RDK-B SSH connection timeout Broadcom Ref Board

Created by Z-Muneeswaran R, last modified on Apr 05, 2022

I'm using broadcom reference board with docsis3.1. and facing connection timeout issue during the ssh the docsis gateway on host machine.

Also refererd the the below links to run dropbear in docsis gateway device.

How to enable SSH service to connect from LAN IP?

The dropbear service is running on both LAN IP and WAN IP address. Please find the details below which captured in the docsis gateway

root@Docsis-Gateway:~# ps | grep drop
8662 root 2112 S dropbear -R -E -a -r /tmp/.dropbear/dropcfg18617 -r /tmp/.dropbear/dropcfg28617 -p [192.168.29.154]:22 -p [10.0.0.1]:22 -P /var/run/dropbear.pid -B
18312 root 1640 S grep drop
root@Docsis-Gateway:~#
root@Docsis-Gateway:~# netstat -lntp | grep dropbear
tcp 0 0 10.0.0.1:22 0.0.0.0:* LISTEN 8662/dropbear
tcp 0 0 192.168.29.154:22 0.0.0.0:* LISTEN 8662/dropbear
root@Docsis-Gateway:~#
root@Docsis-Gateway:~# ifconfig brlan0
brlan0 Link encap:Ethernet HWaddr FC:4A:E9:E2:63:C7
inet addr:10.0.0.1 Bcast:10.0.0.255 Mask:255.255.255.0
inet6 addr: fe80::fe4a:e9ff:fee2:63c7/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:16094 errors:0 dropped:1 overruns:0 frame:0
TX packets:852 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:2693655 (2.5 MiB) TX bytes:141799 (138.4 KiB)

root@Docsis-Gateway:~#
root@Docsis-Gateway:~# cat /etc/version
20220312122718
root@Docsis-Gateway:~#

The connection timeout happened on both wan and lan ip.

spanidea166@spanidea166-ThinkPad-E15-Gen-2:~$ ping 10.0.0.1
PING 10.0.0.1 (10.0.0.1) 56(84) bytes of data.
64 bytes from 10.0.0.1: icmp_seq=1 ttl=64 time=5.38 ms
64 bytes from 10.0.0.1: icmp_seq=2 ttl=64 time=3.37 ms
64 bytes from 10.0.0.1: icmp_seq=3 ttl=64 time=3.20 ms
^C
--- 10.0.0.1 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2003ms
rtt min/avg/max/mdev = 3.197/3.980/5.379/0.991 ms
spanidea166@spanidea166-ThinkPad-E15-Gen-2:~$ ssh -vvv root@10.0.0.1
OpenSSH_8.2p1 Ubuntu-4ubuntu0.4, OpenSSL 1.1.1f 31 Mar 2020
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no files
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug2: resolve_canonicalize: hostname 10.0.0.1 is address
debug2: ssh_connect_direct
debug1: Connecting to 10.0.0.1 [10.0.0.1] port 22.
debug1: connect to address 10.0.0.1 port 22: Connection timed out
ssh: connect to host 10.0.0.1 port 22: Connection timed out
spanidea166@spanidea166-ThinkPad-E15-Gen-2:~$

No labels

16 Comments

Deepika Ganapathi Bhat
Hi Z-Muneeswaran R
Try ssh with "erouter0" interface address.
SSH daemon is starts with wan IPv6 address by default . If the IPv6 will not be available, it will start with IPv4 address. This can be confirmed in https://code.rdkcentral.com/r/plugins/gitiles/rdkb/components/opensource/ccsp/Utopia/+/refs/heads/rdkb-2021q4-dunfell/source/scripts/init/service.d/service_sshd.sh
- Permalink
- Apr 05, 2022
Z-Muneeswaran R
Hi Deepika Ganapathi Bhat
As I mentioned earlier the dropbear deamon running on ipv4 of brlanIP and CM_IP address.
root@brcm93390smwvg2:~# ps | grep dropbear
12746 root 2112 S dropbear -R -E -a -r /etc/dropbear/dropbear_dss_host_key -r /etc/dropbear/dropbear_rsa_host_key -p [192.168.101.5]:22 -p [10.0.0.1]:22 -P /var/run/dropbear.pid -B
31083 root 1640 S grep dropbear
root@brcm93390smwvg2:~#
I could ping the ipv4 of erouter ip address but it's get time out for ssh access. Are we missing any other ssh server configuration on device ?
spannidea-163@spanidea163:~$ ping -c 4 192.168.101.5
PING 192.168.101.5 (192.168.101.5) 56(84) bytes of data.
64 bytes from 192.168.101.5: icmp_seq=1 ttl=64 time=2.76 ms
64 bytes from 192.168.101.5: icmp_seq=2 ttl=64 time=3.37 ms
64 bytes from 192.168.101.5: icmp_seq=3 ttl=64 time=2.30 ms
64 bytes from 192.168.101.5: icmp_seq=4 ttl=64 time=2.80 ms
--- 192.168.101.5 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3004ms
rtt min/avg/max/mdev = 2.296/2.807/3.374/0.382 ms
spannidea-163@spanidea163:~$ ssh -vvv root@192.168.101.5
OpenSSH_8.2p1 Ubuntu-4ubuntu0.3, OpenSSL 1.1.1f 31 Mar 2020
debug1: Reading configuration data /home/spannidea-163/.ssh/config
debug1: /home/spannidea-163/.ssh/config line 1: Applying options for *
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no files
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug2: resolve_canonicalize: hostname 192.168.101.5 is address
debug2: ssh_connect_direct
debug1: Connecting to 192.168.101.5 [192.168.101.5] port 22.
debug1: connect to address 192.168.101.5 port 22: Connection timed out
ssh: connect to host 192.168.101.5 port 22: Connection timed out
spannidea-163@spanidea163:~$
- Permalink
- Apr 05, 2022
Deepika Ganapathi Bhat
Hi Z-Muneeswaran R
Can you provide me the below details
1. which rdkb release you are using ?
2. ifconfig output of VM where ssh being done (spanidea166@spanidea166-ThinkPad-E15-Gen-2)
3. output of dmcli eRT getv Device.X_CISCO_COM_DeviceControl.SSHEnable
4. output of command → cat /nvram/syscfg.db | grep "last_erouter_mode"
- Permalink
- Apr 06, 2022
Z-Muneeswaran R
Hi Deepika Ganapathi Bhat ,
Please find the requested details. Looks everything fine here.
1.which rdkb release you are using ?
root@Docsis-Gateway:~# cat /version.txt
imagename:brcm_rdkb-2021q3-dunfell_20220331133006
BRANCH=rdkb-2021q3-dunfell
YOCTO_VERSION=dunfell
VERSION=4.03.31.22
SPIN=0
BUILD_TIME="2022-03-31 13:30:06"
Generated on Thu Mar 31 13:30:06 UTC 2022
root@Docsis-Gateway:~#
2. ifconfig output of VM where ssh being done (spanidea166@spanidea166-ThinkPad-E15-Gen-2)
spannidea-163@spanidea163:~$ ifconfig
docker0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 172.17.0.1 netmask 255.255.0.0 broadcast 172.17.255.255
ether 02:42:0e:64:d5:92 txqueuelen 0 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
enp4s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.0.0.10 netmask 255.255.255.0 broadcast 10.0.0.255
inet6 fe80::66f8:1e95:4d35:60a5 prefixlen 64 scopeid 0x20<link>
ether 90:2e:16:4d:47:3c txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 198 bytes 25620 (25.6 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
enx000e09872e4f: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.101.8 netmask 255.255.255.0 broadcast 192.168.101.255
inet6 fe80::b9ea:b8ab:6038:c7b3 prefixlen 64 scopeid 0x20<link>
ether 00:0e:09:87:2e:4f txqueuelen 1000 (Ethernet)
RX packets 65696 bytes 74123800 (74.1 MB)
RX errors 0 dropped 3754 overruns 0 frame 0
TX packets 42306 bytes 4705462 (4.7 MB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 2848 bytes 233327 (233.3 KB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 2848 bytes 233327 (233.3 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
wlp0s20f3: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.101.4 netmask 255.255.255.0 broadcast 192.168.101.255
inet6 fe80::95cd:db77:c9c2:e08 prefixlen 64 scopeid 0x20<link>
ether b0:60:88:f1:44:06 txqueuelen 1000 (Ethernet)
RX packets 3044 bytes 208744 (208.7 KB)
RX errors 0 dropped 2572 overruns 0 frame 0
TX packets 304 bytes 37325 (37.3 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
spannidea-163@spanidea163:~
3.output of dmcli eRT getv Device.X_CISCO_COM_DeviceControl.SSHEnable
root@Docsis-Gateway:~# dmcli eRT getv Device.X_CISCO_COM_DeviceControl.SSHEnable
CR component name is: eRT.com.cisco.spvtg.ccsp.CR
subsystem_prefix eRT.
getv from/to component(eRT.com.cisco.spvtg.ccsp.pam): Device.X_CISCO_COM_DeviceControl.SSHEnable
Execution succeed.
Parameter 1 name: Device.X_CISCO_COM_DeviceControl.SSHEnable
type: bool, value: true
root@Docsis-Gateway:~#
4.output of command → cat /nvram/syscfg.db | grep "last_erouter_mode"
root@Docsis-Gateway:~# cat /opt/secure/data/syscfg.db | grep last_erouter_mode
last_erouter_mode=3
root@Docsis-Gateway:~#
- Permalink
- Apr 06, 2022
Deepika Ganapathi Bhat
Hi Z-Muneeswaran R
Docker Desktop for Windows can’t route traffic to Linux platforms.
However, you can ping .
Could you check ssh using other VM, ubuntu machine or linux machines once.
- Permalink
- Apr 06, 2022
Z-Muneeswaran R
Hi Deepika Ganapathi Bhat
i'm using ubuntu machine 20.04 distribuion not docker desktop. even i have deleted the docker interface in the ubuntu machine but the same connection timeout observed.
spannidea-163@spanidea163:~$ cat /etc/lsb-release
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=20.04
DISTRIB_CODENAME=focal
DISTRIB_DESCRIPTION="Ubuntu 20.04.3 LTS"
spannidea-163@spanidea163:~$
spannidea-163@spanidea163:~$ sudo ip link delete docker0
spannidea-163@spanidea163:~$ ifconfig
enp4s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.0.0.10 netmask 255.255.255.0 broadcast 10.0.0.255
inet6 fe80::66f8:1e95:4d35:60a5 prefixlen 64 scopeid 0x20<link>
ether 90:2e:16:4d:47:3c txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 403 bytes 60920 (60.9 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
enx000e09872e4f: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.101.8 netmask 255.255.255.0 broadcast 192.168.101.255
inet6 fe80::b9ea:b8ab:6038:c7b3 prefixlen 64 scopeid 0x20<link>
ether 00:0e:09:87:2e:4f txqueuelen 1000 (Ethernet)
RX packets 533779 bytes 644657774 (644.6 MB)
RX errors 0 dropped 6294 overruns 0 frame 0
TX packets 437863 bytes 52968759 (52.9 MB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 6619 bytes 608072 (608.0 KB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 6619 bytes 608072 (608.0 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
wlp0s20f3: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.101.4 netmask 255.255.255.0 broadcast 192.168.101.255
inet6 fe80::95cd:db77:c9c2:e08 prefixlen 64 scopeid 0x20<link>
ether b0:60:88:f1:44:06 txqueuelen 1000 (Ethernet)
RX packets 6577 bytes 1750393 (1.7 MB)
RX errors 0 dropped 4374 overruns 0 frame 0
TX packets 700 bytes 124467 (124.4 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
spannidea-163@spanidea163:~$ ping 192.168.101.5
PING 192.168.101.5 (192.168.101.5) 56(84) bytes of data.
64 bytes from 192.168.101.5: icmp_seq=1 ttl=64 time=3.05 ms
64 bytes from 192.168.101.5: icmp_seq=2 ttl=64 time=2.47 ms
^C
--- 192.168.101.5 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 2.472/2.761/3.051/0.289 ms
spannidea-163@spanidea163:~$ ssh -vvv root@192.168.101.5
OpenSSH_8.2p1 Ubuntu-4ubuntu0.3, OpenSSL 1.1.1f 31 Mar 2020
debug1: Reading configuration data /home/spannidea-163/.ssh/config
debug1: /home/spannidea-163/.ssh/config line 1: Applying options for *
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no files
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug2: resolve_canonicalize: hostname 192.168.101.5 is address
debug2: ssh_connect_direct
debug1: Connecting to 192.168.101.5 [192.168.101.5] port 22.
debug1: connect to address 192.168.101.5 port 22: Connection timed out
ssh: connect to host 192.168.101.5 port 22: Connection timed out
spannidea-163@spanidea163:~$
I can ssh my ubuntu host machine into docsis gateway.Its working fine
root@Docsis-Gateway:~# ssh spannidea-163@192.168.101.8
Host '192.168.101.8' is not in the trusted hosts file.
(ecdsa-sha2-nistp256 fingerprint sha1!! ce:6a:53:25:21:3a:e2:24:6f:e1:fe:6c:7f:de:36:4b:5a:64:ef:05)
Do you want to continue connecting? (y/n) y
Login for spannidea-163@192.168.101.8
Password: [ 3850.371529] CcspPandMSsp[4390]: Updated ntp_time to Lattice = 2022-04-06T05:14:59Z
Welcome to Ubuntu 20.04.3 LTS (GNU/Linux 5.13.0-39-generic x86_64)
* Documentation: https://help.ubuntu.com
* Management: https://landscape.canonical.com
* Support: https://ubuntu.com/advantage
1 device has a firmware upgrade available.
Run `fwupdmgr get-upgrades` for more information.

90 updates can be applied immediately.
To see these additional updates run: apt list --upgradable
Your Hardware Enablement Stack (HWE) is supported until April 2025.
Last login: Fri Apr 1 13:55:03 2022 from 10.0.0.1
0;spannidea-163@spanidea163: ~spannidea-163@spanidea163:~$
- Permalink
- Apr 06, 2022
Z-Muneeswaran R
checked the ssh on another ubuntu machine the same connection timeout issue observed.
root@Docsis-Gateway:~# ps | grep dropbear
8662 root 2112 S dropbear -R -E -a -r /tmp/.dropbear/dropcfg18617 -r /tmp/.dropbear/dropcfg28617 -p [192.168.29.154]:22 -p [10.0.0.1]:22 -P /var/run/dropbear.pid -B
13191 root 1640 S grep dropbear
root@Docsis-Gateway:~#
spanidea166@spanidea166-ThinkPad-E15-Gen-2:~$ ping 192.168.29.154
PING 192.168.29.154 (192.168.29.154) 56(84) bytes of data.
64 bytes from 192.168.29.154: icmp_seq=1 ttl=64 time=1.81 ms
64 bytes from 192.168.29.154: icmp_seq=2 ttl=64 time=1.74 ms
64 bytes from 192.168.29.154: icmp_seq=3 ttl=64 time=1.76 ms
^C
--- 192.168.29.154 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2004ms
rtt min/avg/max/mdev = 1.737/1.770/1.813/0.031 ms
spanidea166@spanidea166-ThinkPad-E15-Gen-2:~$ ssh -vvv root@192.168.29.154
OpenSSH_8.2p1 Ubuntu-4ubuntu0.4, OpenSSL 1.1.1f 31 Mar 2020
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no files
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug2: resolve_canonicalize: hostname 192.168.29.154 is address
debug2: ssh_connect_direct
debug1: Connecting to 192.168.29.154 [192.168.29.154] port 22.
debug1: connect to address 192.168.29.154 port 22: Connection timed out
ssh: connect to host 192.168.29.154 port 22: Connection timed out
spanidea166@spanidea166-ThinkPad-E15-Gen-2:~$
- Permalink
- Apr 06, 2022
1. Priyankaa K V B
  Hi Z-Muneeswaran R ,
  Could you please share the below details
  SSH to other m/c or devices are working fine ? and not able to do ssh only for this device ? or SSH to any other devices or m/c itself not working ?
  can you restart ssh(sudo /etc/init.d/ssh restart) in your VM and try
  Run the command "sudo ufw allow ssh" in your VM and try . (Ensure ssh has been installed in your VM)
  Try with -f option in ssh -vvv
  Permalink
  
  Apr 06, 2022
Z-Muneeswaran R
Hi Priyankaa K V B,
- SSH to other device is working fine without any issue only this broadcom docsis gateway reference device had issue with ssh.
- already tried with firewall disable option and restarting the ssh.
spannidea-163@spanidea163:~$ sudo /etc/init.d/ssh restart
[sudo] password for spannidea-163:
Restarting ssh (via systemctl): ssh.service.
spannidea-163@spanidea163:~$
spannidea-163@spanidea163:~$ sudo ufw allow ssh
[sudo] password for spannidea-163:
Skipping adding existing rule
Skipping adding existing rule (v6)
spannidea-163@spanidea163:~$ ssh -fN -vvv root@192.168.101.5
OpenSSH_8.2p1 Ubuntu-4ubuntu0.3, OpenSSL 1.1.1f 31 Mar 2020
debug1: Reading configuration data /home/spannidea-163/.ssh/config
debug1: /home/spannidea-163/.ssh/config line 1: Applying options for *
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no files
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug2: resolve_canonicalize: hostname 192.168.101.5 is address
debug2: ssh_connect_direct
debug1: Connecting to 192.168.101.5 [192.168.101.5] port 22.
debug1: connect to address 192.168.101.5 port 22: Connection timed out
ssh: connect to host 192.168.101.5 port 22: Connection timed out
spannidea-163@spanidea163:~$

I suspect the dropbear service running on docsis gateway had some issue w.r.t broadcom. Its not asking any finger print pop up to authenticate the ssh device. can we check the dropbear logs in the device side when we trying to ssh in host machine.
- Permalink
- Apr 06, 2022
1. Priyankaa K V B
  Hi Z-Muneeswaran R,
  Please track SPANIDEA-2 - Getting issue details... STATUS for this issue .
  Regards,
  Priyankaa KVB
  Permalink
  
  Apr 07, 2022
Z-Muneeswaran R
Hi @Priyankaa K V B.,
I unable to view this SPANIDEA-2 jira. can you please give permission to view it.
Thanks,
Munees
- Permalink
- Apr 07, 2022
1. Priyankaa K V B
  Hi Z-Yogomaya Maharana ,
  Could you please provide permission for Z-Muneeswaran R to access SPANIDEA-2 - Getting issue details... STATUS
  Regards,
  Priyankaa KVB
  Permalink
  
  Apr 07, 2022
Z-Muneeswaran R
Hi Z-Yogomaya Maharana
Could you please provide permission Z-Muneeswaran R to access SPANIDEA-2 - Jira issue.
Regards,
Munees
- Permalink
- Apr 08, 2022
1. Z-Yogomaya Maharana
  Z-Muneeswaran R - Access has been added to the project
  Permalink
  
  Apr 12, 2022
Z-Xu Junnan
Z-Yogomaya Maharana Priyankaa K V B
May you also add my access for JIRA SPANIDEA-2 ticket? I'm also meet this issues.
- Permalink
- Aug 01, 2022
Z-Pooja Desai Mehta
Z-Xu Junnan - Sorry we will not be able to grant access to another company's Jira project. Please create a specific support ticket for your issue, and we will work to resolve it.
- Permalink
- Aug 01, 2022

Space shortcuts

Home

CMF

Forums

Page tree

16 Comments

Deepika Ganapathi Bhat

Z-Muneeswaran R

Deepika Ganapathi Bhat

Z-Muneeswaran R

Deepika Ganapathi Bhat

Z-Muneeswaran R

Z-Muneeswaran R

Priyankaa K V B

Z-Muneeswaran R

Priyankaa K V B

Z-Muneeswaran R

Priyankaa K V B

Z-Muneeswaran R

Z-Yogomaya Maharana

Z-Xu Junnan

Z-Pooja Desai Mehta