How to open the SSH port 22?

linux ssh embedded raspberry-pi sshd

65,914

#Port 22
Port 223

Is that not 22 being commented out and 223 being active? Have you tried 223 yet?

65,914

UserK

Updated on September 18, 2022

Comments

UserK over 1 year
I have installed the ssh utility on an embedded system but I can't connect to it. I am able to ssh from the device to another computer on the network but not the other way around.

The only port opened in the device is the 21st:
```
userk@dopamine:~$ nmap 160.80.97.X

Starting Nmap 6.40 ( http://nmap.org ) at 2015-02-09 20:49 CET
Nmap scan report for 160.80.97.X
Host is up (0.0092s latency).
Not shown: 999 closed ports
PORT   STATE SERVICE
21/tcp open  ftp
```
When I try to connect to it I get a connection refused error. I have tried with another port but nothing has changed. The configuration file /etc/ssh/sshd_config is the following
```
#Port 22
Port 223
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::

# The default requires explicit activation of protocol 1
Protocol 2

# HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
#HostKey /etc/ssh/ssh_host_ed25519_key

# Lifetime and size of ephemeral version 1 server key
KeyRegenerationInterval 1h
ServerKeyBits 1024

# Ciphers and keying
#RekeyLimit default none

# Logging
# obsoletes QuietMode and FascistLogging
SyslogFacility AUTH
LogLevel INFO

# Authentication:

LoginGraceTime 2m
PermitRootLogin yes
StrictModes yes
MaxAuthTries 6
#MaxSessions 10

RSAAuthentication yes
PubkeyAuthentication yes

# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
# but this is overridden so installations will only check .ssh/authorized_keys
AuthorizedKeysFile  .ssh/authorized_keys
```
I don't have iptables and I can't install it. How can I connect to the device using ssh?

Solution

There was a problem with the generated keys. Move them to the /tmp folder
```
mv /etc/ssh/ssh_host_* /tmp
```
And regenerate the keys with
```
/etc/init.d/S50sshd restart OR /etc/init.d/sshd restart
```
or
```
ssh-keygen -A
```
Thanks to Bratchley, Abrixas2 and 0xC0000022L.
- Admin over 9 years
  
  Have you checked that sshd is actually running?
- Admin over 9 years
  
  Joining the choir, I would check netstat -tlpn to see if sshd is both running and listening on the port you're expecting it to run on.
- Admin over 9 years
  
  @richard I get /etc/init.d/ssh not found I have S50sshd in the folder. I have tried /etc/init.d/S50sshd restart but it could not load host keys. I get key_load_public: invalid format
- Admin over 9 years
  
  @Bratchley. Ssh is not running. Netstat says that only the tcp protocol is active
- Admin over 9 years
  
  @narutov6 then the problem is that something is wrong with the host keys. They may need to be re-generated. I would mv /etc/ssh/ssh_host_* /tmp and try to run /etc/init.d/sshd restart and see if it regenerates the keys for you that way.
- Admin over 9 years
  
  @narutov6 You can run ssh-keygen -A to generate host keys for all known key types, for which host keys do not exist. This should normally be done during the configuration of sshd or during the first start of sshd.
- Admin over 9 years
  
  You're sure the device has that IP, though? What's the output of lsof -i TCP:22 -s TCP:LISTEN say? Did you try to reinstall (apt-get --reinstall openssh-server) sshd or set it to start by default (update-rc.d ssh defaults) and then start (with service)? All assuming Rasbian. Also, did you try to run the SSH server from the command line using $(which sshd) -Ddp 10222 (as superuser) and then connecting to port 10222 from a client? If sshd isn't running you can also leave out the -p 10222 altogether. What about dpkg-reconfigure openssh-server to regenerate all the host keys?
- Admin over 9 years
  
  @narutov6: check out this old answer of mine
- Admin over 9 years
  
  @0xC0000022L I've read your answer, it was really useful and verbose. Next time I will use it as a debugger. Unfortunately, I could not test apt-get --reinstall openssh because the only package manager I have is opkg (never used so far). Same problem with dpkg-reconfigure. Thanks anyway
Bratchley over 9 years

Nice catch but tcp/223 probably would've came up in his nmap scan as well.
Admin over 9 years

Not at all. Maybe 223 is not a "common port" what will be scaned by the command nmap without parameters...
0xC0000022L over 9 years

@Bratchley: nwildner is right. The OP should use nmap -p 1-65535 160.80.97.X or similar.
Bratchley over 9 years

I stand corrected, I just ran it on a local system and it doesn't scan 223 by default unless I do -p. The OP's problem is with the daemon not starting though.
UserK over 9 years

Yes, I've tried with ssh [email protected] -p 223. I deleted the keys and re-generated them. Now it works. Thank you anyway
0xC0000022L over 9 years

@narutov6: wow, that's really weak. See, people have been swarming to help you find a solution and all you do is to say that you found a solution and it works now? It'd be helpful for future Internauts with a similar problem to find out what steps you followed to solve diagnose and solve the problem.
UserK over 9 years

I appreciate your help and the fact that you make new users understand what's the aim of StackExchange. I'm still looking for the cause of the problem.
Bratchley over 9 years

@0xC0000022L You could try being less of a jerk. The solution actually is up in the comments if you had bothered to read it.
Bratchley over 9 years

So now we're shifting it to saying he should have posted an answer whereas before it was just that he didn't provide any intermediate steps? I also think you're the one who started with the ad hominems.
0xC0000022L over 9 years

@Bratchley: never mind. Whatever you say.
0xC0000022L over 9 years

@narutov6: wait, you said before that it works now. This indicated that you found a solution. Please edit your question to add the steps you have already tested.