hary
Posts: 41
Joined: Wed Jan 18, 2017 8:17 am

I cannot SSH my pi anymore

Wed Aug 28, 2019 3:17 pm

Hi

I don't know what I've done but I can't ssh my pi anymore.

I'm with a PI3 running strech.
I don't remember what happened since last time I'v been able to SSHed it.

"$ ssh pi@192.168.1.80
ssh: connect to host 192.168.1.80 port 22: Connection refused
"


Any idea how I could fix this ?

epoch1970
Posts: 3797
Joined: Thu May 05, 2016 9:33 am
Location: Paris, France

Re: I cannot SSH my pi anymore

Wed Aug 28, 2019 3:24 pm

Check you’re using the correct IP address by pinging the machine.
If it pings verify the ssh daemon sshd is actually running. You can use raspi-config to enable/disable the ssh daemon.
"S'il n'y a pas de solution, c'est qu'il n'y a pas de problème." Les Shadoks, J. Rouxel

hary
Posts: 41
Joined: Wed Jan 18, 2017 8:17 am

Re: I cannot SSH my pi anymore

Wed Aug 28, 2019 3:53 pm

Hi there.


Yes I can ping it.

Back on the pi trying to reconfigure ssh deamon lead me to this :
"
pi@RPiPerpignan:~ $ sudo raspi-config
Job for ssh.service failed because a fatal signal was delivered to the control process.
See "systemctl status ssh.service" and "journalctl -xe" for details.
invoke-rc.d: initscript ssh, action "start" failed.
● ssh.service - OpenBSD Secure Shell server
Loaded: loaded (/lib/systemd/system/ssh.service; enabled; vendor preset: enabled)
Active: activating (auto-restart) (Result: signal) since Wed 2019-08-28 15:49:04 UTC; 35ms ago
Process: 985 ExecStartPre=/usr/sbin/sshd -t (code=killed, signal=SEGV)

Aug 28 15:49:04 RPiPerpignan systemd[1]: ssh.service: Unit entered failed state.
Aug 28 15:49:04 RPiPerpignan systemd[1]: ssh.service: Failed with result 'signal'.
pi@RPiPerpignan:~ $ systemctl status ssh.service
● ssh.service - OpenBSD Secure Shell server
Loaded: loaded (/lib/systemd/system/ssh.service; enabled; vendor preset: enabled)
Active: failed (Result: signal) since Wed 2019-08-28 15:49:05 UTC; 15s ago
Process: 1000 ExecStartPre=/usr/sbin/sshd -t (code=killed, signal=SEGV)

Aug 28 15:49:05 RPiPerpignan systemd[1]: ssh.service: Unit entered failed state.
Aug 28 15:49:05 RPiPerpignan systemd[1]: ssh.service: Failed with result 'signal'.
Aug 28 15:49:05 RPiPerpignan systemd[1]: ssh.service: Service hold-off time over, scheduling restart.
Aug 28 15:49:05 RPiPerpignan systemd[1]: Stopped OpenBSD Secure Shell server.
Aug 28 15:49:05 RPiPerpignan systemd[1]: ssh.service: Start request repeated too quickly.
Aug 28 15:49:05 RPiPerpignan systemd[1]: Failed to start OpenBSD Secure Shell server.
Aug 28 15:49:05 RPiPerpignan systemd[1]: ssh.service: Unit entered failed state.
Aug 28 15:49:05 RPiPerpignan systemd[1]: ssh.service: Failed with result 'signal'.
pi@RPiPerpignan:~ $ journalctl -xe
Aug 28 15:49:04 RPiPerpignan systemd[1]: ssh.service: Unit entered failed state.
Aug 28 15:49:04 RPiPerpignan systemd[1]: ssh.service: Failed with result 'signal'.
Aug 28 15:49:05 RPiPerpignan systemd[1]: ssh.service: Service hold-off time over, scheduling restart.
Aug 28 15:49:05 RPiPerpignan systemd[1]: Stopped OpenBSD Secure Shell server.
Aug 28 15:49:05 RPiPerpignan systemd[1]: Starting OpenBSD Secure Shell server...
Aug 28 15:49:05 RPiPerpignan systemd[1]: ssh.service: Control process exited, code=killed status=11
Aug 28 15:49:05 RPiPerpignan systemd[1]: Failed to start OpenBSD Secure Shell server.
Aug 28 15:49:05 RPiPerpignan systemd[1]: ssh.service: Unit entered failed state.
Aug 28 15:49:05 RPiPerpignan systemd[1]: ssh.service: Failed with result 'signal'.
Aug 28 15:49:05 RPiPerpignan systemd[1]: ssh.service: Service hold-off time over, scheduling restart.
Aug 28 15:49:05 RPiPerpignan systemd[1]: Stopped OpenBSD Secure Shell server.
Aug 28 15:49:05 RPiPerpignan systemd[1]: Starting OpenBSD Secure Shell server...
Aug 28 15:49:05 RPiPerpignan systemd[1]: ssh.service: Control process exited, code=killed status=11
Aug 28 15:49:05 RPiPerpignan systemd[1]: Failed to start OpenBSD Secure Shell server.
Aug 28 15:49:05 RPiPerpignan systemd[1]: ssh.service: Unit entered failed state.
Aug 28 15:49:05 RPiPerpignan systemd[1]: ssh.service: Failed with result 'signal'.
Aug 28 15:49:05 RPiPerpignan systemd[1]: ssh.service: Service hold-off time over, scheduling restart.
Aug 28 15:49:05 RPiPerpignan systemd[1]: Stopped OpenBSD Secure Shell server.
Aug 28 15:49:05 RPiPerpignan systemd[1]: ssh.service: Start request repeated too quickly.
Aug 28 15:49:05 RPiPerpignan systemd[1]: Failed to start OpenBSD Secure Shell server.
Aug 28 15:49:05 RPiPerpignan systemd[1]: ssh.service: Unit entered failed state.
Aug 28 15:49:05 RPiPerpignan systemd[1]: ssh.service: Failed with result 'signal'.
Aug 28 15:49:07 RPiPerpignan sudo[935]: pam_unix(sudo:session): session closed for user root
lines 700-722/722 (END)
"

epoch1970
Posts: 3797
Joined: Thu May 05, 2016 9:33 am
Location: Paris, France

Re: I cannot SSH my pi anymore

Wed Aug 28, 2019 4:08 pm

The daemon dies after running into a fatal error. Something looks wrong with the sshd package or the OS.
Can you reinstall (the OS or at least ssh)?
"S'il n'y a pas de solution, c'est qu'il n'y a pas de problème." Les Shadoks, J. Rouxel

tpyo kingg
Posts: 627
Joined: Mon Apr 09, 2018 5:26 pm
Location: N. Finland

Re: I cannot SSH my pi anymore

Wed Aug 28, 2019 4:18 pm

Can you check the configuration file?

Code: Select all

sudo /usr/sbin/sshd -T | sort
If that gives an error, then look in /etc/ssh/sshd_config. If not, then the problem is elsewhere.

swampdog
Posts: 246
Joined: Fri Dec 04, 2015 11:22 am

Re: I cannot SSH my pi anymore

Wed Aug 28, 2019 4:29 pm

pi@RPiPerpignan:~ $ systemctl status ssh.service
● ssh.service - OpenBSD Secure Shell server
Loaded: loaded (/lib/systemd/system/ssh.service; enabled; vendor preset: enabled)
Active: failed (Result: signal) since Wed 2019-08-28 15:49:05 UTC; 15s ago
Process: 1000 ExecStartPre=/usr/sbin/sshd -t (code=killed, signal=SEGV)
^^^
That looks bad.

Is it running? Probably not..

Code: Select all

admin@pi05:~ $ ps -ef | grep -v grep | grep /sshd
root       615     1  0 16:44 ?        00:00:00 /usr/sbin/sshd -D
#^^^yes
..in which case output will be blank. Unfortunately I don't know if sshd will SEGV on simple permissions/config problem or only when something more fundamental is corrupted. I suspect you'll need to "man sshd" and read the "-d" flag. Fire it up on one terminal whilst trying to "ssh -vvv pi@localhost" from within another terminal.

It may be your sdcard is getting corrupted or full? Is 'systemd' failing for other things (/var/log/syslog)?

However, 'sshd' by its nature is very picky about permissions and ownership: it is possible that's the cause if you can think of something that might have overwritten bits of it.

hary
Posts: 41
Joined: Wed Jan 18, 2017 8:17 am

Re: I cannot SSH my pi anymore

Wed Aug 28, 2019 4:37 pm

tpyo kingg wrote:
Wed Aug 28, 2019 4:18 pm
Can you check the configuration file?

Code: Select all

sudo /usr/sbin/sshd -T | sort
If that gives an error, then look in /etc/ssh/sshd_config. If not, then the problem is elsewhere.
pi@RPiPerpignan:~ $ sudo /usr/sbin/sshd -T | sort
[sudo] password for pi:
pi@RPiPerpignan:~ $ nano /etc/ssh/sshd_config.

# $OpenBSD: sshd_config,v 1.100 2016/08/15 12:32:04 naddy Exp $

# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.

# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin

# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options override the
# default value.

#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::

#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_ecdsa_key
#HostKey /etc/ssh/ssh_host_ed25519_key

# Ciphers and keying
#RekeyLimit default none

# Logging
#SyslogFacility AUTH
#LogLevel INFO

# Authentication:

#LoginGraceTime 2m
#PermitRootLogin prohibit-password
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10

#PubkeyAuthentication yes

# Expect .ssh/authorized_keys2 to be disregarded by default in future.
#AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2

#AuthorizedPrincipalsFile none

#AuthorizedKeysCommand none
#AuthorizedKeysCommandUser nobody

# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes

# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no

# Change to yes to enable challenge-response passwords (beware issues with
# some PAM modules and threads)
ChallengeResponseAuthentication no

# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no

# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes
#GSSAPIStrictAcceptorCheck yes
#GSSAPIKeyExchange no

# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication. Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
UsePAM yes

#AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PermitTTY yes
PrintMotd no
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
#UsePrivilegeSeparation sandbox
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS no
#PidFile /var/run/sshd.pid
#MaxStartups 10:30:100
#PermitTunnel no
#ChrootDirectory none
#VersionAddendum none

# no default banner path
#Banner none

# Allow client to pass locale environment variables
AcceptEnv LANG LC_*

# override default of no subsystems
Subsystem sftp /usr/lib/openssh/sftp-server

# Example of overriding settings on a per-user basis
#Match User anoncvs
# X11Forwarding no
# AllowTcpForwarding no
# PermitTTY no
# ForceCommand cvs server

hary
Posts: 41
Joined: Wed Jan 18, 2017 8:17 am

Re: I cannot SSH my pi anymore

Wed Aug 28, 2019 4:52 pm

swampdog wrote:
Wed Aug 28, 2019 4:29 pm

Is it running? Probably not..

Code: Select all

admin@pi05:~ $ ps -ef | grep -v grep | grep /sshd
root       615     1  0 16:44 ?        00:00:00 /usr/sbin/sshd -D
#^^^yes
..in which case output will be blank. Unfortunately I don't know if sshd will SEGV on simple permissions/config problem or only when something more fundamental is corrupted. I suspect you'll need to "man sshd" and read the "-d" flag. Fire it up on one terminal whilst trying to "ssh -vvv pi@localhost" from within another terminal.

It may be your sdcard is getting corrupted or full? Is 'systemd' failing for other things (/var/log/syslog)?

However, 'sshd' by its nature is very picky about permissions and ownership: it is possible that's the cause if you can think of something that might have overwritten bits of it.
How can I add file ? it always throughs me "
Error
Invalid file extension: syslog"

swampdog
Posts: 246
Joined: Fri Dec 04, 2015 11:22 am

Re: I cannot SSH my pi anymore

Wed Aug 28, 2019 5:03 pm

How can I add file ? it always throughs me "
Error
Invalid file extension: syslog"
Ah. This is going to be tricky! I meant for you to search in "/var/log/syslog" for any errors.

Code: Select all

admin@pi05:~ $ sudo egrep -i ssh /var/log/syslog
Aug 28 16:44:29 pi05 systemd[1]: Started Turn on SSH if /boot/ssh is present.
^^^that's about all you'll see if its working. Let's forget about that for now. Just try this..

Code: Select all

$ sudo /usr/sbin/sshd -d
..and post the result. For example, I get this..

Code: Select all

admin@pi05:~ $ sudo /usr/sbin/sshd -d
debug1: sshd version OpenSSH_6.7, OpenSSL 1.0.1t  3 May 2016
debug1: private host key: #0 type 1 RSA
debug1: private host key: #1 type 2 DSA
debug1: private host key: #2 type 3 ECDSA
debug1: private host key: #3 type 4 ED25519
debug1: rexec_argv[0]='/usr/sbin/sshd'
debug1: rexec_argv[1]='-d'
Set /proc/self/oom_score_adj from 0 to -1000
debug1: Bind to port 22 on 0.0.0.0.
Bind to port 22 on 0.0.0.0 failed: Address already in use.
socket: Address family not supported by protocol
Cannot bind any address.
..because my 'sshd' is working and already running so me attempting to run it again causes it to fail.

Your output will differ.

hary
Posts: 41
Joined: Wed Jan 18, 2017 8:17 am

Re: I cannot SSH my pi anymore

Wed Aug 28, 2019 5:11 pm

@swampdog

pi@RPiPerpignan:~ $ sudo /usr/sbin/sshd -d
[sudo] password for pi:
debug1: sshd version OpenSSH_7.4, OpenSSL 1.0.2l 25 May 2017
debug1: private host key #0: ssh-rsa S
debug1: private host key #1: ecdsa-sha2g
debug1: private host key #2: ssh-ed25U
debug1: rexec_argv[0]='/usr/sbin/sshd'
debug1: rexec_argv[1]='-d'
debug1: Set /proc/self/oom_score_adj from 0 to -1000
debug1: Bind to port 22 on 0.0.0.0.
Server listening on 0.0.0.0 port 22.
debug1: Bind to port 22 on ::.
Server listening on :: port 22.

swampdog
Posts: 246
Joined: Fri Dec 04, 2015 11:22 am

Re: I cannot SSH my pi anymore

Wed Aug 28, 2019 5:25 pm

pi@RPiPerpignan:~ $ sudo /usr/sbin/sshd -d
[sudo] password for pi:
debug1: sshd version OpenSSH_7.4, OpenSSL 1.0.2l 25 May 2017
debug1: private host key #0: ssh-rsa S
debug1: private host key #1: ecdsa-sha2g
debug1: private host key #2: ssh-ed25U
debug1: rexec_argv[0]='/usr/sbin/sshd'
debug1: rexec_argv[1]='-d'
debug1: Set /proc/self/oom_score_adj from 0 to -1000
debug1: Bind to port 22 on 0.0.0.0.
Server listening on 0.0.0.0 port 22.
debug1: Bind to port 22 on ::.
Server listening on :: port 22.
^^^that's running.

Open up another terminal and type..

Code: Select all

$ ssh -vvv pi@localhost
Post that output.

hary
Posts: 41
Joined: Wed Jan 18, 2017 8:17 am

Re: I cannot SSH my pi anymore

Wed Aug 28, 2019 5:35 pm

Code: Select all

pi@RPiPerpignan:~ $ ssh -vvv pi@localhost
OpenSSH_7.4p1 Raspbian-10+deb9u3, OpenSSL 1.0.2l  25 May 2017
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug2: resolving "localhost" port 22
debug2: ssh_connect_direct: needpriv 0
debug1: Connecting to localhost [::1] port 22.
debug1: Connection established.
debug1: key_load_public: No such file or directory
debug1: identity file /home/pi/.ssh/id_rsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/pi/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/pi/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/pi/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/pi/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/pi/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/pi/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/pi/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.4p1 Raspbian-10+deb9u3
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.4p1 Raspbian-10+deb9u3
debug1: match: OpenSSH_7.4p1 Raspbian-10+deb9u3 pat OpenSSH* compat 0x04000000
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to localhost:22 as 'pi'
debug3: hostkeys_foreach: reading file "/home/pi/.ssh/known_hosts"
debug3: send packet: type 20
debug1: SSH2_MSG_KEXINIT sent
debug3: receive packet: type 20
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c
debug2: host key algorithms: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib@openssh.com,zlib
debug2: compression stoc: none,zlib@openssh.com,zlib
debug2: languages ctos: 
debug2: languages stoc: 
debug2: first_kex_follows 0 
debug2: reserved 0 
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1
debug2: host key algorithms: ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib@openssh.com
debug2: compression stoc: none,zlib@openssh.com
debug2: languages ctos: 
debug2: languages stoc: 
debug2: first_kex_follows 0 
debug2: reserved 0 
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug3: send packet: type 30
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug3: receive packet: type 31
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:hHj9d3XYUZS7uJrUsV+X1urx5BcDwa8LcSI/9qR/IDg
debug3: hostkeys_foreach: reading file "/home/pi/.ssh/known_hosts"
The authenticity of host 'localhost (::1)' can't be established.
ECDSA key fingerprint is SHA256:hHj9d3XYUZS7uJrUsV+X1urx5BcDwa8LcSI/9qR/IDg.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'localhost' (ECDSA) to the list of known hosts.
debug3: send packet: type 21
debug2: set_newkeys: mode 1
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: receive packet: type 21
debug1: SSH2_MSG_NEWKEYS received
debug2: set_newkeys: mode 0
debug1: rekey after 134217728 blocks
debug2: key: /home/pi/.ssh/id_rsa ((nil))
debug2: key: /home/pi/.ssh/id_dsa ((nil))
debug2: key: /home/pi/.ssh/id_ecdsa ((nil))
debug2: key: /home/pi/.ssh/id_ed25519 ((nil))
debug3: send packet: type 5
debug3: receive packet: type 7
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521>
debug3: receive packet: type 6
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug3: send packet: type 50
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,password
debug3: start over, passed a different list publickey,password
debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /home/pi/.ssh/id_rsa
debug3: no such identity: /home/pi/.ssh/id_rsa: No such file or directory
debug1: Trying private key: /home/pi/.ssh/id_dsa
debug3: no such identity: /home/pi/.ssh/id_dsa: No such file or directory
debug1: Trying private key: /home/pi/.ssh/id_ecdsa
debug3: no such identity: /home/pi/.ssh/id_ecdsa: No such file or directory
debug1: Trying private key: /home/pi/.ssh/id_ed25519
debug3: no such identity: /home/pi/.ssh/id_ed25519: No such file or directory
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred: ,password
debug3: authmethod_is_enabled password
debug1: Next authentication method: password
pi@localhost's password: 
debug3: send packet: type 50
debug2: we sent a password packet, wait for reply
debug3: receive packet: type 52
debug1: Authentication succeeded (password).
Authenticated to localhost ([::1]:22).
debug1: channel 0: new [client-session]
debug3: ssh_session2_open: channel_new: 0
debug2: channel 0: send open
debug3: send packet: type 90
debug1: Requesting no-more-sessions@openssh.com
debug3: send packet: type 80
debug1: Entering interactive session.
debug1: pledge: network
debug3: send packet: type 1
packet_write_wait: Connection to ::1 port 22: Broken pipe
pi@RPiPerpignan:~ $ 

Then checking back to the first terminal gave :

Code: Select all

pi@RPiPerpignan:~ $ sudo /usr/sbin/sshd -d
[sudo] password for pi: 
debug1: sshd version OpenSSH_7.4, OpenSSL 1.0.2l  25 May 2017
debug1: private host key #0: ssh-rsa SHA256:
debug1: private host key #1: ecdsa-sha2-nistp256 SHA256:h
debug1: private host key #2: ssh-ed25519 SHA256:B1KRU
debug1: rexec_argv[0]='/usr/sbin/sshd'
debug1: rexec_argv[1]='-d'
debug1: Set /proc/self/oom_score_adj from 0 to -1000
debug1: Bind to port 22 on 0.0.0.0.
Server listening on 0.0.0.0 port 22.
debug1: Bind to port 22 on ::.
Server listening on :: port 22.
debug1: Server will not fork when running in debugging mode.
debug1: rexec start in 5 out 5 newsock 5 pipe -1 sock 8
debug1: inetd sockets after dupping: 3, 3
Connection from ::1 port 47242 on ::1 port 22
debug1: Client protocol version 2.0; client software version OpenSSH_7.4p1 Raspbian-10+deb9u3
debug1: match: OpenSSH_7.4p1 Raspbian-10+deb9u3 pat OpenSSH* compat 0x04000000
debug1: Local version string SSH-2.0-OpenSSH_7.4p1 Raspbian-10+deb9u3
debug1: Enabling compatibility mode for protocol 2.0
debug1: permanently_set_uid: 107/65534 [preauth]
debug1: list_hostkey_types: ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
debug1: SSH2_MSG_KEXINIT sent [preauth]
debug1: SSH2_MSG_KEXINIT received [preauth]
debug1: kex: algorithm: curve25519-sha256 [preauth]
debug1: kex: host key algorithm: ecdsa-sha2-nistp256 [preauth]
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none [preauth]
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none [preauth]
debug1: expecting SSH2_MSG_KEX_ECDH_INIT [preauth]
debug1: rekey after 134217728 blocks [preauth]
debug1: SSH2_MSG_NEWKEYS sent [preauth]
debug1: expecting SSH2_MSG_NEWKEYS [preauth]
debug1: SSH2_MSG_NEWKEYS received [preauth]
debug1: rekey after 134217728 blocks [preauth]
debug1: KEX done [preauth]
debug1: userauth-request for user pi service ssh-connection method none [preauth]
debug1: attempt 0 failures 0 [preauth]
debug1: PAM: initializing for "pi"
debug1: PAM: setting PAM_RHOST to "::1"
debug1: PAM: setting PAM_TTY to "ssh"
debug1: userauth-request for user pi service ssh-connection method password [preauth]
debug1: attempt 1 failures 0 [preauth]
debug1: PAM: password authentication accepted for pi
debug1: do_pam_account: called
Accepted password for pi from ::1 port 47242 ssh2
debug1: monitor_child_preauth: pi has been authenticated by privileged process
debug1: monitor_read_log: child log fd closed
privsep_preauth: preauth child terminated by signal 11
debug1: do_cleanup
pi@RPiPerpignan:~ $ 

swampdog
Posts: 246
Joined: Fri Dec 04, 2015 11:22 am

Re: I cannot SSH my pi anymore

Wed Aug 28, 2019 6:39 pm

privsep_preauth: preauth child terminated by signal 11
Hmm. This is a guess based on some googling. Assuming you're happy your sdcard is okay then..

Code: Select all

$ sudo apt-get update
$ sudo apt-get upgrade
..(because the last update may be incomplete) making sure there's no warnings/errors. If there are warnings/errors, post the output. Reboot.

Now..

Code: Select all

sudo nano -w /etc/ssh/sshd_config
..search down for the line "#UsePrivilegeSeparation sandbox" and add this underneath..

Code: Select all

UsePrivilegeSeparation yes
..save and try to start 'sshd' normally..

Code: Select all

$ sudo systemctl restart ssh
$ sudo systemctl status ssh
If that doesn't work I'm afraid I'm out of ideas. From what I've just read I'm getting an impression this hits folks rarely but when it does the few posts mentioning it tend to indicate a recent update and sometimes changing sandbox -> yes has been the "fix". Perhaps someone else knows more about this issue?

hary
Posts: 41
Joined: Wed Jan 18, 2017 8:17 am

Re: I cannot SSH my pi anymore

Wed Aug 28, 2019 8:16 pm

the upgrade gave me the following :

Code: Select all

pi@RPiPerpignan:~ $ sudo apt-get update
[sudo] password for pi: 
Get:1 http://archive.raspberrypi.org/debian stretch InRelease [25.4 kB]
Get:2 http://raspbian.raspberrypi.org/raspbian stretch InRelease [15.0 kB]                   
Get:3 http://archive.raspberrypi.org/debian stretch/main armhf Packages [221 kB]
Get:4 http://raspbian.raspberrypi.org/raspbian stretch/main armhf Packages [11.7 MB]
Fetched 11.9 MB in 54s (219 kB/s)                                                                    
Reading package lists... Done
pi@RPiPerpignan:~ $ sudo apt-get upgrade
Reading package lists... Done
Building dependency tree       
Reading state information... Done
Calculating upgrade... Done
The following packages were automatically installed and are no longer required:
  lxkeymap python-cairo python-gobject python-gobject-2 python-gtk2 python-xklavier realpath
Use 'sudo apt autoremove' to remove them.
The following packages have been kept back:
  libavfilter6 libavformat57 omxplayer python-gpiozero python3-gpiozero python3-thonny
  sense-emu-tools wolfram-engine
The following packages will be upgraded:
  apt apt-transport-https apt-utils base-files bluealsa bluez-firmware ca-certificates
  chromium-browser chromium-browser-l10n chromium-codecs-ffmpeg-extra curl dbus dbus-user-session
  dbus-x11 dhcpcd5 dpkg-dev erlang-base erlang-crypto erlang-syntax-tools fake-hwclock file
  firmware-atheros firmware-brcm80211 firmware-libertas firmware-misc-nonfree firmware-realtek
  fonts-opensymbol fuse geany geany-common git git-man gnupg gnupg-agent gpgv gstreamer1.0-alsa
  gstreamer1.0-plugins-base gstreamer1.0-x gtk2-engines-clearlookspix idle-python2.7 idle-python3.5
  java-common libapt-inst2.0 libapt-pkg5.0 libarchive13 libasound2 libasound2-data libaudiofile1
  libavcodec57 libavresample3 libavutil55 libc-bin libc-dev-bin libc-l10n libc6 libc6-dbg libc6-dev
  libcupsfilters1 libcurl3 libcurl3-gnutls libdbus-1-3 libdpkg-perl libexpat1 libexpat1-dev libfaad2
  libfm-data libfm-extra4 libfm-gtk-data libfm-gtk4 libfm-modules libfm4 libfuse2 libgd3 libgnutls30
  libgstreamer-plugins-base1.0-0 libjavascriptcoregtk-4.0-18 libjs-jquery liblcms2-2 libldb1
  libmagic-mgc libmagic1 libmosquitto1 libobrender32v5 libobt2v5 libopenjp2-7 libopenmpt0
  libpackagekit-glib2-18 libpam-systemd libperl5.24 libpixman-1-0 libpng-dev libpng-tools
  libpng16-16 libpolkit-agent-1-0 libpolkit-backend-1-0 libpolkit-gobject-1-0 libpostproc54
  libpython2.7 libpython2.7-dev libpython2.7-minimal libpython2.7-stdlib libpython3.5
  libpython3.5-dev libpython3.5-minimal libpython3.5-stdlib libqt5concurrent5 libqt5core5a
  libqt5dbus5 libqt5gui5 libqt5network5 libqt5opengl5 libqt5printsupport5 libqt5widgets5 libqt5xml5
  libraspberrypi-bin libraspberrypi-dev libraspberrypi-doc libraspberrypi0 libreoffice
  libreoffice-avmedia-backend-gstreamer libreoffice-base libreoffice-base-core
  libreoffice-base-drivers libreoffice-calc libreoffice-common libreoffice-core libreoffice-draw
  libreoffice-gtk libreoffice-gtk2 libreoffice-impress libreoffice-java-common libreoffice-math
  libreoffice-report-builder-bin libreoffice-sdbc-hsqldb libreoffice-style-galaxy
  libreoffice-systray libreoffice-writer libruby2.3 libscsynth1 libsdl-image1.2 libsdl1.2debian
  libseccomp2 libservlet3.1-java libsmbclient libsoup-gnome2.4-1 libsoup2.4-1 libssh-gcrypt-4
  libssh2-1 libssl-dev libssl-doc libssl1.0.2 libssl1.1 libswresample2 libswscale4 libsystemd0
  libtiff5 libtirpc1 libudev1 libwavpack1 libwayland-client0 libwayland-cursor0 libwayland-server0
  libwbclient0 libwebkit2gtk-4.0-37 libwebsockets8 libx11-6 libx11-data libx11-xcb1 libxapian30
  libxcursor1 libzmq5 locales lxappearance-obconf lxinput lxpanel lxpanel-data lxplug-ejecter
  lxplug-network lxplug-ptbatt lxplug-volume lxpolkit lxsession lxsession-data lxsession-edit
  lxsession-logout mosquitto mosquitto-clients multiarch-support nodered obconf openbox
  openssh-client openssh-server openssh-sftp-server openssl openvpn packagekit patch pcmanfm perl
  perl-base perl-modules-5.24 pi-bluetooth pi-greeter pi-package pi-package-data pi-package-session
  piclone pimixer pipanel policykit-1 pprompt python-blinkt python-cryptography python-mote
  python-pantilthat python-phatbeat python-rainbowhat python-rpi.gpio python-sense-emu
  python-sense-emu-doc python-six python-unicornhathd python2.7 python2.7-dev python2.7-minimal
  python3-blinkt python3-cryptography python3-mote python3-pantilthat python3-phatbeat
  python3-rainbowhat python3-rpi.gpio python3-sense-emu python3-six python3-unicornhathd python3-uno
  python3.5 python3.5-dev python3.5-minimal python3.5-venv qt5-gtk-platformtheme
  raspberrypi-bootloader raspberrypi-kernel raspberrypi-sys-mods raspberrypi-ui-mods raspi-config
  raspi-copies-and-fills raspi-gpio rc-gui realvnc-vnc-server realvnc-vnc-viewer rpd-icons
  rpd-plym-splash rpi-chromium-mods rsync ruby2.3 samba-common samba-libs scratch2 shared-mime-info
  smartsim ssh supercollider-server systemd systemd-sysv tzdata udev uno-libs3 unzip ure vim-common
  vim-tiny wget wireless-regdb wiringpi wolframscript wpasupplicant xxd zenity zenity-common
281 upgraded, 0 newly installed, 0 to remove and 8 not upgraded.
Need to get 0 B/537 MB of archives.
After this operation, 150 MB of additional disk space will be used.
Do you want to continue? [Y/n] y
Reading changelogs... Done
Extracting templates from packages: 100%
Preconfiguring packages ...
dpkg: warning: files list file for package 'node-brace-expansion' missing; assuming package has no files currently installed
dpkg: warning: files list file for package 'expect' missing; assuming package has no files currently installed
dpkg: warning: files list file for package 'node-npmlog' missing; assuming package has no files currently installed
dpkg: warning: files list file for package 'node-delayed-stream' missing; assuming package has no files currently installed
dpkg: warning: files list file for package 'iptables-persistent' missing; assuming package has no files currently installed
dpkg: warning: files list file for package 'node-nopt' missing; assuming package has no files currently installed
dpkg: warning: files list file for package 'node-fstream-ignore' missing; assuming package has no files currently installed
dpkg: warning: files list file for package 'node-github-url-from-git' missing; assuming package has no files currently installed
dpkg: warning: files list file for package 'node-combined-stream' missing; assuming package has no files currently installed
dpkg: warning: files list file for package 'dnsutils' missing; assuming package has no files currently installed
dpkg: warning: files list file for package 'node-block-stream' missing; assuming package has no files currently installed
dpkg: warning: files list file for package 'node-rimraf' missing; assuming package has no files currently installed
dpkg: warning: files list file for package 'node-glob' missing; assuming package has no files currently installed
dpkg: warning: files list file for package 'netfilter-persistent' missing; assuming package has no files currently installed
dpkg: warning: files list file for package 'wget' missing; assuming package has no files currently installed
dpkg: warning: files list file for package 'node-graceful-fs' missing; assuming package has no files currently installed
dpkg: warning: files list file for package 'unattended-upgrades' missing; assuming package has no files currently installed
dpkg: warning: files list file for package 'node-cookie-jar' missing; assuming package has no files currently installed
dpkg: warning: files list file for package 'node-concat-map' missing; assuming package has no files currently installed
dpkg: warning: files list file for package 'node-fstream' missing; assuming package has no files currently installed
dpkg: warning: files list file for package 'node-mkdirp' missing; assuming package has no files currently installed
dpkg: unrecoverable fatal error, aborting:
 files list file for package 'dbus-user-session' is missing final newline
E: Sub-process /usr/bin/dpkg returned an error code (2)


swampdog
Posts: 246
Joined: Fri Dec 04, 2015 11:22 am

Re: I cannot SSH my pi anymore

Wed Aug 28, 2019 9:04 pm

dpkg: warning: files list file for package 'node-brace-expansion' missing; assuming package has no files currently installed
[snip]
^^^corruption. Your best bet at this point is to attempt to rescue what work you can.

This will make it far worse unless you can guarantee your sdcard is 100% ok..
https://askubuntu.com/questions/1106373 ... al-newline

Logic:
  • sshd works manually until last moment, enough for systemd to launch it so systemd is corrupted.
    sshd fails at last minute so chances are its crypto stuff is corrupted (other google reason for SEGV 11)
    dpkg is corrupted.
Conclusion: sdcard is corrupt either via bad power cycle(s) or physically failing.

User avatar
rpdom
Posts: 15408
Joined: Sun May 06, 2012 5:17 am
Location: Chelmsford, Essex, UK

Re: I cannot SSH my pi anymore

Thu Aug 29, 2019 3:16 am

Possibility: Not enough free space on card. That can cause all sorts of things to fail and corruption when downloading files.

Worth checking with "df -h /" command.

hary
Posts: 41
Joined: Wed Jan 18, 2017 8:17 am

Re: I cannot SSH my pi anymore

Thu Aug 29, 2019 6:52 am

Code: Select all

pi@RPiPerpignan:~ $ df -h
Filesystem      Size  Used Avail Use% Mounted on
/dev/root       6.6G  5.5G  770M  88% /
devtmpfs        460M     0  460M   0% /dev
tmpfs           464M   82M  382M  18% /dev/shm
tmpfs           464M   13M  452M   3% /run
tmpfs           5.0M  4.0K  5.0M   1% /run/lock
tmpfs           464M     0  464M   0% /sys/fs/cgroup
/dev/mmcblk0p1   43M   22M   21M  51% /boot
tmpfs            93M     0   93M   0% /run/user/1000
The SD card is supposed to be a 32Go Samsung EVO Plus.

Of course, it suffered bad power cicle ! How possible not to suffer this with a Pi ?

epoch1970
Posts: 3797
Joined: Thu May 05, 2016 9:33 am
Location: Paris, France

Re: I cannot SSH my pi anymore

Thu Aug 29, 2019 6:58 am

As you can see root is 6 GB in size, not 29 GB or so.
This means the install of Raspbian did not go through (or you modified something)

Recommend you reinstall.
"S'il n'y a pas de solution, c'est qu'il n'y a pas de problème." Les Shadoks, J. Rouxel

Ernst
Posts: 1246
Joined: Sat Feb 04, 2017 9:39 am
Location: Germany

Re: I cannot SSH my pi anymore

Thu Aug 29, 2019 7:14 am

epoch1970 wrote:
Thu Aug 29, 2019 6:58 am
As you can see root is 6 GB in size, not 29 GB or so.
This means the install of Raspbian did not go through (or you modified something)

Recommend you reinstall.
1+

And I recommend that on first boot to wait at least 10 minutes before removing power to give raspbian time to finish initialisation.
The road to insanity is paved with static ip addresses

hary
Posts: 41
Joined: Wed Jan 18, 2017 8:17 am

Re: I cannot SSH my pi anymore

Thu Aug 29, 2019 7:25 am

Ok friends.

Maybe I didn't expand the filesystem ? Is that possible ?

But I can go for a reinstall. So I'll get the new Buster instead Stretch ! The problem is always reinstalling all other needed software and configure everything. That's a lot of work each new install !

thanks you for your help.

tpyo kingg
Posts: 627
Joined: Mon Apr 09, 2018 5:26 pm
Location: N. Finland

Re: I cannot SSH my pi anymore

Thu Aug 29, 2019 12:22 pm

hary wrote:
Thu Aug 29, 2019 7:25 am
But I can go for a reinstall. So I'll get the new Buster instead Stretch ! The problem is always reinstalling all other needed software and configure everything. That's a lot of work each new install !
Depending on what you have installed, it can be rather easy to back up and restore. You can get a list of everything from the repositories that has been added or removed using dpkg:

Code: Select all

dpkg --get-selections > installed.programs.txt
Then carry that text file over to the freshly installed system and use dpkg again:

Code: Select all

sudo apt update
sudo dpkg --clear-selections
sudo dpkg --set-selections < installed.programs.txt
sudo apt-get dselect-upgrade
The for embedded and server tools, the configurations will be found in /etc/ and that can be backed up with tar. Likewise tar can be used to back up the desktop programs' configurations found in the "pi" account's home directory.

If you have databases or a few other specialized tools, then there are more steps involved. But the above will cover most other setups.

Return to “Beginners”