Hope this is the right forum. The title says it all. I had a R Pi 2b gathering dust. Then came the USA lockdown, so I dusted off the R Pi 2 that has been sitting in a box for 5 years. I want to run it headless. I have done this before on Beagle products though from different computers.
I can ssh into online servers without a problem. However I can’t ssh into the R Pi 2b. The sshd server is up. (I don’t recall having to do that for ssh into online servers.) The initial ssh session does the crypto thing. I can see the IP address in the knownhosts file in ~/.ssh. There is no question I am communicating with the R Pi 2b. However no username/password combination works. Documentation says the default root:linux should work from ssh.
I have hooked up the network via a router, and two direct modes using link-local and shared to other computers. None work. I booted into root on the desktop and ran wireshark sniffing eth1. I can see the R Pi 2B doing NTP. I can’t see packets when I ssh. However that might me pilot error on my part since I am not a regular wireshark user.
I have ssh in the firewall. I turned off the firewall and it made no difference.
I have done ssh -vvv. Nothing unexpected. It trying to use my PKI keys for the online servers then it defaults to keyboard. Just to be sure it isn’t a keyboard problem I wrote the password on a file and did a cut and paste.
nmap -p 22 <ip> shows the port open and the service.
Hopefully that was enough head banging that I qualify for some forum help. I do try to solve things first since hard fought lessons stick in your brain.
Which documentation are you referring to?
IIRC openSUSE default policy is to deny access to root.
You have to explicitly remove that block to enable root to SSH into an openSUSE.
Or, better is to create a regular User and SSH into your machine with that, then elevate so you avoid the world hammering on your root account.
“Default login is root:linux, works on serial console, via ssh, GUI.”
from https://en.opensuse.org/HCL:Raspberry_Pi2
It shouldn’t be required to hook up a display and keyboard to use a server, which is what JEOS is. You should be able to just ssh into it, then change the root password. I have to say I’m baffled if there is no way to do this.
I can’t do any changes to the system if I can’t ssh into it other than to set up a display and keyboard. I guess JEOS would give you a terminal display, but this is really a bad design if it is true there is no default user and password from the image.
Is there is way to contact those who build images or is there specific documentation for image defaults?
The DISPLAY is a virtual object, and is a required setting whenever a User logs into a system whether locally or remotely, and is different than a physical monitor which is optional (systems without a monitor and keyboard are often called “headless”).
The DISPLAY is also different than the session id although by default they are typically the same or similar for convenience.
Unfortunately the default password is not on that page. I did note there is an easy way to read the journal. Here is the result:
-- Logs begin at Wed 2020-04-08 11:27:23 PDT, end at Wed 2020-04-08 18:39:26 PDT. --
Apr 08 18:27:26 linux-yxjo systemd[1]: Starting OpenSSH Daemon...
Apr 08 18:27:26 linux-yxjo sshd-gen-keys-start[1384]: Checking for missing server keys in /etc/ssh
Apr 08 18:27:27 linux-yxjo sshd[1402]: Server listening on 0.0.0.0 port 22.
Apr 08 18:27:27 linux-yxjo sshd[1402]: Server listening on :: port 22.
Apr 08 18:27:27 linux-yxjo systemd[1]: Started OpenSSH Daemon.
Apr 08 18:37:43 linux-yxjo sshd[3845]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.42.0.1 user=root
Apr 08 18:37:45 linux-yxjo sshd[3843]: error: PAM: Authentication failure for root from 10.42.0.1
Apr 08 18:37:50 linux-yxjo sshd[3846]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.42.0.1 user=root
Apr 08 18:37:52 linux-yxjo sshd[3843]: error: PAM: Authentication failure for root from 10.42.0.1
Apr 08 18:37:52 linux-yxjo sshd[3843]: Postponed keyboard-interactive for root from 10.42.0.1 port 39932 ssh2 [preauth]
Apr 08 18:37:55 linux-yxjo sshd[3847]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.42.0.1 user=root
Apr 08 18:37:57 linux-yxjo sshd[3843]: error: PAM: Authentication failure for root from 10.42.0.1
Apr 08 18:38:00 linux-yxjo sshd[3843]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.42.0.1 user=root
Apr 08 18:38:02 linux-yxjo sshd[3843]: Failed password for root from 10.42.0.1 port 39932 ssh2
Apr 08 18:38:10 linux-yxjo sshd[3843]: Failed password for root from 10.42.0.1 port 39932 ssh2
Apr 08 18:38:11 linux-yxjo sshd[3843]: error: maximum authentication attempts exceeded for root from 10.42.0.1 port 39932 ssh2 [preauth]
Apr 08 18:38:11 linux-yxjo sshd[3843]: Disconnecting authenticating user root 10.42.0.1 port 39932: Too many authentication failures [preauth]
Apr 08 18:38:11 linux-yxjo sshd[3843]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.42.0.1 user=root
It is a bit cleaner than the ssh -vvv option. That just shows ssh trying to use the keys I have for other servers that I log into, then defaulting to the keyboard.
So the problem remains the same. I need a correct username and password to use ssh. I am not really convinced that even if I went through the trouble off attaching a monitor and keyboard that the results would be any different since the image was built with a default password that I do not know. (We are in lock down for a few more weeks and I need a dvi to hdmi converter to hook up a monitor.)
I have made some progress. It turns out I was well talking to myself. What I did is enter my own root password and sshd into myself.
Doing a nmap -sP on the IP shown in the network manager, I see there are now two IP addresses in use. Hostname -I just shows what appears to be the loop into my own notebook.
What I did was create a new wired network in the network manager that is explicitly shared. Previously I was just switching from Automaic to link-local to shared in the set up for the main wired connection. I also turned off virtual networks. (Never do to things at once because you don’t know what made the change!)
Sshing into the new IP address does not respond to my notebooks password, so I am absolutely now the R Pi. The bad news is the root:linux doesn’t work.
I will burn some other OS and see if I can ssh into it.
Some diagnostics follow. Note the ping to the newly found device is nearly half a second.
nmap -sP 10.42.0.0/24
Starting Nmap 7.70 ( https://nmap.org ) at 2020-04-08 20:10 PDT
Nmap scan report for 10.42.0.1
Host is up (0.00028s latency).
Nmap scan report for 10.42.0.59
Host is up (0.00057s latency).
Nmap done: 256 IP addresses (2 hosts up) scanned in 2.39 seconds
nmap -p 22 10.42.0.59
Starting Nmap 7.70 ( https://nmap.org ) at 2020-04-08 20:09 PDT
Nmap scan report for 10.42.0.59
Host is up (0.00060s latency).
PORT STATE SERVICE
22/tcp open ssh
Nmap done: 1 IP address (1 host up) scanned in 0.06 seconds
ping 10.42.0.1
PING 10.42.0.1 (10.42.0.1) 56(84) bytes of data.
64 bytes from 10.42.0.1: icmp_seq=1 ttl=64 time=0.068 ms
64 bytes from 10.42.0.1: icmp_seq=2 ttl=64 time=0.102 ms
64 bytes from 10.42.0.1: icmp_seq=3 ttl=64 time=0.105 ms
64 bytes from 10.42.0.1: icmp_seq=4 ttl=64 time=0.103 ms
64 bytes from 10.42.0.1: icmp_seq=5 ttl=64 time=0.082 ms
64 bytes from 10.42.0.1: icmp_seq=6 ttl=64 time=0.105 ms
64 bytes from 10.42.0.1: icmp_seq=7 ttl=64 time=0.105 ms
ping 10.42.0.59
PING 10.42.0.59 (10.42.0.59) 56(84) bytes of data.
64 bytes from 10.42.0.59: icmp_seq=1 ttl=64 time=0.563 ms
64 bytes from 10.42.0.59: icmp_seq=2 ttl=64 time=0.445 ms
64 bytes from 10.42.0.59: icmp_seq=3 ttl=64 time=0.411 ms
64 bytes from 10.42.0.59: icmp_seq=4 ttl=64 time=0.438 ms
64 bytes from 10.42.0.59: icmp_seq=5 ttl=64 time=0.422 ms
I downloaded raspian lite. You need to add the empty file “ssh” to the boot partition to enable ssh. When you boot apparently it deletes that file. I can ssh into the R Pi on raspbian with pi:raspberry.
Thus I think the default password for Opensuse 15.1 JEOS is not root:linux .
hostname -I seems to be a waste of time unless perhaps you aren’t running network manager. Network manager shows the IP of the connection if you expand “details”.
nmap -sP 10.42.0.0/24
Starting Nmap 7.70 ( https://nmap.org ) at 2020-04-08 20:34 PDT
Nmap scan report for 10.42.0.1
Host is up (0.00028s latency).
Nmap scan report for 10.42.0.60
Host is up (0.00055s latency).
Nmap done: 256 IP addresses (2 hosts up) scanned in 3.26 second
ssh pi@10.42.0.60
The authenticity of host '10.42.0.60 (10.42.0.60)' can't be established.
ECDSA key fingerprint is SHA256:<redacted>
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '10.42.0.60' (ECDSA) to the list of known hosts.
pi@10.42.0.60's password:
Linux raspberrypi 4.19.97-v7+ #1294 SMP Thu Jan 30 13:15:58 GMT 2020 armv7l
The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
SSH is enabled and the default password for the 'pi' user has not been changed.
This is a security risk - please login as the 'pi' user and type 'passwd' to set a new password.
It is absolutely unclear whether you are using whatever was installed there 5 years ago or do some new installation (and what are you installing then).
I have done ssh -vvv. Nothing unexpected.
Considering
There is no question I am communicating with the R Pi 2b … It turns out I was well talking to myself
how do you know everything is OK here? I am puzzled how posting ssh -vvv from ssh session with Debian is going to help to solve your problem with openSUSE. At the very least, finally explain what you actually did and what distribution you are having problem with and post ssh -vvv output into that distribution.
If you are going to ssh into something from a desktop or notebook and you are on an opensuse forum, that would be FROM the opensuse desktop or notebook. So to say it twice, the ssh -vvv was done from a notebook running opensuse.
If you have ever done used these SBCs like Beagle or Pi, they don’t come with any software. So I loaded the most recent JEOS from the opensuse server. Also it would be tough to be running 15.1 from some five year old source.
My advice…
Don’t try to set up a JeOS as your first image, it won’t contain anything considered “extra” like troubleshooting tools and automatic setups.
Install something with a Desktop first, set up what you want and understand what you have.
Then,
If you want to do so,
Re-deploy on JeOS with the information you then know.
I do try to solve things first since hard fought lessons stick in your brain.