Ssh access problems

Hi there! I’m facing issue after a long while I wasn’t accessing from internet (i…e. when I’m not on my LAN). I used to be able to ssh from internet since my first installation of osmc on august 2018. On last Easter I updated to osmc 18 (Kodi Leia) and now I’m having trouble to access from internet, though I can log in via ssh from local address (i.e. 192.168.1.x).
Can it depend on some new feature of the update? (that is, updates of the Debian based osmc).
Googling I found that I should change ‘PasswordAuthentication’ to yes in /etc/ssh/sshd_config, but haven’t had time to access osmac locally yet to try this solution.
Any ideas why it used to work before?

Thanks to anyone helping!

It’s impossible to guess from the information you’ve given, but some ideas to check:

What exactly is happening when you try to connect remotely? Does it seem to be connecting at all?
You did change the osmc password I hope. If you didn’t then you may as well re-install.

Check sudo journalctl after a connection attempt to see if anything shows up there.

1 Like

Thanks for quick reply!
When I try to connect remotely I get the “Permission denied (publickey,keyboard-interactive)” message, so that’s why I think that I should change ‘PasswordAuthentication’ to yes in /etc/ssh/sshd_config. Strange thing is that it used to work before the recent updates…

A soon as I am back to my local console I will try to check journalctl.
Thanks again and cheers!

Try removing your local key on the system you are sshing from. See if that helps. (just re-name it).

How do you have your port forwarded? Do you have a VPN, or just opened a port on your firewall/router?

already tried it, but it didn’t solve the problem…
I think I will try to set up Private/Public Keys, 'cause I’m reading that using only password can expose my system to brute-force, you know.
I have changed default osmc password and I don’t have a VPN.
I will give feedback in a day or two…

If you simply forwarded port 22 through your router to allow access, you have probably already been owned and this would explain the issues you are having now. The only way to recover is to close port 22 and reinstall.

If you provide ful logs we might be better able to help (grab-logs -A).

Also a view of file /etc/ssh/sshd_config would be useful. Please run paste-log /etc/ssh/sshd_config and provide the URL.

Could you be more precise, please? Reinstall what? And can I reopen port 22 afterwards?

Reinstall your system. If you forwarded port 22, your system was probably hacked.

Once you do a new fresh installation, do not forward SSH on port 22 again. Pick a higher port (> 30000) and make sure that you change your OSMC password.

But, you really should not open SSH to the outside world unless you have a real good reason and you fully understand what you are doing and the risks involved.

OK, I checked my sshd_config file and discoverd that PasswordAuthentication was set to no, so now I have changed it to yes and I finally can connect through internet.
I have also changed the port SSH is forwarded to and I’m going to disable port forwarding, BUT I have just discoverd that FileZilla can’t connect to the server anymore (osmc on RPi) on the local network. I’m getting the following message:

Received unexpected end-of-file from SFTP server

What’s happening now?

Here are my logs
full log
sshd_config

Thanks for your time mates!

You system most likely has been hacked as we already told you. Your best bet to stay safe is a reinstall of OSMC. Anything short of that and it’s difficult to say what’s going on. A reinstall is not that difficult; it will probably take less time that trying to figure out your next problem. Just backup your .kodi directory first to save Kodi settings.

1 Like

Really??? :fearful:
Meanwhile I reinstall OSMC, is it safe enough to close port forwarding?
Is there a way to check what demages have been done?

Thanks again

Once you re-install, do not forward the port again, unless you truly have a need. Read my prior comments about that.

It easier, safer and quicker to backup .kodi and just reinstall vs trying to track down what may have been done.

Hi Guys!
I tried to check what had happened to my system and issued a few commands
last
netstat | more
I havent’t been able to understantd if there were some malicoius scripts and the bash_history didn’t help either… Anyway I had the “feeling” :stuck_out_tongue_winking_eye: that something was out of order (has you already told me! …yes, I couldn’t believe it at first, sorry… :pensive:), so I reinstalled OSMC and restored .kodi. Now I think I am back on a stable and secure system (no port forwarding at the moment). Thanks again for your warnings and help!

By the way, should I change password and credentials used in the kodi Add-ons like YouTube, Amazon VOD and GoogleDrive?

Cheers mates!

You should assume nefarious actors had complete access to your entire previous system.

Shouldn’t I have found something in the netstat ?

Only if someone is still connected.
Try last -9; but logs may have been cleaned up.

Sam

Yep!, I have reinstalled OSMC by now…

By the way, Maybe it could be a good idea to update the wiki regarding ssh connection to login to osmc, I mean adding a warning about port forwarding and so on…

We already do.
https://osmc.tv/wiki/general/keeping-osmc-secure/

We don’t give instruction or any recommendations to use port forwarding. Any instruction or tutorial on doing so should provide such a warning on bypassing a firewall (which is there to protect your lan and systems from intruders) as well as the clear warnings that are certainly obvious and given on the menu of every modern router where port forwarding is configured.

Sorry, I meant to put warnings in the following section of the wiki
https://osmc.tv/wiki/general/accessing-the-command-line/

But, my fault, it’s already advised in this other section
https://osmc.tv/wiki/general/keeping-osmc-secure/

Thanks anyway