined: Wed Aug 22, 2012 3:18 pm

Re: SSH not working

Tue Sep 04, 2012 1:51 pm

Is it possible for me to edit SSH_Config from a usb SD card reader plugged into my LInux (or windows) machine? It seems theres something dodgey on line 19:

Image
larger pic: http://i.imgur.com/ahGGE.png

brs
Posts: 70
Joined: Fri Aug 17, 2012 9:27 pm
Location: Zurich

Re: SSH not working

Tue Sep 04, 2012 1:54 pm

Grasping for some more straws... since this looks like a networking issue, have you considered running something like http://www.ethereal.com/ and record a network packet trace of the exchange?

User avatar
jojopi
Posts: 3146
Joined: Tue Oct 11, 2011 8:38 pm

Re: SSH not working

Tue Sep 04, 2012 2:00 pm

Actually, while "connection reset" is consistent with a host key problem, "connection refused" is not. Also, I had not previously noticed that you had tried two different distros. That makes it unlikely that both have the same issue. (Not absolutely impossible, especially if you used an unreliable power supply on the first boots.)

So, either you have an entirely different problem with variable symptoms, or you have two separate problems, in which case you need to fix the "connection refused" problem before you can tackle the "connection reset".

In a given test condition and boot, is the error consistent across multiple attempts, or intermittent?

Alesbi
Posts: 109
Joined: Wed Aug 22, 2012 3:18 pm

Re: SSH not working

Tue Sep 04, 2012 2:04 pm

brs wrote:Grasping for some more straws... since this looks like a networking issue, have you considered running something like http://www.ethereal.com/ and record a network packet trace of the exchange?
I can try this. what will I be looking for?
----------------------------------------------------------------
jojopi wrote:Actually, while "connection reset" is consistent with a host key problem, "connection refused" is not. Also, I had not previously noticed that you had tried two different distros. That makes it unlikely that both have the same issue. (Not absolutely impossible, especially if you used an unreliable power supply on the first boots.)

So, either you have an entirely different problem with variable symptoms, or you have two separate problems, in which case you need to fix the "connection refused" problem before you can tackle the "connection reset".

In a given test condition and boot, is the error consistent across multiple attempts, or intermittent?
I cannot put my finger on what causes each particular error. It may have been that I only got connection refused when I entered the wrong commands or something, by accident (for example doing "ssh 192.168.0.5" rather than "ssh [email protected]"). In Linux, I seem to only get the "connection reset by peer" error.
----------------------------------------------------

On another note, I did "ssh -vvv [email protected]", which is supposed to give more information than ssh -v. I got this response

Image
larger picture: http://i.imgur.com/DKNQR.png

As you can see, it does say "Connection Established", then a bunch of gobbledegook, then somewhat suddenly stops working.

What can I deduce from this? I think I need to have a look inside ssh_config, do I not?

Also, the connection reset error may mean that I may need to add this to SSH_config, perhaps?

ServerAliveInterval = 300
ServerAliveCountMax = 300

I believe this is meant to stop server resetting if it receives no information.

brs
Posts: 70
Joined: Fri Aug 17, 2012 9:27 pm
Location: Zurich

Re: SSH not working

Tue Sep 04, 2012 2:16 pm

Alesbi wrote:
brs wrote:Grasping for some more straws... since this looks like a networking issue, have you considered running something like http://www.ethereal.com/ and record a network packet trace of the exchange?
I can try this. what will I be looking for?
----------------------------------------------------------------

Not entirely sure... maybe and ICMP destination unreachable packet, either from the router or the PI. Maybe some confused device on the network poisoning the connection with duplicate responses, etc. Anything which doesn't look like a clean TCP/IP connection establishment sequence.

If you are on linux, do you have tcpdump? Something like running (sudo) tcpdump -i <network device name> -n, while you try to connect could already help.

BTW, has telnet <ipaddress> 22 ever worked from linux?

User avatar
jojopi
Posts: 3146
Joined: Tue Oct 11, 2011 8:38 pm

Re: SSH not working

Tue Sep 04, 2012 2:37 pm

Okay. The next message after "debug1: SSH2_MSG_KEXINIT sent" should be "debug1: SSH2_MSG_KEXINIT received". And between those two is exactly where it will break if the server cannot load its host keys. So you do want to try regenerating those.

There is nothing to suggest a problem with ssh_config. ServerAlives are useful if you have a firewall somewhere that "forgets" about connections when they have been idle for a long time. Until you can get a connection to survive at least five minutes, that is not one of your problems.

Alesbi
Posts: 109
Joined: Wed Aug 22, 2012 3:18 pm

Re: SSH not working

Tue Sep 04, 2012 3:02 pm

@brs telnet does wrk with Linux. I'll try tcpdump.
jojopi wrote:Okay. The next message after "debug1: SSH2_MSG_KEXINIT sent" should be "debug1: SSH2_MSG_KEXINIT received". And between those two is exactly where it will break if the server cannot load its host keys. So you do want to try regenerating those.

There is nothing to suggest a problem with ssh_config. ServerAlives are useful if you have a firewall somewhere that "forgets" about connections when they have been idle for a long time. Until you can get a connection to survive at least five minutes, that is not one of your problems.
Any idea how I can reset my keys in Windows? Currently my old vista laptop has a built in SD card reader, but my new one (with wubi) doesn't. I use my new laptop as mu primary machine.

If it is not possible in windows, I can do it in Linux tomorrow when my USB-sd card reader arrives. In this case, please can you tell me what commands to use and how to execute them to regenerate my ssh keys.

Joe Schmoe
Posts: 4277
Joined: Sun Jan 15, 2012 1:11 pm

Re: SSH not working

Tue Sep 04, 2012 3:16 pm

If it is not possible in windows, I can do it in Linux tomorrow when my USB-sd card reader arrives. In this case, please can you tell me what commands to use and how to execute them to regenerate my ssh keys.
Just out of curiosity, does the concept of booting a Live CD have no traction with you?
And some folks need to stop being fanboys and see the forest behind the trees.

(One of the best lines I've seen on this board lately)

User avatar
Dweeber
Posts: 606
Joined: Fri Aug 17, 2012 3:35 am
Location: Mesa, AZ
Contact: Website

Re: SSH not working

Tue Sep 04, 2012 3:24 pm

Wendo wrote:It's exceedingly weird that you can telnet to port 22 and confirm SSH is working, but can't actually connect with an SSH client from the same computer. The only thing I can think of is windows firewall isn't allowing the putty connection out, but that should be very obvious by a big prompt when you try to connect with putty
I can think of something else... his SSH keys on the RPi might be messed up. He might need to regenerate the host keys.

Having limited access to the RPi without keyboard and monitor will make dealing with that if that is what it is a bit difficult.

Update: Seems someone else hit on that a few messages up...
Dweeber A.K.A. Kevin...
My RPI Info Pages including Current Setup - http://rpi.tnet.com

User avatar
RaTTuS
Posts: 10539
Joined: Tue Nov 29, 2011 11:12 am
Location: North West UK
Contact: Twitter YouTube

Re: SSH not working

Tue Sep 04, 2012 3:35 pm

my betting is that it's a bad PSU and the RPi is not getting enough power to run properly...
what is the voltage tp1/tp2 ?
or has this been mentioned previously
How To ask Questions :- http://www.catb.org/esr/faqs/smart-questions.html
WARNING - some parts of this post may be erroneous YMMV

1QC43qbL5FySu2Pi51vGqKqxy3UiJgukSX
Covfefe

User avatar
pluggy
Posts: 3635
Joined: Thu May 31, 2012 3:52 pm
Location: Barnoldswick, Lancashire,UK
Contact: Website

Re: SSH not working

Tue Sep 04, 2012 3:49 pm

If its any help, this is what ssh -vvv gives with by working setup from my installed Ubuntu 12.04 to my Pi.

I have keys set at both ends for automated logins on another user.

Code: Select all

[email protected]:~$ ssh -vvv [email protected]
OpenSSH_5.9p1 Debian-5ubuntu1, OpenSSL 1.0.1 14 Mar 2012
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to 192.168.1.248 [192.168.1.248] port 22.
debug1: Connection established.
debug3: Incorrect RSA1 identifier
debug3: Could not load "/home/sv/.ssh/id_rsa" as a RSA1 public key
debug1: identity file /home/sv/.ssh/id_rsa type 1
debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048
debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048
debug1: identity file /home/sv/.ssh/id_rsa-cert type -1
debug1: identity file /home/sv/.ssh/id_dsa type -1
debug1: identity file /home/sv/.ssh/id_dsa-cert type -1
debug1: identity file /home/sv/.ssh/id_ecdsa type -1
debug1: identity file /home/sv/.ssh/id_ecdsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.0p1 Debian-2
debug1: match: OpenSSH_6.0p1 Debian-2 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.9p1 Debian-5ubuntu1
debug2: fd 3 setting O_NONBLOCK
debug3: load_hostkeys: loading entries for host "192.168.1.248" from file "/home/sv/.ssh/known_hosts"
debug3: load_hostkeys: found key type ECDSA in file /home/sv/.ssh/known_hosts:10
debug3: load_hostkeys: loaded 1 keys
debug3: order_hostkeyalgs: prefer hostkeyalgs: [email protected],[email protected],[email protected],ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: [email protected],[email protected],[email protected],ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,[email protected],[email protected],[email protected],[email protected],ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-6[email protected],hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,[email protected],hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,[email protected],zlib
debug2: kex_parse_kexinit: none,[email protected],zlib
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: first_kex_follows 0 
debug2: kex_parse_kexinit: reserved 0 
debug2: kex_parse_kexinit: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,[email protected],hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,[email protected],hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,[email protected]
debug2: kex_parse_kexinit: none,[email protected]
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: first_kex_follows 0 
debug2: kex_parse_kexinit: reserved 0 
debug2: mac_setup: found hmac-md5
debug1: kex: server->client aes128-ctr hmac-md5 none
debug2: mac_setup: found hmac-md5
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA b3:f6:fd:12:b1:be:26:18:01:42:15:a0:0a:82:5f:22
debug3: load_hostkeys: loading entries for host "192.168.1.248" from file "/home/sv/.ssh/known_hosts"
debug3: load_hostkeys: found key type ECDSA in file /home/sv/.ssh/known_hosts:10
debug3: load_hostkeys: loaded 1 keys
debug1: Host '192.168.1.248' is known and matches the ECDSA host key.
debug1: Found key in /home/sv/.ssh/known_hosts:10
debug1: ssh_ecdsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /home/sv/.ssh/id_rsa (0xb7ecbfd8)
debug2: key: /home/sv/.ssh/id_dsa ((nil))
debug2: key: /home/sv/.ssh/id_ecdsa ((nil))
debug1: Authentications that can continue: publickey,password
debug3: start over, passed a different list publickey,password
debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/sv/.ssh/id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,password
debug1: Trying private key: /home/sv/.ssh/id_dsa
debug3: no such identity: /home/sv/.ssh/id_dsa
debug1: Trying private key: /home/sv/.ssh/id_ecdsa
debug3: no such identity: /home/sv/.ssh/id_ecdsa
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred: ,password
debug3: authmethod_is_enabled password
debug1: Next authentication method: password
[email protected]'s password: 
Don't judge Linux by the Pi.......
I must not tread on too many sacred cows......

Alesbi
Posts: 109
Joined: Wed Aug 22, 2012 3:18 pm

Re: SSH not working

Tue Sep 04, 2012 4:01 pm

RaTTuS wrote:my betting is that it's a bad PSU and the RPi is not getting enough power to run properly...
what is the voltage tp1/tp2 ?
or has this been mentioned previously
5 Volts.
Joe Schmoe wrote:
If it is not possible in windows, I can do it in Linux tomorrow when my USB-sd card reader arrives. In this case, please can you tell me what commands to use and how to execute them to regenerate my ssh keys.
Just out of curiosity, does the concept of booting a Live CD have no traction with you?
I do not understand your point. I've been using Wubi, but the laptop with Wubi installed does not have an SD card reader.
pluggy wrote:If its any help, this is what ssh -vvv gives with by working setup from my installed Ubuntu 12.04 to my Pi.

I have keys set at both ends for automated logins on another user.

Code: Select all

[email protected]:~$ ssh -vvv [email protected]
OpenSSH_5.9p1 Debian-5ubuntu1, OpenSSL 1.0.1 14 Mar 2012
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to 192.168.1.248 [192.168.1.248] port 22.
debug1: Connection established.
debug3: Incorrect RSA1 identifier
debug3: Could not load "/home/sv/.ssh/id_rsa" as a RSA1 public key
debug1: identity file /home/sv/.ssh/id_rsa type 1
debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048
debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048
debug1: identity file /home/sv/.ssh/id_rsa-cert type -1
debug1: identity file /home/sv/.ssh/id_dsa type -1
debug1: identity file /home/sv/.ssh/id_dsa-cert type -1
debug1: identity file /home/sv/.ssh/id_ecdsa type -1
debug1: identity file /home/sv/.ssh/id_ecdsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.0p1 Debian-2
debug1: match: OpenSSH_6.0p1 Debian-2 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.9p1 Debian-5ubuntu1
debug2: fd 3 setting O_NONBLOCK
debug3: load_hostkeys: loading entries for host "192.168.1.248" from file "/home/sv/.ssh/known_hosts"
debug3: load_hostkeys: found key type ECDSA in file /home/sv/.ssh/known_hosts:10
debug3: load_hostkeys: loaded 1 keys
debug3: order_hostkeyalgs: prefer hostkeyalgs: [email protected],[email protected],[email protected],ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: [email protected],[email protected],[email protected],ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,[email protected],[email protected],[email protected],[email protected],ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,[email protected],hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,[email protected],hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,[email protected],zlib
debug2: kex_parse_kexinit: none,[email protected],zlib
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: first_kex_follows 0 
debug2: kex_parse_kexinit: reserved 0 
debug2: kex_parse_kexinit: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,[email protected],hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,[email protected],hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,[email protected]
debug2: kex_parse_kexinit: none,[email protected]
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: first_kex_follows 0 
debug2: kex_parse_kexinit: reserved 0 
debug2: mac_setup: found hmac-md5
debug1: kex: server->client aes128-ctr hmac-md5 none
debug2: mac_setup: found hmac-md5
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA b3:f6:fd:12:b1:be:26:18:01:42:15:a0:0a:82:5f:22
debug3: load_hostkeys: loading entries for host "192.168.1.248" from file "/home/sv/.ssh/known_hosts"
debug3: load_hostkeys: found key type ECDSA in file /home/sv/.ssh/known_hosts:10
debug3: load_hostkeys: loaded 1 keys
debug1: Host '192.168.1.248' is known and matches the ECDSA host key.
debug1: Found key in /home/sv/.ssh/known_hosts:10
debug1: ssh_ecdsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /home/sv/.ssh/id_rsa (0xb7ecbfd8)
debug2: key: /home/sv/.ssh/id_dsa ((nil))
debug2: key: /home/sv/.ssh/id_ecdsa ((nil))
debug1: Authentications that can continue: publickey,password
debug3: start over, passed a different list publickey,password
debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/sv/.ssh/id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,password
debug1: Trying private key: /home/sv/.ssh/id_dsa
debug3: no such identity: /home/sv/.ssh/id_dsa
debug1: Trying private key: /home/sv/.ssh/id_ecdsa
debug3: no such identity: /home/sv/.ssh/id_ecdsa
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred: ,password
debug3: authmethod_is_enabled password
debug1: Next authentication method: password
[email protected]'s password: 
Thanks, that may be useful to an advanced user that is helping me as he can use it as a benchmark.

Alesbi
Posts: 109
Joined: Wed Aug 22, 2012 3:18 pm

Re: SSH not working

Tue Sep 04, 2012 5:41 pm

jojopi wrote:
Alesbi wrote:Or, as root on another linux box with the Pi's SD card in a card reader:

Code: Select all

mount /dev/sdX2 /mnt   # for some value of X, or it could be mmcblk0p2
mv /mnt/etc/ssh/ssh_host_* /mnt/root/
yes |ssh-keygen -q -N "" -t rsa -f /mnt/etc/ssh/ssh_host_rsa_key
yes |ssh-keygen -q -N "" -t dsa -f /mnt/etc/ssh/ssh_host_dsa_key
yes |ssh-keygen -q -N "" -t ecdsa -f /mnt/etc/ssh/ssh_host_ecdsa_key 2>/dev/null
sync
umount /dev/sdX2
eject /dev/sdX
Now, if you are using the recommended raspbian or debian images, the host keys should have been generated on first boot. So if the above fixes your problem then can you check afterwards for clues as to what might have gone wrong with that:

Code: Select all

cat /var/log/regen_ssh_keys.log
sudo ls --full-time /root
sudo ssh-keygen -lf /root/ssh_host_rsa_key
sudo ssh-keygen -lf /root/ssh_host_dsa_key
sudo ssh-keygen -lf /root/ssh_host_ecdsa_key

I've booted ubuntu linux using a live CD on my OLD laptop, which as a built in SD card reader. I googled how to mount it, and saw something about "fdisk -l". This gave me no response. I then realised that the SD card had been mounted automatically by Ubuntu. I went into etc/ssh and saw the files below:

Image
larger image: http://i.imgur.com/QujJ7.png

Can I regenerate the keys from here? maybe by deleting the key files? I do I need to do i through terminal as per your instructions above? The SD card is apparently read only, so editing the config will be a bit annoying, but not impossible (if necessary).

W. H. Heydt
Posts: 11680
Joined: Fri Mar 09, 2012 7:36 pm
Location: Vallejo, CA (US)

Re: SSH not working

Tue Sep 04, 2012 6:14 pm

Joe Schmoe wrote: There is, of course, a way to set this value in PuTTY as well, somewhere in the GUI screens.
I don't know about that...I don't bother setting an ID in PuTTY. The default behavior is that you get a normal login prompt from the remote system.

User avatar
jojopi
Posts: 3146
Joined: Tue Oct 11, 2011 8:38 pm

Re: SSH not working

Tue Sep 04, 2012 6:29 pm

I doubt that you can regenerate the keys from a GUI. You also definitely need to be root to do so. (Even if ubuntu let you write to the foreign disk, the ssh daemon on the Pi would reject keys that have the wrong ownership.)

The commands I gave assumed the card would be mounted on /mnt. The designer of the GUI has decided not to tell you where the card is actually mounted, just calling it "1.9 GB Filesystem", which is both stupid and unhelpful ;)

If you open a terminal you should be able to become root with something like "sudo su -". Look at "df -m" to work out where the 1762M partition has auto-mounted; probably somewhere under /mnt or /media. cd to the etc/ssh subdirectory of the card, maybe with something like "cd /media/10b4c001-2137-4418-b29e-57b7d15a6cbc/etc/ssh". These commands assume you are in the right directory:

Code: Select all

mv ssh_host_* ../../root
yes |ssh-keygen -q -N "" -t rsa -f ssh_host_rsa_key
yes |ssh-keygen -q -N "" -t dsa -f ssh_host_dsa_key
yes |ssh-keygen -q -N "" -t ecdsa -f ssh_host_ecdsa_key 2>/dev/null
sync
There should be no errors reported. Close the terminal window and eject the filesystem with the GUI button before unplugging the card.

Alesbi
Posts: 109
Joined: Wed Aug 22, 2012 3:18 pm

Re: SSH not working

Tue Sep 04, 2012 7:11 pm

jojopi wrote:I doubt that you can regenerate the keys from a GUI. You also definitely need to be root to do so. (Even if ubuntu let you write to the foreign disk, the ssh daemon on the Pi would reject keys that have the wrong ownership.)

The commands I gave assumed the card would be mounted on /mnt. The designer of the GUI has decided not to tell you where the card is actually mounted, just calling it "1.9 GB Filesystem", which is both stupid and unhelpful ;)

If you open a terminal you should be able to become root with something like "sudo su -". Look at "df -m" to work out where the 1762M partition has auto-mounted; probably somewhere under /mnt or /media. cd to the etc/ssh subdirectory of the card, maybe with something like "cd /media/10b4c001-2137-4418-b29e-57b7d15a6cbc/etc/ssh". These commands assume you are in the right directory:

Code: Select all

mv ssh_host_* ../../root
yes |ssh-keygen -q -N "" -t rsa -f ssh_host_rsa_key
yes |ssh-keygen -q -N "" -t dsa -f ssh_host_dsa_key
yes |ssh-keygen -q -N "" -t ecdsa -f ssh_host_ecdsa_key 2>/dev/null
sync
There should be no errors reported. Close the terminal window and eject the filesystem with the GUI button before unplugging the card.
I got to the correct directory, but the /code part gets a bit tricky. For instance, what goes in those "../../root" in place of the dots? And how do I get that vertical straight line before the word "ssh-keygen"? And do I put anything between the "" ?

User avatar
jojopi
Posts: 3146
Joined: Tue Oct 11, 2011 8:38 pm

Re: SSH not working

Tue Sep 04, 2012 7:44 pm

Alesbi wrote:I got to the correct directory, but the /code part gets a bit tricky. For instance, what goes in those "../../root" in place of the dots? And how do I get that vertical straight line before the word "ssh-keygen"? And do I put anything between the "" ?
The dots are literal. I do not know what the directory is called on your ubuntu, so I had to use a relative path. "../../root" means two parent directories up and then down to "root". The quotes must be empty. They contain the passphrases for the keys, but host keys must have an empty passphrase.

On most keyboards, | is shift-\. But this varies between countries. It is also possible that the live ubuntu does not match your keyboard layout. If possible, I would aim to cut and paste the commands from a browser one line at a time. (Actually the "yes |" can be safely omitted in this case anyway. Just start the three commands from "ssh-keygen" if you can not find "|".)

Alesbi
Posts: 109
Joined: Wed Aug 22, 2012 3:18 pm

Re: SSH not working

Tue Sep 04, 2012 7:58 pm

jojopi wrote:
Alesbi wrote:I got to the correct directory, but the /code part gets a bit tricky. For instance, what goes in those "../../root" in place of the dots? And how do I get that vertical straight line before the word "ssh-keygen"? And do I put anything between the "" ?
The dots are literal. I do not know what the directory is called on your ubuntu, so I had to use a relative path. "../../root" means two parent directories up and then down to "root". The quotes must be empty. They contain the passphrases for the keys, but host keys must have an empty passphrase.

On most keyboards, | is shift-\. But this varies between countries. It is also possible that the live ubuntu does not match your keyboard layout. If possible, I would aim to cut and paste the commands from a browser one line at a time. (Actually the "yes |" can be safely omitted in this case anyway. Just start the three commands from "ssh-keygen" if you can not find "|".)
I'll copy and paste from browser, keeping in the "yes" part too just to be safe.

So just to double check, the ../../root is exactly that - there is nothing supposed to be replaced there?

User avatar
jojopi
Posts: 3146
Joined: Tue Oct 11, 2011 8:38 pm

Re: SSH not working

Tue Sep 04, 2012 8:01 pm

Alesbi wrote:So just to double check, the ../../root is exactly that - there is nothing supposed to be replaced there?
Yes, all the commands are intended to be pasted exactly as is.

drgeoff
Posts: 10345
Joined: Wed Jan 25, 2012 6:39 pm

Re: SSH not working

Tue Sep 04, 2012 10:23 pm

Alesbi is in the UK. On a normal British keyboard '|' is Shift together with the key immediately to the right of the left Shift key.

Return to “Troubleshooting”