SSH login to Raspberry error

I have two Raspberry devices on my LAN that I can SSH into with PuTTY without issue.
I am attempting to log into a friend of mine’s Raspberry via the internet. I have setup the port forwarding on their router and it appears that I am able to reach the device.

I expect this dialogue, since it’s the first time I’ve SSH’d into the device:

After inputting the default username of osmc, I hit enter to be prompted for the password, but it returns an error instead:


Something I’ve noticed is the difference in key host types saved in the Windows registry between the two devices on my LAN and my friend’s accessed through the internet:

The OSMC version on all devices is the same:

I’m not a SSH expert by any means, so I hope someone here can give me an idea as to what may be happening. I have searched the OSMC forums and found a number of SSH error posts, but nothing that behaves exactly as I am experiencing.

Thanks for your help in advance!

At first glance, it looks like your fiend’s device has been configured to use a keyfile, rather than password, for SSH access.

There was a very recent case where a user’s sshd_config file appeared to have been altered by persons unknown, probably when port 22 was opened to the Internet. You need to ask your friend if they’ve made any changes to /etc/ssh/sshd_config.

1 Like

Thanks for your response!
She doesn’t have the background to attempt something like a change to a config file. I’m the only one that has done anything on her device. As another note, when I tested a SSH connection to her Raspberry while I was still connected to her LAN, I was able to log in. The key host fingerprint was in my Windows registry, but when I had trouble connecting through the internet, I cleared all the keys. Stupid I know. I should have exported the registry key before making changes. Newbie mistake on my part.
Any idea why the fingerprint is ecdsa-sha2-nistp256 for hers instead of ssh-ed25519?

Oh yeah, I think I saw the post that had that mysterious change to the config file.
Probably was a thread that you had responded to.

Are you forwarding on port 22? Did you change the user:pass? What kind of timeframe are we talking about between opening to the world and your failed attempt?

Did you open port 22? If so then like in the other post, your friends system has probably been compromised. Probably your best bet is a fresh install.

1 Like

I did set the port forwarding on her router for port 22.
When you say “compromised” do you mean someone has actually gone into her system?
Fresh install of OSMC…I’ll try that this weekend when I can go to her place. i’ll look at the config file you named while I’m there, too.
I can’t believe how quickly someone would have accessed her system.
Thanks again for your responses

It can happen quick from what we’ve seen. In the future, don’t open port 22, use a random higher numbered port. And it’s best to turn off password access via ssh completely to prevent something like this in the future. Use SSH keys, easy, convenient and much more secure.

Most modern routers provide a method to do a sort of “port shift” when forwarding. You can open some random high numbered outside port and direct it to port 22 of the local IP you wish to access. This is still no excuse to contine to use the default user:pass. The password must always be changed to something much more secure. Using port 22 in the outside world is begging to be compromised.

Manage your risk as you see fit.

1 Like

Thanks for all your responses

You’re right. I should have obscured several layers including the external port number and password. It’s just hard to believe that someone is just hanging out looking for the opportunity to gain access. Overall, it’s not a big deal. It’s doesn’t give them access to anything else. Just an annoyance.

Again, thanks for all your help!

Suggest to connect to her PC via teamviewer and then try to login to OSMC via SSH on the LAN. If that is still working you can check the sshd config already before the weekend to play safe.

Disconnect it from the network now.
Run last -9 and unless they’ve cleaned up; you’ll probably see some nasty surprises

Not sure what “last-9” is. Sorry about that. I’m still strengthening my LInux skills.
I’m going to set the external port to an arbitrary number as has been recommended and set up a fresh installation of OSMC.
Thanks for your help!

Don’t forget to change the password as well! Only changing the port alone is not enough.
Good luck! :wink:

That too!