Page 1 of 1
cant remote login to pi anymore
Posted: Wed Oct 12, 2016 4:09 pm
by Neddie
Hi to all.
I have a funny problem I don't know how to fix.
My pi (2B , running jessie) won't let me remote login anymore.
I've set it up so I can "remote desktop" onto it and I can also ssh via Putty.
It's been working fine for a couple of months , then yesterday I couldn't login anymore.
I just get access denied. I've kept the default settings , L:pi P raspberry.
It boots to the desktop by default no problem.
How can I go about fixing this?
Funny thing is this happened before , but I just reinstalled last time. Don't want to do that again
if I can help it.
Cheers.
Neddie
Re: cant remote login to pi anymore
Posted: Wed Oct 12, 2016 9:27 pm
by lmarmisa
If the system boots to the desktop, open a terminal and type this command:
Check if an IP address is assigned to the interface eth0 or wlan0 (something like 192.168.x.y)
Code: Select all
pi@rpi:~ $ ifconfig
eth0 Link encap:Ethernet HWaddr b8:27:eb:44:88:84
inet addr:192.168.1.58 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::1f11:f7ea:e8d9:2eaf/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:31624 errors:0 dropped:422 overruns:0 frame:0
TX packets:24634 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:43503172 (41.4 MiB) TX bytes:1946833 (1.8 MiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:64 errors:0 dropped:0 overruns:0 frame:0
TX packets:64 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1
RX bytes:15068 (14.7 KiB) TX bytes:15068 (14.7 KiB)
pi@rpi:~ $
The router could change the IP address assigned to your RPi occasionally. Check if the current IP assigned to your RPi is the same of the putty session.
Open a terminal on your PC and type a ping command to your RPi:
If you get a correct response, the remote login to your RPi should work properly.
Re: cant remote login to pi anymore
Posted: Thu Oct 13, 2016 1:52 am
by tweak42
Neddie wrote:Hi to all.
I have a funny problem I don't know how to fix.
My pi (2B , running jessie) won't let me remote login anymore.
I've set it up so I can "remote desktop" onto it and I can also ssh via Putty.
It's been working fine for a couple of months , then yesterday I couldn't login anymore.
I just get access denied. I've kept the default settings , L:pi P raspberry.
It boots to the desktop by default no problem.
How can I go about fixing this?
Funny thing is this happened before , but I just reinstalled last time. Don't want to do that again
if I can help it.
Cheers.
Neddie
Since you kept the default login/password it's possible a person or bot has gained access to the system and changed them. Do you have any access at all or are stuck and login screen in all cases?
There is a recovery procedure to blank the password if you can read/write the micro sd card on another system. Still, I wouldn't trust it being clean, so safer to pull the data you need then wipe and reinstall.
Re: cant remote login to pi anymore
Posted: Thu Oct 13, 2016 5:38 am
by Neddie
The access to the Pi is fine. I get the remote login screen (via remote desctop or PUTTY) , it just does not accept my password anymore. The pi boots to the desktop no problem , I just can't remote login.
Re: cant remote login to pi anymore
Posted: Thu Oct 13, 2016 6:56 am
by Neddie
Just to add to this topic.
I'm now trying to reset my pi password..
Ive modified my "cmdline.txt" file to have the "init=/bin/sh" (without quotes) at the end. It now looks like this:
dwc_otg.lpm_enable=0 console=serial0,115200 console=tty1 root=/dev/mmcblk0p2 rootfstype=ext4 elevator=deadline fsck.repair=yes rootwait init=/bin/sh
The problem is the pi still just boots straight to the desktop. What have I missed here?
Cheers
Neddie
Re: cant remote login to pi anymore
Posted: Thu Oct 13, 2016 7:24 am
by Neddie
Just found this in my rc.local
"/var/tmp/kaiten"
A quick search on that shows I should probably re-install :0(
Re: cant remote login to pi anymore
Posted: Thu Oct 13, 2016 8:41 am
by lmarmisa
Your system has been infected.
https://gist.github.com/darkhelmet/5636998
I recommend a new install. And do not forget to change the default password asap.
Take a look to your router too and even to other computers on your LAN. Did you forward the port 22 to your RPi?. The attack could be done directly from the Internet or from other computer infected of your LAN.
Re: cant remote login to pi anymore
Posted: Thu Oct 13, 2016 10:34 am
by Neddie
I did have port 22 forwarded to the pi , so I could access it remotely. As it turns out , so did someone else :0)
If I use a strong password , is that generally enough protection (at least against a brute force attack) ,
or is there something else I should be doing?
Cheers
Neddie
Re: cant remote login to pi anymore
Posted: Thu Oct 13, 2016 12:57 pm
by lmarmisa
A strong password is enough protection IMHO.
You can try to use a key-based ssh login authentication too. This is very useful and secure:
https://help.ubuntu.com/community/SSH/OpenSSH/Keys
If you like this method based on RSA security keys, you can disable the password authentication:
https://help.ubuntu.com/community/SSH/O ... onfiguring
A last recommendation: configure the ssh port forwarding rule with different external and internal ports if your router provides this option. Hackers love port 22.
Code: Select all
External port: 13579 (this is only an example)
Internal port: 22
Internal address: 192.168.1.76 (IP address of your RPi)
Re: cant remote login to pi anymore
Posted: Thu Oct 13, 2016 1:14 pm
by Neddie
Thanks for the help.