Sebas07 Posted Sunday at 01:01 PM Posted Sunday at 01:01 PM Hello! I wanted to install the Armbian 26.2.1 Minimal / IOT to an Ordoid HC2 (using the XU4 distro). Download ok - sha hash is ok - balena etcher ok - startup - ok. Problem: When I log in the first time with "root", the "1234" as first password is not accepted. Also, PUTTY warns that ths ssh of the armbian uses only "Diffie-hellmann-group1-sha1" which (for PUTTY) is a bit unsecure. Any idea about the password issue? 0 Quote
Werner Posted Sunday at 04:38 PM Posted Sunday at 04:38 PM Armbian default login and password is always root and 1234. If this does not work, the image is not genuine. 0 Quote
Sebas07 Posted Sunday at 07:51 PM Author Posted Sunday at 07:51 PM (edited) that is why i am confused, I used the one image from here (armbian.com) https://www.armbian.com/odroid-xu4/ edit: what happens if the SBC starts the first time and you cut the power before hooking up with ssh - does it fall back to other credentials? P.P.S: did a new install and 1234 just got me a "access denied" on the first attempt directly after boot Edited Sunday at 09:39 PM by Sebas07 0 Quote
Igor Posted Sunday at 10:31 PM Posted Sunday at 10:31 PM 2 hours ago, Sebas07 said: did a new install and 1234 just got me a "access denied" on the first attempt directly after boot Trouble with SSH client or failed SD card could explain this. We didn't change anything in this regard. SSH settings are Debian / Ubuntu defaults. We are not altering this. I tested latest image on XU4 and - it worked. 0 Quote
eselarm Posted yesterday at 09:20 AM Posted yesterday at 09:20 AM 20 hours ago, Sebas07 said: Problem: When I log in the first time with "root", the "1234" as first password is not accepted. Also, PUTTY warns that ths ssh of the armbian uses only "Diffie-hellmann-group1-sha1" which (for PUTTY) is a bit unsecure. If I understand you correctly: root via ssh is not allowed by default I usually setup (new) SBC's in a different way, but last time testing 2 of my boards with 26.2 minimal/IoT fresh image was via serial console, have not used ssh and certainly not putty. If no (serial) console, you might also have sme networking firewall issues somewhere in Windows or so, although would be vary rare. Have you setup a normal user first via (serial) console first? 0 Quote
bedna Posted yesterday at 11:13 AM Posted yesterday at 11:13 AM (edited) 2 hours ago, eselarm said: If I understand you correctly: root via ssh is not allowed by default Unless they have changed something very recently, you can login as root via ssh on first-run. I double checked /etc/ssh/sshd_config on an armbian install image I had downloaded, and: # Authentication: #LoginGraceTime 2m PermitRootLogin yes #StrictModes yes #MaxAuthTries 6 #MaxSessions 10 PubkeyAuthentication yes <snip> # To disable tunneled clear text passwords, change to no here! #PasswordAuthentication yes #PermitEmptyPasswords no And inside /etc/shadow (default 1234 passwd): root:$y$j9T$SAPCtO/l2ZIj6A2frqTza/$.Z8dP41gzqRHoIS8PvXFn9fghf9rgkGqAWgXVRW4dg6:20234:0:99999:7::: So that should not be an issue here. (and there are keys inside /etc/ssh that I assume can be used at first login, I have never tried) Sounds more like a faulty sd-card that gets mounted read-only, that can cause stuff like this happening. (as mentioned earlier by Igor) Try with a different sd-card (and use armbian-imager instead of balena) and see if the same happens on another card. Edited yesterday at 11:30 AM by bedna 0 Quote
Sebas07 Posted yesterday at 08:22 PM Author Posted yesterday at 08:22 PM (edited) Thanks for the comments. Still no joy. I tried another SD card with etcher and then switched over to armbian imager. Same result: with putty you can connect through ssh, set "root" as username and then the "1234" is not accepted anymore. That also with another ssh client (not putty) and the Win11 built in one. Both ssh clients mention the low security of the sha1 systemin armbian and accept the override. P.S. - Same with one of the last bookworm images P.P.S - same using putty on a WIN10 system "login as: root further authentification required root@IP-address password: 1234 access denied" once more: tried ssh through a raspi in the network. the raspi cannot connect to the armbian: the raspi does not like to use diffie-hellman-group1-sha1 the raspi does not like to use ssh-dss does that tell anything? Edited 23 hours ago by Sebas07 0 Quote
Igor Posted 13 hours ago Posted 13 hours ago Double checked with fresh image Armbian imager -> Odroid -> XU4 -> Armbian Trixie minimal. Works as expected. https://paste.armbian.com/egumoficij 0 Quote
bedna Posted 4 hours ago Posted 4 hours ago (edited) 21 hours ago, Sebas07 said: Same result: with putty you can connect through ssh, set "root" as username and then the "1234" is not accepted anymore. Might be because at first login, you enter 1234, it then asks for you to change that, create a user and whatnot. Not so sure putty will have any idea of what to do with those prompts. When you wrote: "once more: tried ssh through a raspi in the network. the raspi cannot connect to the armbian:" What do you mean by that? You logged in to a rpi OS with putty, and you then tried to connect to this device via the rpi? Was this before or AFTER you already tried logging in to it using putty? In your log: ### [firstrun] Recreated SSH keys (entropy: 256 256) I don't know what this means, but sounds like keys are enrolled and maybe assumed to be used in future. You will have to look into putty (and ask the devs of putty) to learn what is happening, unless you are willing to use a "normal" ssh client that will tell you what is going on by providing STDOUT & STDERR to your monitor. With a NORMAL ssh client, type "ssh root@xxx.xxx.xxx.xxx" (the ip to the device) and it will ask for passw, it will then require you to CHANGE passwd etc. Seems very likely putty has no idea how to deal with that and are doing some strange things at first login, witch then probably leads to it borking your system. Edited 4 hours ago by bedna 0 Quote
Sebas07 Posted 3 hours ago Author Posted 3 hours ago (edited) ref. to Igor: I think the system runs fine because i can ping and because there is actually a ssh server active. Due to that I have a Odroid HC2 and not the XU4, I have no console and have to rely on ssh. I used putty and the ssh client in the "advanced IP scanner" - www.advanced-ip-scanner.com: both seem to connect but 1234 just does not work. In that Debian raspberry I used the normal ssh client and in WIN10/11 also the ssh client from the command line. All of these three ssh clients were not able to connect to the Odroid due to a different level of keystrength and procedure. I try the WIN11 ssh client to accept the situation and will come back edit: I needed to use these command options to connect to the ssh server from the WIN11 ssh client: ssh -oKexAlgorithms=+diffie-hellman-group1-sha1 -oHostKeyAlgorithms=+ssh-dss -oCiphers=+aes128-cbc -oMACs=+hmac-sha1 That is a pile of ancient security settings! Anyway - even now the 1234 did not work. in verbose mode I got no alarms from the ssh connection Edited 2 hours ago by Sebas07 0 Quote
eselarm Posted 1 hour ago Posted 1 hour ago 23 hours ago, Sebas07 said: P.P.S - same using putty on a WIN10 system "login as: root further authentification required root@IP-address password: 1234 access denied" you cannot login as root via ssh using password, it is disabled by default for years already you need a normal user first or prepare the image/sd-card to use ssh keys/ids 0 Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.