Unable to get ssh server working on iSH

[SugarRayLua]

Hello. Has anyone been able to get sshd to work as a server on their iPad? I'm a Linux amateur and not been able to despite following the instructions on the iSH Wiki page. I'm running iSH on latest iPad OS with Alpine Linux mini root file system.

What I have been able to do: Ping & traceroute successfully into and out of iSH from my iMac connected on my home local wifi network

SSH out from iSH to my iMAC connected on my local wifi network and to sdf.org SSH internet server

Installed sshd and determined that it is running:

iPad:~# rc-service sshd restart grep: /proc/filesystems: No such file or directory

• Starting sshd ... [ ok ] iPad:~#

What I haven't been able to do: Keep sshd server open long enough and transmit data back and forth over an ssh connection (or telnet connection, for that matter) either via connecting from my iPad itself or from my iPad over my local wifi network:

Example connecting from iPad itself (note: I've configured /etc/ssh/sshd_config file to use Port 1080 and set large intervals in sshd_config to keep Client Alive):

iPad:~# ssh root@localhost -p 1080 banner exchange: Connection to ::1 port 1080: Broken pipe iPad:~# ssh root@localhost -p 1080 kex_exchange_identification: Connection closed by remote host Connection closed by 127.0.0.1 port 1080 iPad:~# rc-service sshd restart grep: /proc/filesystems: No such file or directory

• Starting sshd ... [ ok ] iPad:~# ssh root@localhost -p 1080 banner exchange: Connection to ::1 port 1080: Broken pipe

Example trying to connect from iMac on my home wifi (or similarly to the foreign address of my iPad on my wifi network from within iSH): ssh: connect to host 10.0.1.36 port 1080: Connection refused

I've tried configuring my /etc/ssh/sshd_config file with other parts and that did not seem to help.

Last, I have Lua installed and working well in iSH and tried running a very simple Lua sockets program to test making a simple server independent of sshd in iSH and see if I could connect to it via Telnet from my iMac on my home wifi:

TCPsocketcheck.lua script (example from LuaSocket manual):

-- load namespace local socket = require("socket") -- create a TCP socket and bind it to the local host, at any port local server = assert(socket.bind("*", 0)) -- find out which port the OS chose for us local ip, port = server:getsockname() -- print a message informing what's up print("Please telnet to localhost on port " .. port) print("After connecting, you have 10s to enter a line to be echoed") -- loop forever waiting for clients while 1 do -- wait for a connection from any client local client = server:accept() -- make sure we don't block waiting for this client's line client:settimeout(10) -- receive the line local line, err = client:receive() -- if there was no error, send it back to the client if not err then client:send(line .. "\n") end -- done with client, close the object client:close() end

And got this result:

iPad:~# lua5.3 ./TCPsocketcheck.lua Please telnet to localhost on port 54664 After connecting, you have 10s to enter a line to be echoed Bad system call iPad:~#

Yet, the same script works fine on my iMac when I run it and telnet into it as a client from iSH.

Does anyone have any ideas? It seems like the iSH isn't allowing server sockets to function right on my iPad.

Thanks

[ifuchs]

As the OP says, this used to work but no more.

iPad-Pro-2:~# /usr/sbin/sshd iPad-Pro-2:~# ssh root@localhost -p 2200 banner exchange: Connection to ::1 port 2200: Broken pipe

[sagischwarz]

I can confirm that this does not work anymore. I followed the instructions to run the ssh server, but as soon as I try to connect from another computer, sshd on the iPhone crashes with the message Bad system call.

• iPhone 11 Pro
• iOS 14.4.2
• iSH 1.1.1 (Build 91)
• OpenSSH_8.4p1

[62f]

I worked around the BSC and like yourself can ping the local client using iSH but despite being on the same subnet, a telnet from Win8.1 into lua always gets 'connection refused'.

[jaclu]

With regards to the: grep: /proc/filesystems: No such file or directory Error, there is a simple fix, in /lib/rc/sh/rc-cgroup.sh
make sure cgroup2_find_path() always returns 0 and you will no longer see that error. The reason is that iSH does not provide /proc/filesystems yet.

Here is a function that does it if you want repeatable automation, works with both /bin/sh and bash

#
# This hack prevents all iSH service start and stops shoving an error
# about not finding /proc/filesystems 
# iSH does not currently support that part of /proc
# This snippet does not require bash /bin/sh is enough.
# Needs to be run as root.
#
function patch_rc_cgroup_sh() {
    local fname=/lib/rc/sh/rc-cgroup.sh
    local fn_backup=${fname}.org

    # line wrapped to avoid ridiculously long line
    local func_name_line_no=$(grep -n "cgroup2_find_path()" $fname |
                              cut --delimiter=":" --fields=1)

    local insert_on_line=$((func_name_line_no+2))

    # In order to expand tab below, through trial and error, I discovered
    # double expanding it turned out to work. Do not ask me why...
    local patch_line="\\treturn 0  # *** Hack for iSH by jaclu ***"

    echo "== Examining if $fname needs patching =="

    # check content of line
    early_return=$(sed "$insert_on_line !d" $fname)

    #
    # Since bash most likely isn't available when this is first run,
    # we have to make do with /bin/sh and do string match
    #  using a case statement - argh...
    #
    case $early_return in
        *"return 0"*)
            echo "-- Patch already applied --"
            ;;
        *)
            echo "-- Patch beeing applied --"
            echo "Making function cgroup2_find_path() always return 0"
            echo "Saving original file to $fn_backup"
            cp $fname $fn_backup

            # kind of RPN, end result is an empty line after the patch line.
            # and the patch ends up on the expected line so will be detected
            # on later runs of this
            sed -i "$insert_on_line i \ " $fname
            sed -i "$insert_on_line i \$patch_line" $fname

            echo "-- Patch completed! --"
            ;;
    esac
}

[62f]

With regards to the: grep: /proc/filesystems My fs does not contain the path where this script is supposed to go. Would the reason for it being absent be for me to create it manually or is it part of some uninstalled apk?![Uploading 114430359...]

[62f]

[ifuchs]

I have sshd working on my iPhone but when I try to do the same on my iPad (same release of ish), I get:

ssh -p2200 root@localhost

banner exchange: Connection to ::1 port 2200: Broken pipe

[jaclu]

I have sshd working on my iPhone but when I try to do the same on my iPad (same release of ish), I get:

ssh -p2200 root@localhost

banner exchange: Connection to ::1 port 2200: Broken pipe

you need a space after -p

[jaclu]

With regards to the: grep: /proc/filesystems My fs does not contain the path where this script is supposed to go. Would the reason for it being absent be for me to create it manually or is it part of some uninstalled apk?![Uploading 114430359...]

Not sure what path and script you are refering to. Could you elaborate? When it comes to /proc/filesystems it does not exist at all on iSH as of this time, so not finding it would be expected. The /proc structure is used to interact directly with the kernel, so not part of any apk or the actual file system. Same as /dev it’s just file like kernel communication.

[ifuchs]

Adding a space produces the same result.

On Tue, Apr 13, 2021 at 7:16 AM Jacob Lundqvist @.***> wrote:

With regards to the: grep: /proc/filesystems My fs does not contain the path where this script is supposed to go. Would the reason for it being absent be for me to create it manually or is it part of some uninstalled apk?![Uploading 114430359...]

Not sure what path and script you are refering to. Could you elaborate? When it comes to /proc/filesystems it does not exist at all on iSH as of this time, so not finding it would be expected. The /proc structure is used to interact directly with the kernel, so not part of any apk or the actual file system. Same as /dev it’s just file like kernel communication.

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/ish-app/ish/issues/1344#issuecomment-818655754, or unsubscribe https://github.com/notifications/unsubscribe-auth/ABLDPSDC6NZU2DJPQYEPIGLTIQRYHANCNFSM4Z5FM6TQ .

[jaclu]

Hello. Has anyone been able to get sshd to work as a server on their iPad? I'm a Linux amateur and not been able to despite following the instructions on the iSH Wiki page. I'm running iSH on latest iPad OS with Alpine Linux mini root file system.

Yes I have it repeatedly working on multiple devices, I have created ishTools for automating setting up your iSH environment. Just adjust the config file to fit your needs and it should do the job.

[jaclu]

Adding a space produces the same result. …

ok then try adding one or more -v params to the ssh command, to hopefully get some hints on the nature of the fail

[ifuchs]

@jaclu suggested a space after -p. I have sshd working on an iPhone with same ios and ish but i get the "broken pipe" on this iPad. I presume the env is different in some way which I have yet to determine.

[ifuchs]

Good suggestion. Can you see the error:

ssh -p 2200 -vvv root@localhost OpenSSH_8.4p1, OpenSSL 1.1.1i 8 Dec 2020 debug1: Reading configuration data /etc/ssh/ssh_config debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts' -> '/root/.ssh/known_hosts' debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts2' -> '/root/.ssh/known_hosts2' debug1: Authenticator provider $SSH_SK_PROVIDER did not resolve; disabling debug2: resolving "localhost" port 2200 debug2: ssh_connect_direct debug1: Connecting to localhost [::1] port 2200. debug1: Connection established. debug1: identity file /root/.ssh/id_rsa type 0 debug1: identity file /root/.ssh/id_rsa-cert type -1 debug1: identity file /root/.ssh/id_dsa type -1 debug1: identity file /root/.ssh/id_dsa-cert type -1 debug1: identity file /root/.ssh/id_ecdsa type -1 debug1: identity file /root/.ssh/id_ecdsa-cert type -1 debug1: identity file /root/.ssh/id_ecdsa_sk type -1 debug1: identity file /root/.ssh/id_ecdsa_sk-cert type -1 debug1: identity file /root/.ssh/id_ed25519 type -1 debug1: identity file /root/.ssh/id_ed25519-cert type -1 debug1: identity file /root/.ssh/id_ed25519_sk type -1 debug1: identity file /root/.ssh/id_ed25519_sk-cert type -1 debug1: identity file /root/.ssh/id_xmss type -1 debug1: identity file /root/.ssh/id_xmss-cert type -1 debug1: kex_exchange_identification: write: Broken pipe banner exchange: Connection to ::1 port 2200: Broken pipe

[jaclu]

@ifuchs if you export your file system to iCloud / DropBox etc Then delete the iSH app and reinstall it, and export the pristine new FS as iSH default or similar before doing anything else. Then you can restore your previous FS. This way you will always have an easy way to examine if things works on a pristine FS, if it does most likely some change in your env caused the issue, and you can decide if you want to figure it out or if just migrating your environment onto a fresh one is quicker. I tend to do the latter

[jaclu]

Good suggestion. Can you see the error:

I could make endless nerdy jokes about yes I can see the error, but more important I think is, no I don’t know the cause or explanation for it. However since I constantly redeploy on pristine file systems, and my ishTools can get sshd to run both on port 22 and on high ports. I am under the impression that this approach should get sshd to run also in your case. All you would need is to tar /root and or a user home dir as start points and then if you have your stuff in /opt, /user/local just restore those parts by a user restore script

[ifuchs]

LOL. yes, i meant to say “my error”. In any case, I shall take your advice and start with a fresh fs (or perhaps the fs from my iPhone where sshd seems to work). On Tue, Apr 13, 2021 at 7:54 AM Jacob Lundqvist @.***> wrote:

Good suggestion. Can you see the error:

I could make endless nerdy jokes about yes I can see the error, but more important I think is, no I don’t know the cause or explanation for it. However since I constantly redeploy on pristine file systems, and my ishTools can get sshd to run both on port 22 and on high ports. I am under the impression that this approach should get sshd to run also in your case. All you would need is to tar /root and or a user home dir as start points and then if you have your stuff in /opt, /user/local just restore those parts by a user restore script

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/ish-app/ish/issues/1344#issuecomment-818676095, or unsubscribe https://github.com/notifications/unsubscribe-auth/ABLDPSFK73MZNGJA4DF62G3TIQWG7ANCNFSM4Z5FM6TQ .

[SugarRayLua]

ifuchs, were you also able to get sshd to work by using the Jaclu’s ishTools? If so, I’ll give it a try. The iSH tools process seems a little intimidating to a Linux novice like myself, but I’ll follow the instructions and give it a try :-)

[SugarRayLua]

Hi, Everyone.

Sorry, I found out that my problem with SSHD not working had a simple solution that I figured out from reading jaclu’s scripts in his ishTools program—for some reason I just needed to:

rc-service sshd restart

sshd now works every time if I do this.

Perhaps could add this hint to the iSH wiki information page about setting up a sshd server?

Have a good rest of everyone’s weekend. :-)

[ifuchs]

Tried “ rc-service sshd restart” but still get broken pipe when I “ssh -p 2200 @.***”.

On Sat, May 1, 2021 at 7:30 PM SugarRayLua @.***> wrote:

Hi, Everyone.

Sorry, I found out that my problem with SSHD not working had a simple solution that I figured out from reading jaclu’s scripts in his ishTools program—for some reason I just needed to:

rc-service sshd restart

sshd now works every time if I do this.

Perhaps could add this hint to the iSH wiki information page about setting up a sshd server?

Have a good rest of everyone’s weekend. :-)

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/ish-app/ish/issues/1344#issuecomment-830708998, or unsubscribe https://github.com/notifications/unsubscribe-auth/ABLDPSDERNGJCNSJ3ZF3LQLTLSFKLANCNFSM4Z5FM6TQ .

[62f]

iPhone~# lua5.3 ./TCPsocketcheck.lua Please telnet to localhost on port 49334 ^Z ssh root@localhost-p49334&fg Connection reset by 127.0.0.1 port 49334

🚨

[SugarRayLua]

Sorry, ifuchs, I was hoping it would work for you as it did so well for me.

The only thing else I did was to be on a fresh fs (default, not Alpine miniroot fs), newest iPadOS, and newest iSH 1.2.

Hopefully, someone can figure out what is causing the variation in our results from sshd so we all can get a reliable sshd server experience.

[62f]

@SugarRayLua realize that @jaclu 's methodology although not difficult to understand, is heavily operator-involved and complex. The easier & more comprehensive diagnostic procedure is to export the erroring filesystem, import it into the (other) working machine, and then recheck it. If it proves to still be broken then the fault has to be either in the Linux configuration or the donor machine's iSH app, and if the problem spontaneously disappears, the problem's only located somewhere else ie. even as far away as the LAN/WAN itself.

[SugarRayLua]

Thanks, 62f. I’ll be replacing my iPad soon, and if future issues come up, I’ll do what you suggested to troubleshoot them. :-)

[xezo360hye]

For everybody who has this trouble: set following in /etc/ssh/sshd_config:

PermitRootLogin yes
PubkeyAuthentification yes