How to open the SSH port 22?
65,914
#Port 22
Port 223
Is that not 22 being commented out and 223 being active? Have you tried 223 yet?
Related videos on Youtube
Author by
UserK
Updated on September 18, 2022Comments
-
UserK over 1 year
I have installed the ssh utility on an embedded system but I can't connect to it. I am able to ssh from the device to another computer on the network but not the other way around.
The only port opened in the device is the 21st:
userk@dopamine:~$ nmap 160.80.97.X Starting Nmap 6.40 ( http://nmap.org ) at 2015-02-09 20:49 CET Nmap scan report for 160.80.97.X Host is up (0.0092s latency). Not shown: 999 closed ports PORT STATE SERVICE 21/tcp open ftp
When I try to connect to it I get a connection refused error. I have tried with another port but nothing has changed. The configuration file /etc/ssh/sshd_config is the following
#Port 22 Port 223 #AddressFamily any #ListenAddress 0.0.0.0 #ListenAddress :: # The default requires explicit activation of protocol 1 Protocol 2 # HostKey for protocol version 1 #HostKey /etc/ssh/ssh_host_key # HostKeys for protocol version 2 HostKey /etc/ssh/ssh_host_rsa_key HostKey /etc/ssh/ssh_host_dsa_key HostKey /etc/ssh/ssh_host_ecdsa_key #HostKey /etc/ssh/ssh_host_ed25519_key # Lifetime and size of ephemeral version 1 server key KeyRegenerationInterval 1h ServerKeyBits 1024 # Ciphers and keying #RekeyLimit default none # Logging # obsoletes QuietMode and FascistLogging SyslogFacility AUTH LogLevel INFO # Authentication: LoginGraceTime 2m PermitRootLogin yes StrictModes yes MaxAuthTries 6 #MaxSessions 10 RSAAuthentication yes PubkeyAuthentication yes # The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2 # but this is overridden so installations will only check .ssh/authorized_keys AuthorizedKeysFile .ssh/authorized_keys
I don't have iptables and I can't install it. How can I connect to the device using ssh?
Solution
There was a problem with the generated keys. Move them to the /tmp folder
mv /etc/ssh/ssh_host_* /tmp
And regenerate the keys with
/etc/init.d/S50sshd restart OR /etc/init.d/sshd restart
or
ssh-keygen -A
Thanks to Bratchley, Abrixas2 and 0xC0000022L.
-
Admin over 9 yearsHave you checked that
sshd
is actually running? -
Admin over 9 yearsJoining the choir, I would check
netstat -tlpn
to see ifsshd
is both running and listening on the port you're expecting it to run on. -
Admin over 9 years@richard I get
/etc/init.d/ssh not found
I have S50sshd in the folder.I have tried /etc/init.d/S50sshd restart
but it could not load host keys. I getkey_load_public: invalid format
-
Admin over 9 years@Bratchley. Ssh is not running. Netstat says that only the tcp protocol is active
-
Admin over 9 years@narutov6 then the problem is that something is wrong with the host keys. They may need to be re-generated. I would
mv /etc/ssh/ssh_host_* /tmp
and try to run/etc/init.d/sshd restart
and see if it regenerates the keys for you that way. -
Admin over 9 years@narutov6 You can run
ssh-keygen -A
to generate host keys for all known key types, for which host keys do not exist. This should normally be done during the configuration ofsshd
or during the first start ofsshd
. -
Admin over 9 yearsYou're sure the device has that IP, though? What's the output of
lsof -i TCP:22 -s TCP:LISTEN
say? Did you try to reinstall (apt-get --reinstall openssh-server
)sshd
or set it to start by default (update-rc.d ssh defaults
) and then start (withservice
)? All assuming Rasbian. Also, did you try to run the SSH server from the command line using$(which sshd) -Ddp 10222
(as superuser) and then connecting to port 10222 from a client? Ifsshd
isn't running you can also leave out the-p 10222
altogether. What aboutdpkg-reconfigure openssh-server
to regenerate all the host keys? -
Admin over 9 years@narutov6: check out this old answer of mine
-
Admin over 9 years@0xC0000022L I've read your answer, it was really useful and verbose. Next time I will use it as a debugger. Unfortunately, I could not test
apt-get --reinstall openssh
because the only package manager I have isopkg
(never used so far). Same problem withdpkg-reconfigure
. Thanks anyway
-
-
Bratchley over 9 yearsNice catch but
tcp/223
probably would've came up in hisnmap
scan as well. -
Admin over 9 yearsNot at all. Maybe 223 is not a "common port" what will be scaned by the command
nmap
without parameters... -
0xC0000022L over 9 years@Bratchley: nwildner is right. The OP should use
nmap -p 1-65535 160.80.97.X
or similar. -
Bratchley over 9 yearsI stand corrected, I just ran it on a local system and it doesn't scan 223 by default unless I do
-p
. The OP's problem is with the daemon not starting though. -
UserK over 9 yearsYes, I've tried with
ssh [email protected] -p 223
. I deleted the keys and re-generated them. Now it works. Thank you anyway -
0xC0000022L over 9 years@narutov6: wow, that's really weak. See, people have been swarming to help you find a solution and all you do is to say that you found a solution and it works now? It'd be helpful for future Internauts with a similar problem to find out what steps you followed to solve diagnose and solve the problem.
-
UserK over 9 yearsI appreciate your help and the fact that you make new users understand what's the aim of StackExchange. I'm still looking for the cause of the problem.
-
Bratchley over 9 years@0xC0000022L You could try being less of a jerk. The solution actually is up in the comments if you had bothered to read it.
-
Bratchley over 9 yearsSo now we're shifting it to saying he should have posted an answer whereas before it was just that he didn't provide any intermediate steps? I also think you're the one who started with the ad hominems.
-
0xC0000022L over 9 years@Bratchley: never mind. Whatever you say.
-
0xC0000022L over 9 years@narutov6: wait, you said before that it works now. This indicated that you found a solution. Please edit your question to add the steps you have already tested.