[SOLVED] Can't connect via ssh to my Raspi from Arch but I can from...

doblerone · 2014-03-05 21:04:39

This is really weird, From Ubuntu in my laptop there is no problem, but from Arch there is no way.
I read two times the wiki. The port is set in my sshd_config file, but still I have:

ssh: connect to host 192.168.x.x port 5022: Connection refused

My sshd_config:

       $OpenBSD: sshd_config,v 1.93 2014/01/10 05:59:19 djm Exp $

# This is the sshd server system-wide configuration file.  See
# sshd_config(5) for more information.

# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin

# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented.  Uncommented options override the
# default value.

Port 5022
#AddressFamily any
ListenAddress 0.0.0.0
#ListenAddress ::

# The default requires explicit activation of protocol 1
Protocol 2

# HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key
#HostKey /etc/ssh/ssh_host_ecdsa_key
#HostKey /etc/ssh/ssh_host_ed25519_key

# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 1h
#ServerKeyBits 1024

# Ciphers and keying
#RekeyLimit default none

# Logging
# obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH
#LogLevel INFO

# Authentication:

LoginGraceTime 2m
PermitRootLogin no
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10

#RSAAuthentication yes
#PubkeyAuthentication yes

# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
# but this is overridden so installations will only check .ssh/authorized_ke$
AuthorizedKeysFile      .ssh/authorized_keys

#AuthorizedPrincipalsFile none

#AuthorizedKeysCommand none
#AuthorizedKeysCommandUser nobody

# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no
# similar for protocol version 2
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes

# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication yes
#PermitEmptyPasswords no

# Change to no to disable s/key passwords
ChallengeResponseAuthentication no

# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no

# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes

 Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication.  Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
UsePAM yes

AllowAgentForwarding yes
AllowTcpForwarding yes
#GatewayPorts no
X11Forwarding no
X11DisplayOffset 10
X11UseLocalhost yes
#PermitTTY yes
PrintMotd no # pam does that

#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
#UsePrivilegeSeparation sandbox         # Default for new installations.
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS yes
#PidFile /run/sshd.pid
#MaxStartups 10:30:100
#PermitTunnel no
#ChrootDirectory none
#VersionAddendum none

# no default banner path
#Banner none

# override default of no subsystems
Subsystem       sftp    /usr/lib/ssh/sftp-server

# Example of overriding settings on a per-user basis
#Match User anoncvs
#       X11Forwarding no
#       AllowTcpForwarding no
#       PermitTTY no
#       ForceCommand cvs server

AllowUsers david

What can I check?

Last edited by doblerone (2014-03-07 06:47:17)

jasonwryan · 2014-03-05 21:08:46

Use -vvv switches to generate more meaningful reporting...

doblerone · 2014-03-05 21:12:41

ssh -vvv pi@192.168.x.x
OpenSSH_6.5, OpenSSL 1.0.1f 6 Jan 2014
debug1: Reading configuration data /etc/ssh/ssh_config
debug2: ssh_connect: needpriv 0
debug1: Connecting to 192.168.x.x [192.168.x.x] port 5022.
debug1: connect to address 192.168.x.x port 5022: Connection refused
ssh: connect to host 192.168.x.x port 5022: Connection refused

jasonwryan · 2014-03-05 21:35:41

If sshd is runing on the Pi and the port is open, then perhaps it is an issue with your identity/keys from the Arch box (although you would expect more detail in the error message if that were the case).

doblerone · 2014-03-06 06:17:53

And there is no way to regenerate them?
Before I reinstalled Raspbian on the Raspberry, it worked perfectly. Yesterday, when I tried to connect from Ubuntu, it asked me if I was sure to accept the new connection bla, bla, bla, and it suggested me to executed:

ssh-keygen -f "....../known_hosts" -R 192.168.x.x

I did it and it connected without problems.

But when I tried from Arch, it didn't ask me anything. I made the same as I did in Ubuntu anyway, but I couldn't still connect.

jasonwryan · 2014-03-06 06:34:47

Paste the exact ssh-keygen command you ran. If you look at the man page, you will see what you have done.

Have you copied the key to the Arch box and added that machine to the Pi's known_hosts?

doblerone · 2014-03-06 12:48:59

jasonwryan wrote:

Paste the exact ssh-keygen command you ran. If you look at the man page, you will see what you have done.

As it is said in man pages, I have specified the filename of the key file with the -f flag and removed all keys belonging to hostname from a known_hosts file.

jasonwryan wrote:

Have you copied the key to the Arch box and added that machine to the Pi's known_hosts?

No I haven´t done that because I don´t know what I should have to do.

The thing is, why in Arch my system didn´t asked anything like Ubuntu did?

I´m wondering if it shouldn´t be easier start from scratch. If this is the case, how can I do it? Deleting the .ssh folder in my /home directory or I must delete something else?

Last edited by doblerone (2014-03-06 12:53:59)

hcjl · 2014-03-06 12:56:33

in your sshd_config on the pi you have

AllowUsers david

but in your ssh command you use pi as user.

doblerone · 2014-03-06 13:02:31

hcjl wrote:

in your sshd_config on the pi you have
AllowUsers david
but in your ssh command you use pi as user.

You are right. The sshd_config file is in the remote machine (with Arch) and the server machine, a raspberry, is where I use "pi" as a normal user.
I think that I put the wrong sshd_config file, because you are interested in the sshd_config of my server right?

jasonwryan · 2014-03-06 16:06:21

doblerone wrote:

jasonwryan wrote:
Paste the exact ssh-keygen command you ran. If you look at the man page, you will see what you have done.
As it is said in man pages, I have specified the filename of the key file with the -f flag and removed all keys belonging to hostname from a known_hosts file.
jasonwryan wrote:
Have you copied the key to the Arch box and added that machine to the Pi's known_hosts?
No I haven´t done that because I don´t know what I should have to do.
The thing is, why in Arch my system didn´t asked anything like Ubuntu did?

Read the wiki entries on SSH and using keys to authenticate. Arch isn't Ubuntu; it isn't going to hold your hand.

This is also a pretty good intro: https://kimmo.suominen.com/docs/ssh/

doblerone · 2014-03-06 18:14:15

jasonwryan wrote:

Read the wiki entries on SSH and using keys to authenticate. Arch isn't Ubuntu; it isn't going to hold your hand.
This is also a pretty good intro: https://kimmo.suominen.com/docs/ssh/

I did everything what the wiki says about SSH Keys but still:

ssh-copy-id -p 5022 pi@192.168.x.x
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed

/usr/bin/ssh-copy-id: ERROR: ssh: connect to host 192.168.x.x port 5022: Connection refused

cris9288 · 2014-03-06 19:33:08

doblerone wrote:

jasonwryan wrote:
Read the wiki entries on SSH and using keys to authenticate. Arch isn't Ubuntu; it isn't going to hold your hand.
This is also a pretty good intro: https://kimmo.suominen.com/docs/ssh/
I did everything what the wiki says about SSH Keys but still:
ssh-copy-id -p 5022 pi@192.168.x.x
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed

/usr/bin/ssh-copy-id: ERROR: ssh: connect to host 192.168.x.x port 5022: Connection refused

Try doing it manually then. You can already get to your pi from Ubuntu, so generate a key pair on your Arch machine using ssh-keygen, find a way to copy the public key to your Ubuntu machine (email or flash drive or whatever), and copy the key from your Ubuntu machine to your pi (sftp using nautilus, or just good old fashioned copy and pase), making sure to copy your public key to .ssh/authorized_keys ( on the Pi of course).

Last edited by cris9288 (2014-03-06 19:33:48)

hcjl · 2014-03-06 19:40:26

and post the sshd_config of the damn server, if the other one is wrong.

jasonwryan · 2014-03-06 19:41:59

doblerone wrote:

jasonwryan wrote:
Read the wiki entries on SSH and using keys to authenticate. Arch isn't Ubuntu; it isn't going to hold your hand.
This is also a pretty good intro: https://kimmo.suominen.com/docs/ssh/
I did everything what the wiki says about SSH Keys but still:
ssh-copy-id -p 5022 pi@192.168.x.x
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed

/usr/bin/ssh-copy-id: ERROR: ssh: connect to host 192.168.x.x port 5022: Connection refused

Clearly not. Reread post #8

Spider.007 · 2014-03-06 20:34:43

Why are people focussing on the ssh-keys? The 'Connection refused' message is quite clearly not related to authorisation. Does your server run a firewall like iptables?

jasonwryan · 2014-03-06 20:53:38

Spider.007 wrote:

Why are people focussing on the ssh-keys? The 'Connection refused' message is quite clearly not related to authorisation. Does your server run a firewall like iptables?

Becuase the OP reports they can connect from their Ubuntu machine: which--if true--would indicate that it is not a firewall issue.

However, given that the OP doesn't have a conceptual grasp of how SSH works, anything is possible at this point.

doblerone · 2014-03-07 06:46:42

jasonwryan wrote:

Clearly not. Reread post #8

After a couple of rereads more without any success, (at least I have a vague idea of how ssh keys works!) I decided to start from scratch.
I downloaded again the raspbian image for the Raspberry, I unstilladed ssh in my laptop with Ubuntu and in Arch, deleting all ssh config files and started again.

And now it works in both!!!Arch and Ubuntu can connect via ssh!

Thanks a lot guys for your patience with a totally newbie!!!

Arch Linux

#1 2014-03-05 21:04:39

[SOLVED] Can't connect via ssh to my Raspi from Arch but I can from...

#2 2014-03-05 21:08:46

Re: [SOLVED] Can't connect via ssh to my Raspi from Arch but I can from...

#3 2014-03-05 21:12:41

Re: [SOLVED] Can't connect via ssh to my Raspi from Arch but I can from...

#4 2014-03-05 21:35:41

Re: [SOLVED] Can't connect via ssh to my Raspi from Arch but I can from...

#5 2014-03-06 06:17:53

Re: [SOLVED] Can't connect via ssh to my Raspi from Arch but I can from...

#6 2014-03-06 06:34:47

Re: [SOLVED] Can't connect via ssh to my Raspi from Arch but I can from...

#7 2014-03-06 12:48:59

Re: [SOLVED] Can't connect via ssh to my Raspi from Arch but I can from...

#8 2014-03-06 12:56:33

Re: [SOLVED] Can't connect via ssh to my Raspi from Arch but I can from...

#9 2014-03-06 13:02:31

Re: [SOLVED] Can't connect via ssh to my Raspi from Arch but I can from...

#10 2014-03-06 16:06:21

Re: [SOLVED] Can't connect via ssh to my Raspi from Arch but I can from...

#11 2014-03-06 18:14:15

Re: [SOLVED] Can't connect via ssh to my Raspi from Arch but I can from...

#12 2014-03-06 19:33:08

Re: [SOLVED] Can't connect via ssh to my Raspi from Arch but I can from...

#13 2014-03-06 19:40:26

Re: [SOLVED] Can't connect via ssh to my Raspi from Arch but I can from...

#14 2014-03-06 19:41:59

Re: [SOLVED] Can't connect via ssh to my Raspi from Arch but I can from...

#15 2014-03-06 20:34:43

Re: [SOLVED] Can't connect via ssh to my Raspi from Arch but I can from...

#16 2014-03-06 20:53:38

Re: [SOLVED] Can't connect via ssh to my Raspi from Arch but I can from...

#17 2014-03-07 06:46:42

Re: [SOLVED] Can't connect via ssh to my Raspi from Arch but I can from...

Board footer