hdoverobinson
Posts: 2
Joined: Thu Dec 15, 2016 5:02 am

Headless SSH Not Initializing Properly

Thu Dec 15, 2016 5:23 am

Hello,

The latest Raspbian release ships with SSH disabled by default, as described here: https://www.raspberrypi.org/documentati ... ccess/ssh/

This has seemingly led to some confusion regarding how to gain SSH access to a headless raspberry. What I have experienced is that despite following instructions to place an empty file "ssh" in the root of the boot partition, SSHD still isn't accepting connections. After some digging, I think I have found the issue.

The check for the /boot/ssh file is done by the systemd service "sshswitch.service" found at /lib/systemd/system/sshswitch.service:

[Unit]
Description=Turn on SSH if /boot/ssh is present
ConditionPathExists=/boot/ssh
After=regenerate_ssh_host_keys.service

[Service]
Type=oneshot
ExecStart=/bin/sh -c "update-rc.d ssh enable && invoke-rc.d ssh start && rm -f /boot/ssh"

[Install]
WantedBy=multi-user.target

The problem is that it is calling to run "regenerate_ssh_host_keys.service" after executing. The symlink for this service is in place: "/etc/systemd/system/multi-user.target.wants/regenerate_ssh_host_keys.service -> /lib/systemd/system/regenerate_ssh_host_keys.service", but I checked and "regenerate_ssh_host_keys.service" does not exist under /lib/systemd/system, or anywhere in the root partition.

The result of the missing service is that if one is trying to enable SSH through the /boot/ssh method, then authentication with SSHD will fail because it cannot find the missing host keys. The key files exist within /etc/ssh but they are empty. This is what shows up in auth.log:

Dec 15 04:48:24 raspberrypi sshd[799]: error: key_load_public: invalid format
Dec 15 04:48:24 raspberrypi sshd[799]: error: Could not load host key: /etc/ssh/ssh_host_rsa_key
Dec 15 04:48:24 raspberrypi sshd[799]: error: key_load_public: invalid format
Dec 15 04:48:24 raspberrypi sshd[799]: error: Could not load host key: /etc/ssh/ssh_host_dsa_key
Dec 15 04:48:24 raspberrypi sshd[799]: error: key_load_public: invalid format
Dec 15 04:48:24 raspberrypi sshd[799]: error: Could not load host key: /etc/ssh/ssh_host_ecdsa_key
Dec 15 04:48:24 raspberrypi sshd[799]: error: key_load_public: invalid format
Dec 15 04:48:24 raspberrypi sshd[799]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Dec 15 04:48:24 raspberrypi sshd[799]: fatal: No supported key exchange algorithms [preauth]

Hopefully this is the right place to post this. Has anyone else found that the regenerate_ssh_host_keys.service is missing from the November 2016 Raspbian release? I'd like to continue using NOOBS and the latest Raspbian release, but painless SSH setup for headless raspberries is a must!

wh7qq
Posts: 1339
Joined: Thu Oct 09, 2014 2:50 am

Re: Headless SSH Not Initializing Properly

Sat Dec 17, 2016 1:30 am

Go back to the previous release until this gets unscrewed.

Edit: fter my previous tantrum, I went back and looked for my old version of jessie/pixel but I had already deleted it...so back to work. Not quite sure what fixed it but I am now able to login by ssh to this RPi. I did two things. First, I used the old linux/unix standby command "passwd" to enter a new password

Code: Select all

passwd pi
and rebooted. I then logged in with with the new password. With that giving a happy result, I logged in using ssh on another RPi and then back to this one with the new password and all went well. I reiterate that the configuration utilities, either cli or GUI were useless for fixing this problem.

User avatar
HawaiianPi
Posts: 4738
Joined: Mon Apr 08, 2013 4:53 am
Location: Aloha, Oregon USA

Re: Headless SSH Not Initializing Properly

Sat Dec 17, 2016 9:59 am

It worked for me when I tried it.

I imaged an SD card with 2016-11-25 Raspbian Jessie Lite, copied my wpa_supplicant.conf to /boot along with creating the "ssh" file. Plugged the newly imaged card into my PiZero, plugged in my OTG WiFi dongle and powered it up. After giving it a moment to boot I was able to SSH in, change the default password and reboot, then login again with the new password. Next I created my own user, logged out from pi and back in as my user, disabled the pi user and ran updates.

It all went without a hitch.
My mind is like a browser. 27 tabs are open, 9 aren't responding,
lots of pop-ups...and where is that annoying music coming from?

Martin Frezman
Posts: 1020
Joined: Mon Oct 31, 2016 10:05 am

Re: Headless SSH Not Initializing Properly

Sat Dec 17, 2016 10:16 am

It all went without a hitch.
I'm always amused when people post messages such as this.

Of COURSE it works at least some of the time (i.e., for some people on some setups) or else it never would have gotten released. Of COURSE, they do test these things (at least a little, heh heh) before they release them.

The trick is figuring out what it is about OP's setup that causes it not to work for them. That's where your attention should be focused.
If this post appears in the wrong forums category, my apologies.

User avatar
HawaiianPi
Posts: 4738
Joined: Mon Apr 08, 2013 4:53 am
Location: Aloha, Oregon USA

Re: Headless SSH Not Initializing Properly

Sat Dec 17, 2016 10:26 am

Martin Frezman wrote:I'm always amused when people post messages such as this.

Of COURSE it works at least some of the time (i.e., for some people on some setups) or else it never would have gotten released. Of COURSE, they do test these things (at least a little, heh heh) before they release them.

The trick is figuring out what it is about OP's setup that causes it not to work for them. That's where your attention should be focused.
Which is why I described the process I used in testing it. Since the OP did not give much details about the procedure he used when the error occurred, there's not much advice I can offer. But apparently I'm stupid. So since you are so smart, why don't you tell the OP what went wrong with his system?
My mind is like a browser. 27 tabs are open, 9 aren't responding,
lots of pop-ups...and where is that annoying music coming from?

Martin Frezman
Posts: 1020
Joined: Mon Oct 31, 2016 10:05 am

Re: Headless SSH Not Initializing Properly

Sat Dec 17, 2016 10:45 am

heh heh - I never said I was smart, just that I was amused.

But I do believe that no help-seeker was ever helped by other people saying either:

1) "Works for me"
or
2) "You did something wrong"

But then again, that's just me...
If this post appears in the wrong forums category, my apologies.

User avatar
HawaiianPi
Posts: 4738
Joined: Mon Apr 08, 2013 4:53 am
Location: Aloha, Oregon USA

Re: Headless SSH Not Initializing Properly

Sat Dec 17, 2016 11:02 am

Martin Frezman wrote:heh heh - I never said I was smart, just that I was amused.

But I do believe that no help-seeker was ever helped by other people saying either:

1) "Works for me"
or
2) "You did something wrong"

But then again, that's just me...
And without more detail from the OP about how to reproduce the error, exactly what do you expect me to do?

Two people above posted that something is broken. I was pointing out it is not, in fact, broken, and I described the procedure I used to test it. If either of the two previous posters would like to provide more details about their systems and procedures I'll be happy to help. Until then I'm guessing.

So, if I have to make a guess, I'd say they probably created the "ssh" file on a Windows system with the hide known file extensions setting on, and didn't realize they actually created a file named ssh.txt (which won't work). I didn't put that guess in my first post because that's one of the first settings in Windows I disable when I install it, so I tend to forget it's a problem.
My mind is like a browser. 27 tabs are open, 9 aren't responding,
lots of pop-ups...and where is that annoying music coming from?

spl23
Raspberry Pi Engineer & Forum Moderator
Raspberry Pi Engineer & Forum Moderator
Posts: 378
Joined: Fri Dec 26, 2014 11:02 am

Re: Headless SSH Not Initializing Properly

Sat Dec 17, 2016 2:34 pm

HawaiianPi wrote:So, if I have to make a guess, I'd say they probably created the "ssh" file on a Windows system with the hide known file extensions setting on, and didn't realize they actually created a file named ssh.txt (which won't work). I didn't put that guess in my first post because that's one of the first settings in Windows I disable when I install it, so I tend to forget it's a problem.
To deal with this very problem, the latest update will now look for either "ssh" or "ssh.txt". sudo apt-get update / sudo apt-get dist-upgrade will apply this update on the current image - we'll bundle it into the next official Raspbian release.

Martin Frezman
Posts: 1020
Joined: Mon Oct 31, 2016 10:05 am

Re: Headless SSH Not Initializing Properly

Sat Dec 17, 2016 2:43 pm

spl23 wrote:To deal with this very problem, the latest update will now look for either "ssh" or "ssh.txt". sudo apt-get update / sudo apt-get dist-upgrade will apply this update on the current image - we'll bundle it into the next official Raspbian release.
Ha! I must be psychic.

viewtopic.php?f=28&t=168493&p=1083042#p1083042
If this post appears in the wrong forums category, my apologies.

wh7qq
Posts: 1339
Joined: Thu Oct 09, 2014 2:50 am

Re: Headless SSH Not Initializing Properly

Sat Dec 17, 2016 7:25 pm

HawaiianPi wrote:It worked for me when I tried it.

I imaged an SD card with 2016-11-25 Raspbian Jessie Lite, copied my wpa_supplicant.conf to /boot along with creating the "ssh" file. Plugged the newly imaged card into my PiZero, plugged in my OTG WiFi dongle and powered it up. After giving it a moment to boot I was able to SSH in, change the default password and reboot, then login again with the new password. Next I created my own user, logged out from pi and back in as my user, disabled the pi user and ran updates.

It all went without a hitch.
That seems a far cry from the instructions I read from RaspberryPi.org. Not something the average Pi owner would know to do. Glad you are so erudite. :roll:

@spi23: The trick for me seemed to be running the "passwd" command from the cli. The boot process was removing the /boot/ssh file and adding that file and/or using raspi-config or the Configuration GUI to change the password was not useful advice.

User avatar
HawaiianPi
Posts: 4738
Joined: Mon Apr 08, 2013 4:53 am
Location: Aloha, Oregon USA

Re: Headless SSH Not Initializing Properly

Sun Dec 18, 2016 8:16 am

wh7qq wrote:That seems a far cry from the instructions I read from RaspberryPi.org. Not something the average Pi owner would know to do. Glad you are so erudite. :roll:
Which instructions did you follow on raspberrypi.org?
If there are some instructions there that need to be updated, then providing a link might help to make that happen.

I am an average Pi owner, and I learned how to use my Raspberry Pi computers from the documentation and blog posts on raspberrypi.org, with some additional help from this forum. I don't work for the foundation or have any secret insider knowledge.

The info on placing wpa_supplicant.conf into /boot came from here:
https://www.raspberrypi.org/blog/another-update-raspbian/ wrote:If a wpa_supplicant.conf file is placed into the /boot/ directory, this will be moved to the /etc/wpa_supplicant/ directory the next time the system is booted, overwriting the network settings; this allows a Wifi configuration to be preloaded onto a card from a Windows or other machine that can only see the boot partition.
The info on placing an ssh file into /boot came from here:
https://www.raspberrypi.org/blog/a-security-update-for-raspbian-pixel/ wrote:What has changed?

First, from now on SSH will be disabled by default on our images. SSH (Secure SHell) is a networking protocol which allows you to remotely log into a Linux computer and control it from a remote command line. As mentioned above, many Pi owners use it to install a Pi headless (without screen or keyboard) and control it from another PC.

In the past, SSH was enabled by default, so people using their Pi headless could easily update their SD card to a new image. Switching SSH on or off has always required the use of raspi-config or the Raspberry Pi Configuration application, but to access those, you need a screen and keyboard connected to the Pi itself, which is not the case in headless applications. So we’ve provided a simple mechanism for enabling SSH before an image is booted.

The boot partition on a Pi should be accessible from any machine with an SD card reader, on Windows, Mac, or Linux. If you want to enable SSH, all you need to do is to put a file called ssh in the /boot/ directory. The contents of the file don’t matter: it can contain any text you like, or even nothing at all. When the Pi boots, it looks for this file; if it finds it, it enables SSH and then deletes the file. SSH can still be turned on or off from the Raspberry Pi Configuration application or raspi-config; this is simply an additional way to turn it on if you can’t easily run either of those applications.
I'm not sure why the above did not work for you.
My mind is like a browser. 27 tabs are open, 9 aren't responding,
lots of pop-ups...and where is that annoying music coming from?

Starlight5
Posts: 24
Joined: Wed Apr 22, 2015 12:54 pm

Re: Headless SSH Not Initializing Properly

Sun Dec 18, 2016 9:56 am

@hdoverobinson try dietpi instead of NOOBS, it just works.

MartinLaclaustra
Posts: 14
Joined: Sun Dec 18, 2016 8:45 pm

Re: Headless SSH Not Initializing Properly

Sun Dec 18, 2016 9:58 pm

Here, there is a possible explanation to why this code works for some people and not for others:
https://www.marcomc.com/2012/09/how-to- ... spberrypi/

The service mentioned by the OP is deleted on first boot (or first activation of SSH).
If, for some reason, the Raspberry Pi was not shutdown correctly (just shutting off power) on that first boot, ssh won't work, and the keys will not be regenerated (because the script was deleted).

This subtle mis-step at the very start of using the sdcard may create all the heterogeneity that apparently occurs. I hope that future implementations of the "ssh" file trigger takes care of this issue.

Good luck.
M.

wh7qq
Posts: 1339
Joined: Thu Oct 09, 2014 2:50 am

Re: Headless SSH Not Initializing Properly

Mon Dec 19, 2016 2:29 am

I'm not sure why the above did not work for you.
Please excuse my abysmal ignorance but I remain mystified as to why it did not work for me; but it does occur that the initial instructions were a bit glib or the (supposedly) simple procedure has pitfalls that aren't well understood.

MartinLaclaustra
Posts: 14
Joined: Sun Dec 18, 2016 8:45 pm

Re: Headless SSH Not Initializing Properly

Mon Dec 19, 2016 7:06 am

why it did not work for me;
It didn't for me either. I did not exhaustive testing, but I suspect...
the (supposedly) simple procedure has pitfalls that aren't well understood.
... that you are right!
My first attempt failed: "ssh" file written in "boot" partition before first start... First boot... Powered down unproperly (switched power off). Results:
- ssh connection attempts resulted in connection closed by host.
- "sudo systemctl status ssh -l" showed that there were no keys for ssh.
- the broken link described on the first post was present.
Note that this does not fail because the ssh daemon is disabled (that would be the reason if no "ssh" file would be on boot").
My second attempt succeeded: wrote sdcard again. Did not write "ssh" file. First boot. Powered down properly with a keyboard (repeated a couple of times). Wrote "ssh" file. Rebooted... worked!

Unfortunately I do not have the time to experiment more, but I think that testing on variations on this theme, recording what gets deleted and when (and the status of the daemon at each phase), might help clarifying the issue.
The cause of the problem could be either writing "ssh" file before first boot or not powering off properly.
I hope that someone can do the proper testing, because I believe that this question is creating a lot of confusion and it would be worth fixing.

Best,
M.

User avatar
HawaiianPi
Posts: 4738
Joined: Mon Apr 08, 2013 4:53 am
Location: Aloha, Oregon USA

Re: Headless SSH Not Initializing Properly

Tue Dec 20, 2016 5:20 am

MartinLaclaustra wrote:It didn't for me either. I did not exhaustive testing, but I suspect...
...
My first attempt failed: "ssh" file written in "boot" partition before first start... First boot... Powered down unproperly (switched power off)...
DING, DING, DING! We have a winner!

Any time you improperly power down the system you risk corrupting the SD card. Or in this case, you interrupted a service before it completed (see post by MartinLaclaustra above). This is not a problem with Raspbian, it's a problem with improper use. I suppose it might be possible to add some additional safeguards into the SSH initialization process, but the solution is really to just NOT DO THAT! Developers can't be expected to anticipate all the wacky things users might do. Not only is it a huge waste of time, it's also impossible.

If you improperly power off a system and have problems after that, just re-image the card and start over. Or, if you have been good about keeping backups, restore from your last backup. This is not unique to Raspbian. It's pretty much been the case for decades with Windows, Mac OS (or whatever they're calling it now) and Linux.
MartinLaclaustra wrote:I hope that someone can do the proper testing, because I believe that this question is creating a lot of confusion and it would be worth fixing.
Mostly for people who are doing something wrong, and it's pretty hard to fix that.
My mind is like a browser. 27 tabs are open, 9 aren't responding,
lots of pop-ups...and where is that annoying music coming from?

MartinLaclaustra
Posts: 14
Joined: Sun Dec 18, 2016 8:45 pm

Re: Headless SSH Not Initializing Properly

Tue Dec 20, 2016 7:05 am

Just a couple of subtle commentaries...

- Previous versions were more ROBUST respect to user "dumbness" in this respect. This is an entry level computer for those who start to learn, so you can not expect perfect handling the first time you plug it in. That robustness was lost with the security update (just a few lines of code), so it should be worth considering if the change can be improved to be more fool-proof. (I am not new and still the problem happened... more on why the improper power down later).

- In fact, this is affecting several people... check the comments on: https://www.raspberrypi.org/blog/a-secu ... ian-pixel/ ... and the problem is unidentified and most of the proposed solutions off. (Nobody proposes to start over writing the card again or to issue a command to generate the ssh keys)

- When you are installing a computer headless, it is not crazy that you may have to force-power it down. Particularly the first time you plug it in... if anything goes wrong with networking you have no keyboard, no mouse, no screen... no network access! If that causes to be permanently locked out... well... you are provided with hours of problem solving.

- Finally, the problem manifests itself in a way that it is very difficult to identify. There is not obvious signs of card corruption (in fact, there is no card corruption)... everything else works flawlessly. There is no mention to an error in creating ssh keys (unless you dig in with arcane commands "for the initiated"). Simply, there is no ssh service running. Precisely something that intermix with the fact that the update was closing that access. Not a good start to look for solutions when first suspicion misdirects you totally. Not easy to think that it was caused by that initial "power off".

Please, HawaiianPi, do not minimize hdoverobinson effort. This is the ONLY thread shedding some light on the problem so far, and it might help desperate users locked out, and may attract some attention from developers (Simon Long).

By the way, thanks to the community and developers for they efforts.
M.

PS: still needed to confirm if improper power down on first boot consistently causes this problem. We will never know if you blame that directly without further testing.

User avatar
HawaiianPi
Posts: 4738
Joined: Mon Apr 08, 2013 4:53 am
Location: Aloha, Oregon USA

Re: Headless SSH Not Initializing Properly

Tue Dec 20, 2016 9:23 am

MartinLaclaustra wrote:Just a couple of subtle commentaries...

- Previous versions were more ROBUST respect to user "dumbness" in this respect.
And they were also highly insecure.
MartinLaclaustra wrote:This is an entry level computer for those who start to learn, so you can not expect perfect handling the first time you plug it in.
Yes, and part of the process is learning how to use the computer properly. Ask most Linux users on this forum and I think you will find that Raspbian already makes too many concessions for the sake of being easier. This is a far less secure operating system than any mainstream Linux distro because of those concessions. They have finally taken a step to fix that, and it's a step in the right direction.

I offer you a counterpoint to your argument that it is an entry level computer.

Do you really think it's wise to give inexperienced users an insecure computer and have them connect it to their home or office networks?

That is just begging to be hacked in my opinion. And those inexperienced users will not have the knowledge or skills needed to even detect the hack, much less combat it once it has been discovered. This has been my biggest gripe about Raspbian from day one, so forgive me if I'm a bit... overly passionate about this subject.
MartinLaclaustra wrote:Please, HawaiianPi, do not minimize hdoverobinson effort. This is the ONLY thread shedding some light on the problem so far, and it might help desperate users locked out, and may attract some attention from developers (Simon Long).
I have no control over what the devs choose to fix or not. I'm just saying you can't expect them to fix every problem caused by improper use.

And I mean no disrespect to the devs either. The Raspberry Pi computer was designed for education. I believe it, and Raspbian, was intended to be used in a classroom environment on a secure internal network, so Raspbian itself didn't need to be super secure. No one anticipated how insanely popular this little computer would become, or that there would be millions of them connected to the Internet one day.

I think the solution the devs came up with to close the SSH insecurity was rather elegant, and it does work. Is it perfect? Of course not. Name me one piece of software that is. Bottom line is, Raspbian needs to be more secure, and that will likely make it a bit harder to use, but in the process users will learn some things about computer security, and fewer users will get hacked.
My mind is like a browser. 27 tabs are open, 9 aren't responding,
lots of pop-ups...and where is that annoying music coming from?

spl23
Raspberry Pi Engineer & Forum Moderator
Raspberry Pi Engineer & Forum Moderator
Posts: 378
Joined: Fri Dec 26, 2014 11:02 am

Re: Headless SSH Not Initializing Properly

Tue Dec 20, 2016 10:33 am

I've been following the comments on here and on the blog, and have seen that some people are having problems with SSH connections.

First off, I do suspect that in some cases people are adding a file called ssh with an extension which is hidden on their host system. You can easily check if the ssh file is being recognised as valid, because it will be deleted if it is. If you boot your Pi with an ssh file, and then look at the boot partition and find the ssh file is still there, then something about that file name was not correct. We have issued an update whereby either "ssh" or "ssh.txt" can be used, but this is not included in the image currently available for download - you'll need to do an apt-get update / apt-get dist-upgrade to get this.

Second, I suspect (and at least one person on the blog comments has confirmed this) that the problem in many cases is due to trying to connect before the initial generation of SSH keys has completed. Particularly, if the Pi is powered down on first boot before key generation is completed, this will probably put that image in a state whereby SSH will never again be possible, because we only run key generation once on first boot.

To those having problems, I suggest the following:

1) Flash a clean image to your SD card
2) Create the ssh file in the boot partition - make sure this does not have an extension. On both PC and Mac platforms, it will probably help if you (at least temporarily) configure your host computer to show file extensions.
3) Boot the Pi with that card; wait a couple of minutes before attempting to connect. SSH key generation should only take a few seconds on a Pi 3, but will be slower on older Pis. Give the process time to complete.
4) Try to connect to the Pi via SSH.
5) If you can't connect, remove the SD card, put it in another computer and check to see if the ssh file has been deleted - if not, it was not identified as having the correct file name, and SSH will not have been enabled.

There may be some subtle failure mode that we haven't seen in our testing, but I suspect that the two main issues are a hidden extension on the ssh file and not waiting long enough on first boot for keys to be generated.

fsr
Posts: 88
Joined: Wed Jan 13, 2016 2:29 am

Re: Headless SSH Not Initializing Properly

Tue Dec 20, 2016 1:45 pm

HawaiianPi wrote: They have finally taken a step to fix that, and it's a step in the right direction.
Sorry, don't agree with you here.
Agree raspbian has a major security problem but disabling ssh does not improve security at all. It is just sweeping the problem under the carpet. The underlying issues are still there waiting to be exploited when ssh gets enabled.

Specifically these items:
1) sudo for the default 'pi' user is passwordless. (bzzz fail)
2) you are not forced to change the 'pi' password, create a user or anything.
3) the (ab)use of root in day to day activities - 'sudo' is stuck in front of everything.

These are not hard problems to solve, the Foundation has some very smart and capable people working for it. look at all the kernel code that got developed for the 3B. in its current state its only a matter of time before we hear of a rpi bonnet being used for something like this: https://www.engadget.com/2015/10/25/cctv-camera-botnet/

User avatar
kusti8
Posts: 3439
Joined: Sat Dec 21, 2013 5:29 pm
Location: USA

Re: Headless SSH Not Initializing Properly

Tue Dec 20, 2016 1:49 pm

fsr wrote:
HawaiianPi wrote: They have finally taken a step to fix that, and it's a step in the right direction.
Sorry, don't agree with you here.
Agree raspbian has a major security problem but disabling ssh does not improve security at all. It is just sweeping the problem under the carpet. The underlying issues are still there waiting to be exploited when ssh gets enabled.

Specifically these items:
1) sudo for the default 'pi' user is passwordless. (bzzz fail)
2) you are not forced to change the 'pi' password, create a user or anything.
3) the (ab)use of root in day to day activities - 'sudo' is stuck in front of everything.

These are not hard problems to solve, the Foundation has some very smart and capable people working for it. look at all the kernel code that got developed for the 3B. in its current state its only a matter of time before we hear of a rpi bonnet being used for something like this: https://www.engadget.com/2015/10/25/cctv-camera-botnet/
The amount of people who open up their Pi to the outside world is very small and all of them should change the password and enable password sudo. Adding sudo in front of everything is not the Foundation's fault, but user's own.
There are 10 types of people: those who understand binary and those who don't.

fsr
Posts: 88
Joined: Wed Jan 13, 2016 2:29 am

Re: Headless SSH Not Initializing Properly

Tue Dec 20, 2016 3:10 pm

kusti8 wrote:The amount of people who open up their Pi to the outside world is very small
Can you put a figure on that or are you just going with a gut feeling there?
My gut feeling is there are heaps, and half of them are unintentionally exposed. ;)
there were 5,000,000 PIs in 2015, now there are 10,000,000. https://www.engadget.com/2016/09/08/ras ... lion-sold/
problem is growing fast

pretty naive comment though - so I take it you were not around in the 90s when everyones machines were getting owned left right and centre because windows didn't have passwords or separate standard user accounts from admin accounts. Those who don't learn from history are destined to repeat it!
kusti8 wrote:Adding sudo in front of everything is not the Foundation's fault, but user's own.
The foundation is in the unique position of being able to fix it, being the manufacturer of the hardware and the distributer of the OS. So it certainly is their problem to fix, not the users. How is a user supposed to fix libraries 'that must run as root'?

e.g. https://www.raspberrypi.org/documentati ... on/more.md
"To control the GPIO pins you'll need root access"
Thats not the users fault, thats just what happens when you release hardware without drivers. So people poked the hardware direct and now the use of root to access peripherals is systemic even though there is no need for it to be like that anymore (there are linux drivers for just about everything now).
I can understand how things like this happened in the early days but it been years now and not dealing with it is giving it credence it shouldn't have.

User avatar
DougieLawson
Posts: 36312
Joined: Sun Jun 16, 2013 11:19 pm
Location: Basingstoke, UK
Contact: Website Twitter

Re: Headless SSH Not Initializing Properly

Tue Dec 20, 2016 3:22 pm

fsr wrote: e.g. https://www.raspberrypi.org/documentati ... on/more.md
"To control the GPIO pins you'll need root access"
Thats not the users fault, thats just what happens when you release hardware without drivers. So people poked the hardware direct and now the use of root to access peripherals is systemic even though there is no need for it to be like that anymore (there are linux drivers for just about everything now).
I can understand how things like this happened in the early days but it been years now and not dealing with it is giving it credence it shouldn't have.
That IS fixed. If you run python3 RPi.GPIO or python3 GPIOzero or C/C++ WiringPi (with the right enviroment variable) then none of those things need sudo.
Note: Having anything humorous in your signature is completely banned on this forum. Wear a tin-foil hat and you'll get a ban.

Any DMs sent on Twitter will be answered next month.

This is a doctor free zone.

MartinLaclaustra
Posts: 14
Joined: Sun Dec 18, 2016 8:45 pm

Re: Headless SSH Not Initializing Properly

Tue Dec 20, 2016 9:44 pm

@spl23, Thank you very much! Your post is exactly the one I thought it was needed!
I believe it will be very helpful.

Maybe one more recommendation after your point 5, in case someone has still not solved the problem.
6) try to connect locally a screen, keyboard, and mouse, open a terminal and inspect the output of 'sudo systemctl status ssh -l', observe whether the ssh service is running (see normal output below). If any kind of error appears, try to solve it or report back to the thread.

Code: Select all

$ sudo systemctl status ssh -l
● ssh.service - OpenBSD Secure Shell server
   Loaded: loaded (/lib/systemd/system/ssh.service; enabled)
   Active: active (running) since Tue 2016-12-20 00:26:53 UTC; 21h ago
 Main PID: 511 (sshd)
   CGroup: /system.slice/ssh.service
           └─511 /usr/sbin/sshd -D

Dec 20 00:26:53 raspberrypi systemd[1]: Started OpenBSD Secure Shell server.
Dec 20 00:26:53 raspberrypi sshd[511]: Server listening on 0.0.0.0 port 22.
Dec 20 00:26:53 raspberrypi sshd[511]: Server listening on :: port 22.
@spl23, perhaps your should open a new thread with the content of your post, to move away from the debate on the pi security that has hijacked this thread and will make it more difficult to find your solution. That was not the point of the OP.

fsr
Posts: 88
Joined: Wed Jan 13, 2016 2:29 am

Re: Headless SSH Not Initializing Properly

Wed Dec 21, 2016 1:09 am

DougieLawson wrote:That IS fixed. If you run python3 RPi.GPIO or python3 GPIOzero or C/C++ WiringPi (with the right enviroment variable) then none of those things need sudo.
Partially fixed
https://pypi.python.org/pypi/RPi.GPIO
"Note that the current release does not support SPI, I2C, hardware PWM or serial functionality on the RPi yet"
in other words they just swapped /dev/mem for /dev/gpiomem.
and If you want to access the other peripherals what do you do? (rhetorical question, I use /dev/spidev0, /dev/i2c, /sys/class/pwm/pwmchip0/pwm0, and /dev/ttyAMA0 from userland)

oh I found a rough figure for PI's accessible on the internet
kusti8 wrote:The amount of people who open up their Pi to the outside world is very small and
https://censys.io/ipv4?q=raspbian

100,000 :shock:

anyway going off topic.

Return to “Troubleshooting”