1 1
vr@m

ssh reset connection in nanopi M1

Recommended Posts

Good morning everyone. I'm unable to connect to a nanopi M1 through ssh, I'm using windows power shell and the network is made with a TP-Link router MR3220, I've looked several guides around there but always is saying "connection reset".

 

I've also checked the IP address wich is allways the same because I used the address reservation feature of the router (of course, there is a fixed MAC address on eth0), when I apply the command

 

ssh -p 22 root@xxx.xxx.xxx.xxx

on the uxterm of armbian it shows the shown in the attached image "resulado de usar ssh" and like I said, the answer of power shell is connection reset on port 22 for that server. the ssh_config is like this:

 

Host *
#   ForwardAgent no
#   ForwardX11 no
#   ForwardX11Trusted yes
#   RhostsRSAAuthentication no
#   RSAAuthentication yes
#   PasswordAuthentication yes
#   HostbasedAuthentication no
#   GSSAPIAuthentication no
#   GSSAPIDelegateCredentials no
#   GSSAPIKeyExchange no
#   GSSAPITrustDNS no
#   BatchMode no
#   CheckHostIP yes
#   AddressFamily any
#   ConnectTimeout 0
#   StrictHostKeyChecking ask
#   IdentityFile ~/.ssh/identity
#   IdentityFile ~/.ssh/id_rsa
#   IdentityFile ~/.ssh/id_dsa
#   IdentityFile ~/.ssh/id_ecdsa
#   IdentityFile ~/.ssh/id_ed25519
#   Port 22
#   Protocol 2
#   Cipher 3des
#   Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc
#   MACs hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160
#   EscapeChar ~
#   Tunnel no
#   TunnelDevice any:any
#   PermitLocalCommand no
#   VisualHostKey no
#   ProxyCommand ssh -q -W %h:%p gateway.example.com
#   RekeyLimit 1G 1h
    SendEnv LANG LC_*
    HashKnownHosts yes
    GSSAPIAuthentication yes
    GSSAPIDelegateCredentials no

and the sshd_config is like follows:

 

# Package generated configuration file
# See the sshd_config(5) manpage for details

# What ports, IPs and protocols we listen for
Port 22
# Use these options to restrict which interfaces/protocols sshd will bind to
#ListenAddress ::
#ListenAddress 0.0.0.0
Protocol 2
# HostKeys for protocol version 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
HostKey /etc/ssh/ssh_host_ed25519_key
#Privilege Separation is turned on for security
UsePrivilegeSeparation yes

# Lifetime and size of ephemeral version 1 server key
KeyRegenerationInterval 3600
ServerKeyBits 1024

# Logging
SyslogFacility AUTH
LogLevel INFO

# Authentication:
LoginGraceTime 120
PermitRootLogin yes
StrictModes yes

RSAAuthentication yes
PubkeyAuthentication yes
#AuthorizedKeysFile	%h/.ssh/authorized_keys

# Don't read the user's ~/.rhosts and ~/.shosts files
IgnoreRhosts yes
# For this to work you will also need host keys in /etc/ssh_known_hosts
RhostsRSAAuthentication no
# similar for protocol version 2
HostbasedAuthentication no
# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
#IgnoreUserKnownHosts yes

# To enable empty passwords, change to yes (NOT RECOMMENDED)
PermitEmptyPasswords yes

# Change to yes to enable challenge-response passwords (beware issues with
# some PAM modules and threads)
ChallengeResponseAuthentication no

# Change to no to disable tunnelled clear text passwords
#PasswordAuthentication yes

# Kerberos options
#KerberosAuthentication no
#KerberosGetAFSToken no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes

# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes

X11Forwarding yes
X11DisplayOffset 10
PrintMotd no
PrintLastLog yes
TCPKeepAlive yes
#UseLogin no

#MaxStartups 10:30:60
#Banner /etc/issue.net

# Allow client to pass locale environment variables
AcceptEnv LANG LC_*

Subsystem sftp /usr/lib/openssh/sftp-server

# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication.  Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
UsePAM yes

 

I'm putting as much information as I can bacause I'm very new with ssh.

 

Thanks a lot for the help.

resulado de usar ssh.png

Share this post


Link to post
Share on other sites
Quote
On 10/21/2018 at 10:08 AM, martinayotte said:

Since you are in a shell form nanopim1, what type of OS on the device/server on the other side at 192.168.1.100 ?

 

Hi @Martinayotte, I'm using power shell on windows 10

 

Share this post


Link to post
Share on other sites
2 minutes ago, vr@m said:

I'm using power shell on windows 10

You're not answering my question : what is the device at 192.168.1.100 ? Is it your windows 10 machine ? If yes, do you have proper SSH server running on this machine ? If not, don't expect it to connect ...

Share this post


Link to post
Share on other sites
Just now, martinayotte said:

You're not answering my question : what is the device at 192.168.1.100 ? Is it your windows 10 machine ? If yes, do you have proper SSH server running on this machine ? If not, don't expect it to connect ...

I'm sorry, I understood it backwards, the device at 192.168.1.100 is the nanopi which is the device where the server is running

Share this post


Link to post
Share on other sites
4 minutes ago, vr@m said:

I understood it backwards, the device at 192.168.1.100 is the nanopi

From the previous screenshot you've provided, the shell shows that you're already on the NanoPi itself.

So your are trying to connect to itself ? Why ? Is it just to become root ? You can use sudo instead ...

Share this post


Link to post
Share on other sites
2 minutes ago, martinayotte said:

From the previous screenshot you've provided, the shell shows that you're already on the NanoPi itself.

So your are trying to connect to itself ? Why ? Is it just to become root ? You can use sudo instead ...

Yes, you are right, about the image, I've done that because of a test that I saw in other post and if I'm right the test shows how many parameters of the configuration at the ssh server are done and also the state of the connection. If you look at line 6 from the input of the command shows

debug 1: Connection stablished

after that shows the state of the parameters and the last line shows 

Connection reset by 192.168.1.100 port 22

when I try to connect from the client computer the only message that shows is the last one with the "Connection reset by 192.168.1.100 port 22" which makes me guess that the server has a bad configuration or something that I don't know.

Share this post


Link to post
Share on other sites
17 minutes ago, vr@m said:

Yes, you are right, about the image

I can only suggest to connect to debug port using a USB-TTL Serial dongle and look at the log file /var/log/auth.log to see if potential clues can be found.

 

Share this post


Link to post
Share on other sites
44 minutes ago, martinayotte said:

I can only suggest to connect to debug port using a USB-TTL Serial dongle and look at the log file /var/log/auth.log to see if potential clues can be found.

 

Thank you, I'll see that option.

Share this post


Link to post
Share on other sites
5 minutes ago, vr@m said:

Thank you, I'll see that option.

Also, did you tried with another kind of terminal, for example PuTTy, because I won't be surprise if the MS Power Shell SSH is the guilty one ... ;)

Share this post


Link to post
Share on other sites
11 minutes ago, martinayotte said:

Also, did you tried with another kind of terminal, for example PuTTy, because I won't be surprise if the MS Power Shell SSH is the guilty one ... ;)

 

Yeap...It says "Server unexpectedly closed network connection", anyway I'll follow your advice about the auth.log from a monitor (right now I don't have a usb-ttl)

Share this post


Link to post
Share on other sites
On 10/23/2018 at 2:23 PM, martinayotte said:

Also, did you tried with another kind of terminal, for example PuTTy, because I won't be surprise if the MS Power Shell SSH is the guilty one ... ;)

Well, it seems to be that the problem was the lack of password when I tried to establish the connection, by now I disabled the authentication on the configuration file of the server (which is not good) and the connection was established.

 

The new problem that I have is that I probably changed the root password and I can't access as superuser, is there a way to change the root password without knowing the previous one?

Share this post


Link to post
Share on other sites
44 minutes ago, vr@m said:

is there a way to change the root password without knowing the previous one

Yes, if you previously created another user which came part of sudoer group, you can do "sudo su -" followed by "user password" , then "passwd root" and providing new root password twice.

 

Share this post


Link to post
Share on other sites
21 hours ago, martinayotte said:

Yes, if you previously created another user which came part of sudoer group, you can do "sudo su -" followed by "user password" , then "passwd root" and providing new root password twice.

 

So I think I must reflash the sd card with armbian because I' didn't do that before.

Share this post


Link to post
Share on other sites
19 hours ago, vr@m said:

because I' didn't do that before

When booting the first time any Armbian image, it asking you current password twice and then entering new one twice, following that, it asking you to create new user account.

Share this post


Link to post
Share on other sites

Hey guys, 

for anyone else that had problems with this, here's what worked for me for my NanoPi R1 board (thanks to martinayotee's advice):
 

wire up TX/RX/GND (and 5V/VCC if not already getting power from USB)
screen /dev/ttyUSB0 115200,cs8

create the new non-root user if prompted

rm -r /etc/ssh/ssh*key

dpkg-reconfigure openssh-server

this worked in my case as I noticed errors with the default host keys in /var/log/auth.log

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
1 1