Juggernoud1
Posts: 3
Joined: Sat Dec 30, 2017 8:41 am

Permission denied to the Rapsberry Pi (unable to do anything)

Sat Dec 30, 2017 9:03 am

Hi there,

It seems that I have been hacked on my Rapsberry Pi :( I am unable to login into my Raspberry Pi. I can't typ anything while starting up the Rapsberry Pi.
It keeps sending me new text over and over again while trying to reconnect. It says Connection timed out during banner exchange and then it says lost connection.
Also it tries it connect to different SSH ports without success. In attachment there is a picture of my issue:
Lost connection2.JPG
Lost connection
Lost connection2.JPG (48.78 KiB) Viewed 1772 times
I also tried to reset the Pi in the cdmline text file with this: dwc_otg.lpm_enable=0 console=ttyAMA0,115200 kgdboc=ttyAMA0,115200 console=tty1 root=/dev/mmcblk0p2 rootfstype=ext4 elevator=deadline rootwait init=/bin/sh

But the main issue is that I can't typ anything while starting up the Raspberry Pi. Also I tried to connect via MyPutty but it's impossible to make connection with the Raspberry Pi.

I hope there is someone with suggestions how to tackle this issue.
Many many thanks in advance!!

Kind regards,
Noud

jamesh
Raspberry Pi Engineer & Forum Moderator
Raspberry Pi Engineer & Forum Moderator
Posts: 23883
Joined: Sat Jul 30, 2011 7:41 pm

Re: Permission denied to the Rapsberry Pi (unable to do anything)

Sat Dec 30, 2017 10:13 am

Try flashing the SD card. You lose any data on the card, but from what I can see, that installation looks very unwell.
Principal Software Engineer at Raspberry Pi (Trading) Ltd.
Contrary to popular belief, humorous signatures are allowed. Here's an example...
“I think it’s wrong that only one company makes the game Monopoly.” – Steven Wright

beta-tester
Posts: 1242
Joined: Fri Jan 04, 2013 1:57 pm
Location: de_DE

Re: Permission denied to the Rapsberry Pi (unable to do anything)

Sat Dec 30, 2017 10:36 am

your picture looks similar to an other thread:
viewtopic.php?f=28&t=201119
{ I only give negative feedback }
RPi B (rev1, 256MB), B (rev2, 512MB), B+, 2B, 3B, 3B+, ZeroW, ...

User avatar
DougieLawson
Posts: 36316
Joined: Sun Jun 16, 2013 11:19 pm
Location: Basingstoke, UK
Contact: Website Twitter

Re: Permission denied to the Rapsberry Pi (unable to do anything)

Sat Dec 30, 2017 10:39 am

beta-tester wrote:
Sat Dec 30, 2017 10:36 am
your picture looks similar to an other thread:
viewtopic.php?f=28&t=201119
I've reported both threads as that's a common spammer technique - take an ancient post and re-post it. It would be odd to have two users with identical failures in /etc/rc.local causing their machine to fail to boot.
Note: Having anything humorous in your signature is completely banned on this forum. Wear a tin-foil hat and you'll get a ban.

Any DMs sent on Twitter will be answered next month.

This is a doctor free zone.

User avatar
jojopi
Posts: 3085
Joined: Tue Oct 11, 2011 8:38 pm

Re: Permission denied to the Rapsberry Pi (unable to do anything)

Sat Dec 30, 2017 12:04 pm

The pictures are not identical, and I do not see how this could possibly be spam.

Clearly both posters have very similar stuff added to rc.local, though. Maybe this is the result of a compromise, as suggested in the original post.

If you do not recognise why the system is attempting to run ssh at boot, then you need to do a fresh Raspbian install. If there are files you want to recover from the existing install, do the fresh install on a new SD card and then mount the old one in a USB card reader.

Juggernoud1
Posts: 3
Joined: Sat Dec 30, 2017 8:41 am

Re: Permission denied to the Rapsberry Pi (unable to do anything)

Sun Dec 31, 2017 7:30 am

jojopi wrote:
Sat Dec 30, 2017 12:04 pm
The pictures are not identical, and I do not see how this could possibly be spam.

Clearly both posters have very similar stuff added to rc.local, though. Maybe this is the result of a compromise, as suggested in the original post.

If you do not recognise why the system is attempting to run ssh at boot, then you need to do a fresh Raspbian install. If there are files you want to recover from the existing install, do the fresh install on a new SD card and then mount the old one in a USB card reader.
Thank you very much for your help and support! I appreciate it very much! I will try what you suggest. Have a great and happy 2018. Cheers.


ricman
Posts: 6
Joined: Mon Feb 16, 2015 3:30 pm

Re: Permission denied to the Rapsberry Pi (unable to do anything)

Mon Jan 01, 2018 9:42 pm

Juggernoud1 wrote:
Sat Dec 30, 2017 9:03 am
Hi there,

It seems that I have been hacked on my Rapsberry Pi :( I am unable to login into my Raspberry Pi. I can't typ anything while starting up the Rapsberry Pi.
It keeps sending me new text over and over again while trying to reconnect. It says Connection timed out during banner exchange and then it says lost connection.
Also it tries it connect to different SSH ports without success. In attachment there is a picture of my issue:

Lost connection2.JPG

I also tried to reset the Pi in the cdmline text file with this: dwc_otg.lpm_enable=0 console=ttyAMA0,115200 kgdboc=ttyAMA0,115200 console=tty1 root=/dev/mmcblk0p2 rootfstype=ext4 elevator=deadline rootwait init=/bin/sh

But the main issue is that I can't typ anything while starting up the Raspberry Pi. Also I tried to connect via MyPutty but it's impossible to make connection with the Raspberry Pi.

I hope there is someone with suggestions how to tackle this issue.
Many many thanks in advance!!

Kind regards,
Noud
Also me have identical problem....
How to resolve ? And why happen this ?
I have a webapp on raspberry, and this work very well.
But I can't to connect in ssh ....I have the same problem with the same your screenshot
I post the ssh command with -v options:

Code: Select all

ssh -v pi@192.168.178.38
OpenSSH_6.6.1, OpenSSL 1.0.1f 6 Jan 2014
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to 192.168.178.38 [192.168.178.38] port 22.
debug1: Connection established.
debug1: identity file /home/ricman/.ssh/id_rsa type 1
debug1: identity file /home/ricman/.ssh/id_rsa-cert type -1
debug1: identity file /home/ricman/.ssh/id_dsa type -1
debug1: identity file /home/ricman/.ssh/id_dsa-cert type -1
debug1: identity file /home/ricman/.ssh/id_ecdsa type -1
debug1: identity file /home/ricman/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/ricman/.ssh/id_ed25519 type -1
debug1: identity file /home/ricman/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.8
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.4p1 Raspbian-10+deb9u2
debug1: match: OpenSSH_7.4p1 Raspbian-10+deb9u2 pat OpenSSH* compat 0x04000000
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-sha1-etm@openssh.com none
debug1: kex: client->server aes128-ctr hmac-sha1-etm@openssh.com none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA 06:6b:84:c5:ed:63:90:21:31:7b:b8:94:b0:20:f1:a6
debug1: Host '192.168.178.38' is known and matches the ECDSA host key.
debug1: Found key in /home/ricman/.ssh/known_hosts:52
debug1: ssh_ecdsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/ricman/.ssh/id_rsa
debug1: Authentications that can continue: publickey,password
debug1: Trying private key: /home/ricman/.ssh/id_dsa
debug1: Trying private key: /home/ricman/.ssh/id_ecdsa
debug1: Trying private key: /home/ricman/.ssh/id_ed25519
debug1: Next authentication method: password
pi@192.168.178.38's password: 
debug1: Authentications that can continue: publickey,password
Permission denied, please try again.
pi@192.168.178.38's password: 

ricman
Posts: 6
Joined: Mon Feb 16, 2015 3:30 pm

Re: Permission denied to the Rapsberry Pi (unable to do anything)

Wed Jan 03, 2018 7:44 am

ok.
I think I have solved: this happen because I have a virus: Linux.MulDrop.14, that infects Raspberry Pi devices....

https://itsfoss.com/raspberry-pi-malware-threat/

User avatar
RaTTuS
Posts: 10491
Joined: Tue Nov 29, 2011 11:12 am
Location: North West UK

Re: Permission denied to the Rapsberry Pi (unable to do anything)

Wed Jan 03, 2018 9:43 am

^ probably,
as james said , reflash a new image
and never ever expose your RPi to the world via port forwarding unless you first disable the pi user or at least change it's password from the default
How To ask Questions :- http://www.catb.org/esr/faqs/smart-questions.html
WARNING - some parts of this post may be erroneous YMMV

1QC43qbL5FySu2Pi51vGqKqxy3UiJgukSX
Covfefe

Juggernoud1
Posts: 3
Joined: Sat Dec 30, 2017 8:41 am

Re: Permission denied to the Rapsberry Pi (unable to do anything)

Thu Jan 04, 2018 9:49 am

Thanks for all your help. I appreciate it.
I ordered a new Raspberry Pi with a new SC card. Not only for this issue but also to have a back up for my installation.

At the moment I am backing up all the files from my infected Raspberry pi with Ext2Read for the programs that are still on there (https://superuser.com/questions/465393/ ... on-windows)

Now I am trying to get these files back on my infected Raspberry Pi. I guess I first have to format that one and then putting everything back. But I want to be sure if the backupped files are done correctly and how to get them back into the right folders. I only found ways to save files instead of putting files back on the SD chard.

Does someone have an idea how to get this done?

Thanks for your help.
Kind regards,
Noud

Return to “Troubleshooting”