SSH just doesn't work

[bobak2000]

Hello all,
Ok, before I get any comments saying I need to search or anything. i have done. I've read everything I can both here and around the web and I can't find any help.

I have a QNAP TS-251 with 1x 4TB Western Digital HDD, 16Gb RAM and running OS version 4.2.5.

I also have a QNAP TS-419+ back home in the UK which I don't use anymore but just mentioning as I am not new to running a QNAP NAS.
My old NAS had no issues with SSH or anything really, other than being wildly underpowered.

Anyway. I cannot SSH. Not at all. I have tried from my Mac and from a Windows machine and get the same error. I have tried Putty and I've tried Terminal and another app that I have sadly forgotten the name of.
I have ticked the box to enable SSH on port 22 and I do not enable Telnet as it's not secure. I did briefly enable it to see if i could connect that way, but i get the same issue.
SSHD is not running and I have tried going into CLI using Shellinabox and i'll be honest, I'm just not great with Linux CLI.
When i try to SSH to it, I get the same error "Connection Refused" and that's it.

So my question is... why won't SSH work and how do I get it to work? Maybe that's a touch vague, but thats genuinely where I am at at the moment.

Please ask any questions you need to help you help me. I am very grateful for any assistance.

Thanks,
Bob

[OneCD]

Hi Bob.

As you've previously connected via SSH, then you already know to use your NAS "admin" user and password, so that shouldn't be an issue here.

SSHD is not running and I have tried going into CLI using Shellinabox and i'll be honest, I'm just not great with Linux CLI.

How did you determine SSHD is not running?

When i try to SSH to it, I get the same error "Connection Refused" and that's it.

Are you connecting via your LAN or from a remote site? Can you please post a screenshot of your connection session?

[bobak2000]

well i do work on linux for some firewalls at work, so i know a little, just not as much as i need. i looked at "top" and it wasn't there. I looked in resource monitor in GUI and it wasn't there either.

i have just upgraded to 4.3.3 and realized its no good as I can't run a bunch of apps, so i downgraded back to 4.2.5 and i've done a whole bunch of restarts. i even thought i had added SSHD to the init.d login file but clearly i haven't.

I am at a loss.

SABNZBD wouldn't run on 4.3.3 by the way, hence the downgrade... would love it if it did, otherwise i got everything working.

Anyways, yes, SSHD just wan't in top or resource monitor.

[OneCD]

well i do work on linux for some firewalls at work, so i know a little, just not as much as i need. i looked at "top" and it wasn't there. I looked in resource monitor in GUI and it wasn't there either.

Yes, you may be lucky to see it there - those apps don't show all processes.

But to access 'top', you must have some sort of access. Are you using the console? (with a locally attached keyboard and monitor?)

i have just upgraded to 4.3.3 and realized its no good as I can't run a bunch of apps, so i downgraded back to 4.2.5 and i've done a whole bunch of restarts. i even thought i had added SSHD to the init.d login file but clearly i haven't.

Did you only have this issue after downgrading?

[bobak2000]

No, I was using ShellInABox app on the QNAP, which gives you a command line in a web browser. pretty smart app.

No, I've had the issue since i've had the NAS... it's taken until now for me to start really troubleshooting it. It's been through several updates of the OS, but regardless of which one, SSH has always failed to work and gives the same Connection Refused error.

I literally SSH every day at work into Cisco Routers/Switches so i'm familiar with SSH generally, but no luck here.

[OneCD]

No, I was using ShellInABox app on the QNAP, which gives you a command line in a web browser. pretty smart app.

I know the one.

No, I've had the issue since i've had the NAS... it's taken until now for me to start really troubleshooting it. It's been through several updates of the OS, but regardless of which one, SSH has always failed to work and gives the same Connection Refused error.

OK, can you please run this one to confirm if the SSH daemon is running?

Code: Select all

ps | grep sshd | grep -v grep

edit: actually - if you can login via ShellInABox, then the SSH daemon is running. That should have occurred to me sooner.

I literally SSH every day at work into Cisco Routers/Switches so i'm familiar with SSH generally, but no luck here.

Cool, then you understand the fundamentals.

Can you please post a transcript or screenshot from your Mac's terminal program demonstrating what happens when you attempt to establish the connection?

[ensignvorik]

No, I was using ShellInABox app on the QNAP, which gives you a command line in a web browser. pretty smart app.

No, I've had the issue since i've had the NAS... it's taken until now for me to start really troubleshooting it. It's been through several updates of the OS, but regardless of which one, SSH has always failed to work and gives the same Connection Refused error.

I literally SSH every day at work into Cisco Routers/Switches so i'm familiar with SSH generally, but no luck here.

Have you set an security policies up, such as x amount of failed logins from a certain IP on a service, and it bans it.

[bobak2000]

Yes. For SSH, 10 times in 10 minutes bans for 5 minutes.

[bobak2000]

sorry I missed a couple of your replies.

Heres the output from terminal:

admin$ ssh admin@192.168.1.5
ssh: connect to host 192.168.1.5 port 22: Connection refused

I ran the command you asked me to run, but it did nothing. Maybe it did something but CLI didn't provide any feedback at all. Just blank.

[OneCD]

I ran the command you asked me to run, but it did nothing. Maybe it did something but CLI didn't provide any feedback at all. Just blank.

Hmm... that's not good. Should see something like this:

Code: Select all

[~] # ps | grep sshd | grep -v grep
 4928 admin      3044 S   sshd: admin@pts/2                                      
31101 admin      1124 S   /usr/sbin/sshd -f /etc/config/ssh/sshd_config -p 22 

admin$ ssh admin@192.168.1.5
ssh: connect to host 192.168.1.5 port 22: Connection refused

Can you try this again as:

Code: Select all

ssh -v admin@192.168.1.5

This will show a verbose connection output. Please post it back here.

I'll be unavailable for the next several hours as it's late here. See you in the morning!

[bobak2000]

Thanks. I fear I may have lost CLI access when I upgraded to 4.3.3 and I don't think shellinabox works. But I can do a -v command for you later. Will be at work today.
Thank you for the help by the way.

[MTX]

Hi!
I just had the same problems and was able to connect thru telnet.
Starting sshd manually showed the root cause:

Code: Select all

# /etc/init.d/login.sh start
Starting sshd service: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@         WARNING: UNPROTECTED PRIVATE KEY FILE!          @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0644 for '/etc/ssh/ssh_host_rsa_key' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
key_load_private: bad permissions
Could not load host key: /etc/ssh/ssh_host_rsa_key

...

It is required that your private key files are NOT accessible by others.
This private key will be ignored.
key_load_private: bad permissions
Could not load host key: /etc/ssh/ssh_host_dsa_key
Disabling protocol version 2. Could not load host key
sshd: no hostkeys available -- exiting.
OK
[~] #

As I had this issue already once before, I'm sure, that my key files had the correct permissions already set before the QTS 4.3.3 upgrade was started.

I did the same QTS upgrade on an other machine and had no problems. So, I don't know why the permissions were incorrect, but, they are preventing sshd from operation. Changing the permissions is not very difficult:

Code: Select all

[/etc/ssh] # ls -la
total 20
drwxr-xr-x    2 admin    administ       140 Apr 23  2010 ./
drwxr-xr-x   28 admin    administ      3000 May 29 15:10 ../
-rw-r--r--    1 admin    administ       668 Oct 24  2015 ssh_host_dsa_key
-rw-r--r--    1 admin    administ       605 Oct 24  2015 ssh_host_dsa_key.pub
-rw-r--r--    1 admin    administ      1675 Oct 24  2015 ssh_host_rsa_key
-rw-r--r--    1 admin    administ       397 Oct 24  2015 ssh_host_rsa_key.pub
-rw-r--r--    1 admin    administ      3084 Apr 23  2010 sshd_config
[/etc/ssh] # chmod 600 ssh_host_dsa_key ssh_host_rsa_key
[/etc/ssh] # /etc/init.d/login.sh start
Starting sshd service: OK
Starting telnet service: telnetd: starting
  port: xxxxx; interface: any; login program: /bin/naslogin
bind: Address already in use
OK
[/etc/ssh] # 

Good luck to all !

[korzus]

Hi!
I just had the same problems and was able to connect thru telnet.
Starting sshd manually showed the root cause:

Code: Select all

# /etc/init.d/login.sh start
Starting sshd service: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@         WARNING: UNPROTECTED PRIVATE KEY FILE!          @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0644 for '/etc/ssh/ssh_host_rsa_key' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
key_load_private: bad permissions
Could not load host key: /etc/ssh/ssh_host_rsa_key

...

It is required that your private key files are NOT accessible by others.
This private key will be ignored.
key_load_private: bad permissions
Could not load host key: /etc/ssh/ssh_host_dsa_key
Disabling protocol version 2. Could not load host key
sshd: no hostkeys available -- exiting.
OK
[~] #

As I had this issue already once before, I'm sure, that my key files had the correct permissions already set before the QTS 4.3.3 upgrade was started.

I did the same QTS upgrade on an other machine and had no problems. So, I don't know why the permissions were incorrect, but, they are preventing sshd from operation. Changing the permissions is not very difficult:

Code: Select all

[/etc/ssh] # ls -la
total 20
drwxr-xr-x    2 admin    administ       140 Apr 23  2010 ./
drwxr-xr-x   28 admin    administ      3000 May 29 15:10 ../
-rw-r--r--    1 admin    administ       668 Oct 24  2015 ssh_host_dsa_key
-rw-r--r--    1 admin    administ       605 Oct 24  2015 ssh_host_dsa_key.pub
-rw-r--r--    1 admin    administ      1675 Oct 24  2015 ssh_host_rsa_key
-rw-r--r--    1 admin    administ       397 Oct 24  2015 ssh_host_rsa_key.pub
-rw-r--r--    1 admin    administ      3084 Apr 23  2010 sshd_config
[/etc/ssh] # chmod 600 ssh_host_dsa_key ssh_host_rsa_key
[/etc/ssh] # /etc/init.d/login.sh start
Starting sshd service: OK
Starting telnet service: telnetd: starting
  port: xxxxx; interface: any; login program: /bin/naslogin
bind: Address already in use
OK
[/etc/ssh] # 

Good luck to all !

It works! Thank you!

[lexvo]

@MTX: thank you! I had the same problem and it works for me too

Only when I reboot, the ssh files are 644 again

[lexvo]

Found it!
In addition to the files in /etc/ssh, I also changed the permission of the same files in /etc/config/ssh
Now I can ssh to my NAS after a reboot