I’d like to ask a question regarding a problem i’m having. Last two days i’ve been setting up my rockpi 4 armbian bionic as a replacement server. I had everything configured correctly and working. I left the rock on over night and discovered this morning that i couldn’ t connect over SSH and vnc/rdp anymore. Since i couldn’t connect and the rock was headless i pulled the power an forced a reboot.
After the reboot i could connect to ssh but not over rdp or vnc. My app jump desktop gives the following error: Could not create SSH tunnel. Please make sure tcp forwarding is enabled on the server. Details: Chanel open failure (connection failed).
The weird thing is, i have not changed anything since the last time, it just doesn’t work anymore now so i dont know where to look to solve the issue.
I have the following settings:
address: 127.0.0.1:3389 (port is forwared in the router and open in ufw)
ssh tunnel: username@ip_address with private key (also tried username@local ip 192.168.2.150 with key. no effect)
(ssh is working so the keys or the adresses should not be the problem, tried the exact same keys and both ip as local ip for ssh)
My sshd_config file is in the attatchment. note that i have set allowtcp forwarding to ‘yes’ as was requested in the error log of jump desktop.
I’ve also tried re-enabling rdp in armbian-config no effect
I’ve also tried running vncserver mp effect
I’ve hooked up the system to a monitor and it just normally boots to desktop as expected.
Does anyone have some tips where i should start looking for this problem ? I have a hard time doing this since it happened without me interfering. I think i have to debug the tunnel ? But how should i do that?
Thank you in advance.
# $OpenBSD: sshd_config,v 1.101 2017/03/14 07:19:07 djm Exp $
This is the sshd server system-wide configuration file. See
sshd_config(5) for more information.
This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
The strategy used for options in the default sshd_config shipped with
OpenSSH is to specify options with their default value where
possible, but leave them commented. Uncommented options override the
Ciphers and keying
#RekeyLimit default none
Expect .ssh/authorized_keys2 to be disregarded by default in future.
AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2
For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
Change to yes if you don’t trust ~/.ssh/known_hosts for
Don’t read the user’s ~/.rhosts and ~/.shosts files
To disable tunneled clear text passwords, change to no here!
Change to yes to enable challenge-response passwords (beware issues with
some PAM modules and threads)
Set this to ‘yes’ to enable PAM authentication, account processing,
and session processing. If this is enabled, PAM authentication will
be allowed through the ChallengeResponseAuthentication and
PasswordAuthentication. Depending on your PAM configuration,
PAM authentication via ChallengeResponseAuthentication may bypass
the setting of "PermitRootLogin yes
If you just want the PAM account and session checks to run without
PAM authentication, then enable this but set PasswordAuthentication
and ChallengeResponseAuthentication to ‘no’.
AuthenticationMethods publickey keyboard-interactive
no default banner path
Allow client to pass locale environment variables
AcceptEnv LANG LC_*
override default of no subsystems
Subsystem sftp /usr/lib/openssh/sftp-server
Example of overriding settings on a per-user basis
#Match User anoncvs