[Solved] Can't access as root through SSH

sauko · May 9, 2016, 11:55am

Hi, I installed Yunohost in a Pi 2 with no problem. After some tweaks for making the device’s IP static, now I cannot access through ssh, it says “ssh_exchange_identification: read: Connection reset by peer” as I could before.

Port 22 is open in my router.

Any idea?

Thanks!

UPDATE on how to solve this, thanks to @aoz :

Reloaded Yunohots’s firewall:

sudo yunohost firewall reload

I also found out that “fail2ban” may have banned my remote computer’s
ip, so also a IP change may be needed if this happens after firewall
reload.

sudo ifconfig wlan0 192.168.1.XX netmask 255.255.255.0

Where 192.168.1.XX is the new IP to choose. For other users, take
into account that 192.168.1.XX may be 192.168.0.XX or any other address
depending on your router config.

This should do the job.

aoz · May 9, 2016, 12:44pm

Perhaps the root login is not allowed by ssh… See the option “PermitRootLogin” in the file “/etc/ssh/sshd_config”

I would say it is safer to avoid login as root. Then, after being logged, you will be able to ‘su’.

sauko · May 9, 2016, 4:22pm

Thanks for the reply aoz.

What bothers me is that before I could access by ssh as a root. I haven’t changed anything else but the machine’s IP to static.

aoz · May 9, 2016, 7:51pm

Is your router forwarding port 22 to that static IP?

Don’t you have another user account on that machine that you could try to use to login (in order to check if the problem is about the root ssh access or only the ssh access)?

Did you try reloading your firewall configuration?
sudo yunohost firewall reload

sauko · May 11, 2016, 11:04am

Yes @aoz reloading the firewall made it. Thanks!

how come firewall is giving this problem?
Would this be considered as a bug?

I was reinstalling and this time I realized this happens even before the static IP change, right after doing the update recommended after the postinstall process: https://yunohost.org/#/install_on_raspberry

Salut!

sauko · May 14, 2016, 12:14pm

Ok, I found out also that fail2ban may be banning my remote computer’s ip, so also a IP change may be needed if this happens after firewall reload.

sudo ifconfig wlan0 192.168.1.XX netmask 255.255.255.0

Where 192.168.1.XX is the new IP to choose. For other users, take into account that 192.168.1.XX may be 192.168.0.XX or any other address depending on your router config.

This way I solved my Issue, thanks!