RDP and VNC not working after reboot, de bug tunnel?

Hi there,

I’d like to ask a question regarding a problem i’m having. Last two days i’ve been setting up my rockpi 4 armbian bionic as a replacement server. I had everything configured correctly and working. I left the rock on over night and discovered this morning that i couldn’ t connect over SSH and vnc/rdp anymore. Since i couldn’t connect and the rock was headless i pulled the power an forced a reboot.

After the reboot i could connect to ssh but not over rdp or vnc. My app jump desktop gives the following error: Could not create SSH tunnel. Please make sure tcp forwarding is enabled on the server. Details: Chanel open failure (connection failed).

The weird thing is, i have not changed anything since the last time, it just doesn’t work anymore now so i dont know where to look to solve the issue.

I have the following settings:

address: (port is forwared in the router and open in ufw)

ssh tunnel: username@ip_address with private key (also tried username@local ip with key. no effect)

(ssh is working so the keys or the adresses should not be the problem, tried the exact same keys and both ip as local ip for ssh)

My sshd_config file is in the attatchment. note that i have set allowtcp forwarding to ‘yes’ as was requested in the error log of jump desktop.

I’ve also tried re-enabling rdp in armbian-config no effect

I’ve also tried running vncserver mp effect

I’ve hooked up the system to a monitor and it just normally boots to desktop as expected.

Does anyone have some tips where i should start looking for this problem ? I have a hard time doing this since it happened without me interfering. I think i have to debug the tunnel ? But how should i do that?

Thank you in advance.

#	$OpenBSD: sshd_config,v 1.101 2017/03/14 07:19:07 djm Exp $

This is the sshd server system-wide configuration file. See

sshd_config(5) for more information.

This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin

The strategy used for options in the default sshd_config shipped with

OpenSSH is to specify options with their default value where

possible, but leave them commented. Uncommented options override the

default value.

#Port 22
#AddressFamily any
#ListenAddress ::

#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_ecdsa_key
#HostKey /etc/ssh/ssh_host_ed25519_key

Ciphers and keying

#RekeyLimit default none


#SyslogFacility AUTH
#LogLevel INFO


#LoginGraceTime 2m
PermitRootLogin no
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10

PubkeyAuthentication yes

Expect .ssh/authorized_keys2 to be disregarded by default in future.

AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2

#AuthorizedPrincipalsFile none

#AuthorizedKeysCommand none
#AuthorizedKeysCommandUser nobody

For this to work you will also need host keys in /etc/ssh/ssh_known_hosts

#HostbasedAuthentication no

Change to yes if you don’t trust ~/.ssh/known_hosts for


#IgnoreUserKnownHosts no

Don’t read the user’s ~/.rhosts and ~/.shosts files

#IgnoreRhosts yes

To disable tunneled clear text passwords, change to no here!

PasswordAuthentication no
#PermitEmptyPasswords no

Change to yes to enable challenge-response passwords (beware issues with

some PAM modules and threads)

ChallengeResponseAuthentication no

Kerberos options

#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no

GSSAPI options

#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes
#GSSAPIStrictAcceptorCheck yes
#GSSAPIKeyExchange no

Set this to ‘yes’ to enable PAM authentication, account processing,

and session processing. If this is enabled, PAM authentication will

be allowed through the ChallengeResponseAuthentication and

PasswordAuthentication. Depending on your PAM configuration,

PAM authentication via ChallengeResponseAuthentication may bypass

the setting of "PermitRootLogin yes

If you just want the PAM account and session checks to run without

PAM authentication, then enable this but set PasswordAuthentication

and ChallengeResponseAuthentication to ‘no’.

AuthenticationMethods publickey keyboard-interactive
UsePAM yes

#AllowAgentForwarding yes
AllowTcpForwarding yes
#GatewayPorts no
X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PermitTTY yes
PrintMotd no
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS no
#PidFile /var/run/sshd.pid
#MaxStartups 10:30:100
#PermitTunnel yes
#ChrootDirectory none
#VersionAddendum none

no default banner path

#Banner none

Allow client to pass locale environment variables

AcceptEnv LANG LC_*

override default of no subsystems

Subsystem sftp /usr/lib/openssh/sftp-server

Example of overriding settings on a per-user basis

#Match User anoncvs

X11Forwarding no

AllowTcpForwarding no

PermitTTY no

ForceCommand cvs server