Permission denied when connecting Gateway via SSH

soikkeli · June 16, 2021, 7:56am

Hi,

I have recently installed/flashed WebThings to my RPi4 and added a sensor to it without any problems or hassle, which is great and this seems just the gateway I was looking for!

However, could you provide me an easy steps what is needed for me (and future other users) to connect to my gateway remotely via SSH? Which ports to open from router? Would port 22 be enough? Do I need port forwarding?

I have enabled SSH from Developer-menu and that’s all, and I try to connect from remote-machine using command from terminal:

ssh pi@mygateway.webthings.io

and I was greeted with:

pi@mygateway.webthings.io: Permission denied (publickey,gssapi-keyex,gssapi-with-mic).

Any help would be appreciated, and sorry if there’s another post about this, though I didn’t find any.

Thanks in advance!

EricEdberg · June 16, 2021, 12:26pm

I have not used WebThings SSH capability but recommend that you do not use it . I recommend you log into the rpi and use Linux commands to install and execute SSH at the OS level. There are copious help guides returned by google that will guide you in this process.

Suspect that your root problem may be that the ~/.ssh folder may not be properly created. One of the most common problems is the permissions are not setup correctly on the folder and/or files. I’m not sure where ~/.ssh is located in the WT configuration.

I am using Docker, but when I inspect the “./ssl” folder in the shared directory, it’s permissions are incorrect and would cause this issue. Not sure if this folder is actually used. The ssl folder should be mode 700 and the pem files mode 600.

Someone may be able to provide additional help with the WT configuraiton…

One of these guides may be able to help install SSH on the RPI at the OS level:
https://duckduckgo.com/?q=How+to+Install+SSH+on+RPI&t=chromentp&ia=web

soikkeli · June 17, 2021, 8:42am

OK I see. So there’s no simple out-of-the-box solution that I was looking and hoped for. I though that I don’t have to do anything other than just enable SSH from menu, and maybe allow port 22 from firewall to connect to WebThing OS RPi with my subdomain address.

I haven’t plug any display to my RPi yet, hence the need for SSH access, but I’ll check the configurations and permission when I can connect locally again.

Thanks for your help!

EricEdberg · June 17, 2021, 12:29pm

There very well may be a way to correct or fully enable the built in SSH capability of WebThings. Sorry, I can’t help as I have not read or seen any past discussion on this thread what the problem would be. I still suspect it’s not fully configured or the permissions of the ~/.ssh folder/files are incorrect. The other issue may be is what user is configured by WT? Is it the “pi” user or something else. Documentation would surely help if it exits…

You may want to check the logfile around startup and also after your attempt to log in see if there are any insteresting tidbits.