ssh: Connection refused (port 22/tcp Closed ssh)

This forum is for Marvell Kirkwood devices such as the GoFlex Home/Net, PogoPlug v1/v2, SheevaPlug, and ZyXEL devices.

ssh: Connection refused (port 22/tcp Closed ssh)

Postby habibie » Sun Apr 22, 2018 4:46 pm

I have a Seagate GoFLEX Home running on a debian arm and would like to try Arch Linux ARM. So, I downloaded and extracted the ArchLinuxARM-2018.04-kirkwood-rootfs.tar.gz on a USB memory stick. Upon 1st boot, I am not able to SSH login into my device as shown below.
$this->bbcode_second_pass_code('', '[habibie@linux:/home/local/PEOPLE/habibie 76%] ~ ssh alarm@192.168.1.84
ssh: connect to host 192.168.1.84 port 22: Connection refused
[habibie@linux:/home/local/PEOPLE/habibie 77%] ~')

So, I started searching through this forum and found this article. Then, I followed the instruction to create a new user (through a chroot) called arch. When trying to ssh into my device, it also gives me the same error messages as shown below.
$this->bbcode_second_pass_code('', '[habibie@linux:/home/local/PEOPLE/habibie 78%] ~ ssh arch@192.168.1.84
ssh: connect to host 192.168.1.84 port 22: Connection refused
[habibie@linux:/home/local/PEOPLE/habibie 79%] ~')
My understanding is a Connection refused message could mean there is no service on the device. So, I use nmap to check and found the device does not have SSH port (22) enabled as shown below. The question is how do I enable SSH on my device running on the Arch Linux ARM OS? Anyone?
$this->bbcode_second_pass_code('', '[root@linux:/home/local/PEOPLE/habibie 29%] # nmap -p 22 192.168.1.84

Starting Nmap 6.47 ( http://nmap.org ) at 2018-04-22 12:30 EDT
Nmap scan report for alarm (192.168.1.84)
Host is up (0.00031s latency).
PORT STATE SERVICE
[b]22/tcp closed ssh[/b]
MAC Address: aa:bb:cc:dd:ee:ff (Segate Technology)

Nmap done: 1 IP address (1 host up) scanned in 0.60 seconds
[root@linux:/home/local/PEOPLE/habibie 30%] #')
habibie
 
Posts: 28
Joined: Sun Nov 04, 2012 11:55 am

Re: ssh: Connection refused (port 22/tcp Closed ssh)

Postby graysky » Sun Apr 22, 2018 8:11 pm

I am unfamiliar with that particular image you're using, but if it's setup like armv7h, sshd.service should be enabled by default. Check it by logging in locally and running:
$this->bbcode_second_pass_code('', 'systemctl list-unit-files | grep enabled')

If it is running, perhaps you have a firewall blocking the connection?

EDIT: Inspecting the files in the tar.gz, it is indeed enabled. Can you connect to it from the localhost (ie itself)? Try `ssh localhost`.
graysky
Developer
 
Posts: 1728
Joined: Sun Jun 26, 2011 6:56 am
Location: /run/user/1000

[SOLVED]: ssh: Connection refused (port 22/tcp Closed ssh)

Postby habibie » Mon Apr 23, 2018 3:26 am

So, which particular image would you recommend (please provide the link to download) for a Seagate GoFLEX Home?

I don't have a serial console for this device and login locally through SSH gives me a connection refused as shown in my OP above. The only way I can check this is to boot my device using debian ARM, mount the Arch Linux ARM partition, chroot, and then do a systemctl as you pointed out in you link (see below).
$this->bbcode_second_pass_code('', 'root@debian:~# mount /dev/sdb1 /mnt
root@debian:~# ls -la /mnt/boot/
total 15316
drwxr-xr-x 2 root root 4096 Apr 13 11:09 .
drwxr-xr-x 17 root root 4096 Apr 9 21:13 ..
-rw-r--r-- 1 root root 5530551 Apr 6 19:58 initramfs-linux.img
-rw-r--r-- 1 root root 92 Apr 10 20:01 uEnv.txt
-rw-r--r-- 1 root root 4600064 Nov 10 20:54 uImage
-rw-r--r-- 1 root root 5530615 Apr 13 11:09 uInitrd
root@debian:~# chroot /mnt
[root@debian /]# systemctl list-unit-files | grep enabled
autovt@.service enabled
dbus-org.freedesktop.network1.service enabled
dbus-org.freedesktop.resolve1.service enabled
getty@.service enabled
haveged.service enabled
sshd.service enabled
systemd-networkd-wait-online.service enabled
systemd-networkd.service enabled
systemd-resolved.service enabled
systemd-timesyncd.service enabled
systemd-networkd.socket enabled
remote-fs.target enabled
[root@debian /]# systemctl list-unit-files | grep ssh
sshd.service enabled
sshd@.service static
sshdgenkeys.service static
sshd.socket disabled
[root@debian /]#')

As shown above, it appears the sshd socket is disabled. So, I enabled it as shown below:
$this->bbcode_second_pass_code('', '[root@debian /]# systemctl enable sshd.socket
Created symlink /etc/systemd/system/sockets.target.wants/sshd.socket → /usr/lib/systemd/system/sshd.socket.
[root@debian /]# systemctl list-unit-files | grep ssh
sshd.service enabled
sshd@.service static
sshdgenkeys.service static
sshd.socket enabled
[root@debian /]#')
Now, nmap shows port 22 has been enabled (see below)
$this->bbcode_second_pass_code('', '[root@linux:/home/local/PEOPLE/habibie 34%] # nmap -p 22 192.168.1.89

Starting Nmap 6.47 ( http://nmap.org ) at 2018-04-22 22:31 EDT
Nmap scan report for alarm (192.168.1.89)
Host is up (0.00032s latency).
PORT STATE SERVICE
22/tcp open ssh
MAC Address: aa:bb:cc:dd:ee:ff (Segate Technology)

Nmap done: 1 IP address (1 host up) scanned in 0.69 seconds
[root@linux:/home/local/PEOPLE/habibie 35%] #')

However, trying to ssh into the device gives Connection reset by peer. This means the system has not been configured with certificates. So, I need to create and/or generate new certificates on my Arch Linux ARM (after the partition is mounted and chroot) as shown below.
$this->bbcode_second_pass_code('', '[root@debian /]# ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key
PRNG is not seeded
[root@debian /]# ls -la /dev/urandom
ls: cannot access '/dev/urandom': No such file or directory
[root@debian /]# mknod -m 666 /dev/urandom c 1 9
[root@debian /]# ls -la /dev/urandom
crw-rw-rw- 1 root root 1, 9 Apr 23 03:03 /dev/urandom
[root@debian /]# ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key
Generating public/private rsa key pair.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /etc/ssh/ssh_host_rsa_key.
Your public key has been saved in /etc/ssh/ssh_host_rsa_key.pub.
The key fingerprint is:
SHA256:X+1rS... root@debian
The key's randomart image is:
+---[RSA 2048]----+
|++.. o... |
|*.= ooo . |
|oB....+ . |
|+ .+ + + . |
| ...+ E S . . |
| .o.*oo . . . |
| =+.. . . . |
| ...o o.o .. |
| . .+o. .o. |
+----[SHA256]-----+
[root@debian /]# ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key
Generating public/private dsa key pair.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /etc/ssh/ssh_host_dsa_key.
Your public key has been saved in /etc/ssh/ssh_host_dsa_key.pub.
The key fingerprint is:
SHA256:r8s... root@debian
The key's randomart image is:
+---[DSA 1024]----+
| .oo.. |
| . =oo |
| = Ooo |
| . = O.* . |
| . = = BS= |
| + O B +.o |
| B @ o .. |
| * o... E |
| . o+. |
+----[SHA256]-----+
[root@debian /]# ssh-keygen -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key
Generating public/private ecdsa key pair.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /etc/ssh/ssh_host_ecdsa_key.
Your public key has been saved in /etc/ssh/ssh_host_ecdsa_key.pub.
The key fingerprint is:
SHA256:1te... root@debian
The key's randomart image is:
+---[ECDSA 256]---+
| ... . |
|.. . . .o .|
|o o . ..=.o.|
| = . o o o..===o*|
|. o o o S oo*o=Bo|
|. . . +.+ oo|
|..+ . o .o.|
|o+ . .o|
|E |
+----[SHA256]-----+
[root@debian /]#')
After the above, I now can ssh login into my Seagate GoFLEX Home running on the Arch Linux ARM OS.

Anyway, thank you for your information above.
habibie
 
Posts: 28
Joined: Sun Nov 04, 2012 11:55 am


Return to Marvell Kirkwood

Who is online

Users browsing this forum: No registered users and 10 guests