1

First, I precise that I was able to ssh on this machine (I think an embedded system based on Debian 7), but I had to set / to read-only to prevent any power off problems. I verified that /tmp, /var/log, /var/lock are still writeable, but the /home folders where I'm not supposed to write anything in normal execution are read-only.

Anyway, an ssh root@ip_address fails with ssh: connect to host ip_address port 22: Connection refused message.

ssh -v ... tells:

OpenSSH_7.6p1 Ubuntu-4ubuntu0.3, OpenSSL 1.0.2n  7 Dec 2017
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug2: resolving "192.168.32.30" port 22
debug2: ssh_connect_direct: needpriv 0
debug1: Connecting to 192.168.32.30 [192.168.32.30] port 22.
debug1: connect to address 192.168.32.30 port 22: Connection refused
ssh: connect to host 192.168.32.30 port 22: Connection refused

Could you please tell me why and how to fix it?

EDIT: Here is how I set my FS to RO:

Original fstab file: 

/dev/mmcblk0p2       /                    auto       defaults          1  1
proc                 /proc                proc       defaults              0  0
devpts               /dev/pts             devpts     mode=0620,gid=5       0  0
tmpfs                /run                 tmpfs      mode=0755,nodev,nosuid,strictatime 0  0
tmpfs                /var/volatile        tmpfs      defaults              0  0
/dev/mmcblk0p3       /data                auto       defaults,sync              0  1

Modified fstab file: (I only changed the first line)

/dev/mmcblk0p2       /                    auto       ro            1  1
proc                 /proc                proc       defaults              0  0
devpts               /dev/pts             devpts     mode=0620,gid=5       0  0
tmpfs                /run                 tmpfs      mode=0755,nodev,nosuid,strictatime 0  0
tmpfs                /var/volatile        tmpfs      defaults              0  0
/dev/mmcblk0p3       /data                auto       defaults,sync              0  1

EDIT 2:

I answered to someone that I can effectively access with ssh if the filesystem is rw. This is not exactly true. If I boot with option ro in fstab and then remount / in rw, I cannot access with ssh. It works if I change option back to default and reboot.

fralbo
  • 131
  • 6
  • Does it work again if you remove the read only restriction? – bxm Nov 18 '19 at 16:14
  • @bxm, just verified and yes but I've edited my post to give information about how I set the fs to ro. in case.... – fralbo Nov 18 '19 at 16:41
  • Have a look at [Is using a read only root file system a good idea for embedded setup?](https://unix.stackexchange.com/a/60998/27653) !! – F. Hauri - Give Up GitHub Nov 18 '19 at 17:32
  • Doesn’t look like /tmp is its own file system from your fstab, which as per EchoMike444 is not going to end well. – bxm Nov 18 '19 at 18:19
  • Can you log in without SSH (e.g. locally) and confirm that the SSH server runs and listens where it should? – Kamil Maciorowski Nov 19 '19 at 08:37
  • 'If I boot with option ro in fstab and then remount / in rw, I cannot access with ssh. ' -- do you get logs from sshd then? What do they say? – ilkkachu Nov 19 '19 at 08:39
  • @KamilMaciorowski ilkkachu you are right. I didn't take care about that but dropbear is not started but in fact I don't see any error from dropbear in the message. Any way, echomike444 may be right /tmp is certainly not available when dropbear needs it. – fralbo Nov 19 '19 at 08:53
  • @ilkkachu I finally found something: `mkdir: cannot create directory '/var/lib/dropbear': Read-only file system`. I suppose I have to add it in fstab? – fralbo Nov 19 '19 at 09:43
  • can you add the output `mount` – EchoMike444 Nov 19 '19 at 23:39

2 Answers2

2

Ok, so many thanks to everybody (EchoMike444, iLkkachu, Kamil Maciorowski) for pointing me to the right direction.

In fact I didn't precise that my sshd is dropbear and this one needs to write to /var/lib to start.

So I had to add this mount point to tmpfs to be able to connect to my target via ssh.

fralbo
  • 131
  • 6
1

ssh need to write into /tmp .

Your /tmp/ is in a / mount .

if you run df /tmp it will display your / mount point , and you can check that df /run is a different mount point .

EchoMike444
  • 3,045
  • 1
  • 11
  • 14
  • I don't think it could be the reason because both `/tmp`and `/run` are mounted as tmpfs in rw mode and in fact I can write in `/tmp` even if `/` is ro. but in I edited my post again because the problem may come from something else. – fralbo Nov 19 '19 at 08:22
  • You may be right in fact as I can effectively write to /tmp once started up but I guess that tmpfs is started too late for dropbear. Is it possible? – fralbo Nov 19 '19 at 08:51