SSH not working after May update

Help and Support
29

Looks normal,
how about:
cat /etc/ssh/sshd_config | paste-log
cat /etc/systemd/system/sshd.service | paste-log

30

post ls -lah /etc/ssh/ also please use the preformatted text button (</>) when posting

31

Could you run the command w for us please (just one letter).

32

@Sukre can not post anymore as he just joined today and has reached the forum limit.
All looks ok
sshd_config https://paste.osmc.tv/bileduweco
sshd.service https://paste.osmc.tv/qosakokeye

and ls -lah

drwxr-xr-x 2 root root 4.0K Jun 10 12:44 .
drwxr-xr-x 73 root root 4.0K Jun 10 10:47 ..
-rw-r--r-- 1 root root 237K Jul 22 2016 moduli
-rw-r--r-- 1 root root 1.6K Jul 22 2016 ssh_config
-r-------- 1 root root 668 Mar 20 11:39 ssh_host_dsa_key
-r-------- 1 root root 599 Mar 20 11:39 ssh_host_dsa_key.pub
-r-------- 1 root root 227 Mar 20 11:38 ssh_host_ecdsa_key
-r-------- 1 root root 171 Mar 20 11:38 ssh_host_ecdsa_key.pub
-r-------- 1 root root 399 Mar 20 11:38 ssh_host_ed25519_key
-r-------- 1 root root 91 Mar 20 11:38 ssh_host_ed25519_key.pub
-r-------- 1 root root 963 Jul 22 2016 ssh_host_key
-r-------- 1 root root 627 Jul 22 2016 ssh_host_key.pub
-r-------- 1 root root 1.7K Mar 20 11:39 ssh_host_rsa_key
-r-------- 1 root root 391 Mar 20 11:39 ssh_host_rsa_key.pub
-rw-r--r-- 1 root root 2.9K Jun 10 13:10 sshd_config
-rw-r--r-- 1 root root 2.9K Jun 10 10:38 sshd_config.save
-rw-r--r-- 1 root root 2.9K Jun 10 12:44 sshd_config.save.1
-rw-r--r-- 1 root root 2.9K Jun 10 12:44 sshd_config.save.2
-rw-r--r-- 1 root root 2.9K Jun 10 12:44 sshd_config.save.3
33

This looks ā€œoddā€ for a Pi:

CGroup: /system.slice/ssh.service
           |-4475 sshd: osmc [priv]
           |-4477 sshd: osmc@notty
           |-4478 /usr/lib/openssh/sftp-server
           |-4734 /usr/sbin/sshd -D
           |-5192 sshd: osmc [priv]
           |-5194 sshd: osmc@pts/0
           |-5195 -bash
           |-5219 sshd: root [priv]
           |-5220 sshd: root [net]
           |-5225 sshd: [accepted]
           |-5226 sshd: [accepted]
           |-5227 sshd: [net]
           |-5228 sshd: [net]
           |-5229 sshd: [accepted]
           |-5230 sshd: [accepted]
           |-5231 sshd: [net]
           |-5232 sshd: [net]
           |-5233 sshd: [accepted]
           |-5234 sshd: [net]

and

Jun 10 12:51:03 Pi sshd[4789]: Received disconnect from 116.31.116.44: 11: [preauth]
Jun 10 12:51:09 Pi sshd[4795]: Failed password for root from 116.31.116.44 port 36765 ssh2
Jun 10 12:51:09 Pi sshd[4795]: Failed password for root from 116.31.116.44 port 36765 ssh2
Jun 10 12:51:10 Pi sshd[4795]: Failed password for root from 116.31.116.44 port 36765 ssh2

and

Jun 10 13:05:49 Pi sshd[5219]: Failed password for root from 116.31.116.44 port 14049 ssh2
Jun 10 13:05:50 Pi sshd[5219]: Failed password for root from 116.31.116.44 port 14049 ssh2
Jun 10 13:05:50 Pi sshd[5219]: Failed password for root from 116.31.116.44 port 14049 ssh2

Probably port 22 is being forwarded, etc, etc.

34

Hello im Sukre, i reached the limit of the topic for new accounts to and cannot send mensagges either, that why i created this account, hope u guys are ok whit this

https://discourse.osmc.tv/t/ssh-update/37404/2

Here it is

osmc@Pi:~$ cat /etc/systemd/system/sshd.service            
[Unit]
Description=OpenBSD Secure Shell server
After=network.target auditd.service
ConditionPathExists=!/etc/ssh/sshd_not_to_be_run

[Service]
EnvironmentFile=-/etc/default/ssh
ExecStart=/usr/sbin/sshd -D $SSHD_OPTS
ExecReload=/bin/kill -HUP $MAINPID
KillMode=process
Restart=on-failure

[Install]
WantedBy=multi-user.target
Alias=sshd.service
35

Right, overlooked that. Thought he just mistyped

@Sukre it looks like you are portforwarding ssh from the internet to your OSMC. That is quite dangerous with out proper hardening SSH access. There might be even the chance that you already have been hacked and that is part of the reason of the strange behaviour.

As there are also additional services (PIDā€™s) started with your sshd

Maybe crosscheck your sshd with md5sum /usr/sbin/sshd the sum should be 67f7b73c4787e1b783c5dd3d9e27b1e3

36

Yeah i port forward whit the 22 port, but the default password is change d since day 1, also i just tried disabling port forwarding and changing the port and i get the exact same result

Mine is different and starts whit fd8

37

Thatā€™s not good at all

38

Please run the w command. Weā€™ll have a better idea of what/who is on the box.

39

How? Even if i use the default port i use a complex password since day 1, also could be something else besideā€™s have been hacked ?

 14:19:31 up  3:47,  1 user,  load average: 0.60, 0.63, 0.67
USER     TTY      FROM             LOGIN@   IDLE   JCPU   PCPU WHAT
osmc     pts/0    192.168.0.13     14:19    2.00s  0.06s  0.03s w

That ip is me from my ipad

40

Only other explanation is you got the ssh server from a different repository. Try to remove all non standard repositories from sources.list and reinstall ssh server.

But with all that additional PIDā€™s started the hacked chance is quite likely

41

This could be because the app i use terminus for ios, i force close the app always and maybe the session dont close well and that why look like various conexions, if i restart the pi and output that again i get this

   osmc@Pi:~$ sudo systemctl status sshd
* ssh.service - OpenBSD Secure Shell server
   Loaded: loaded (/lib/systemd/system/ssh.service; enabled)
   Active: active (running) since Sat 2017-06-10 14:39:05 CEST; 2s ago
 Main PID: 7639 (sshd)
   CGroup: /system.slice/ssh.service
           |-7620 sshd: osmc [priv]
           |-7622 sshd: osmc@pts/0
           |-7623 -bash
           |-7639 /usr/sbin/sshd -D
           |-7641 sudo systemctl status sshd
           `-7642 systemctl status sshd
42

The only repository that i have added is one for installing the noip service, but when i updated my router and got this function i removed the service and the source from source list. Other than than i maybe ii tried sometime to install the ssh server form comand line and not from myosmc store, but for that i didnt add any repository

43

Already did that, this are all the ssh related packages that i got installed they are right?

osmc@Pi:~$ dpkg --get-selections | grep ssh
libssh-4:armhf                                  install
libssh2-1:armhf                                 install
openssh-client                                  install
openssh-server                                  install
openssh-sftp-server                             install
ssh-app-osmc                                    install
44

So you removed that in the meantime?

45

Yeah i remove it when u guys told me in the earlier commnets, and like i said i did not add this repository, i added another one for the noip sevice months ago that i removre 2 weeks later because i didnt need it, and im not sure but i think i got that unstable repository since i fresh install osmc on my pi

46

OK, than I really suggest you do a clean reinstall if ghosts add repositories to your sources.list :wink:

47

And for my previos question is normal that i hace this many sah services installed?

osmc@Pi:~$ dpkg --get-selections | grep ssh
libssh-4:armhf                                  install
libssh2-1:armhf                                 install
openssh-client                                  install
openssh-server                                  install
openssh-sftp-server                             install
ssh-app-osmc                                    install
48

yes

osmc@osmc:~$ dpkg --get-selections | grep ssh
libssh-4:armhf					install
libssh2-1:armhf					install
openssh-client					install
openssh-server					install
openssh-sftp-server				install
ssh-app-osmc					install