• Created by Unknown User (muneeswaran), last modified on Apr 05, 2022
Scroll page details

I'm using broadcom reference board with docsis3.1. and facing connection timeout issue during the ssh the docsis gateway on host machine. 

Also refererd the the below links to run dropbear in docsis gateway device.  

How to enable SSH service to connect from LAN IP?

The dropbear service is running on both LAN IP and WAN IP address. Please find the details below which captured in the docsis gateway

root@Docsis-Gateway:~# ps | grep drop
 8662 root      2112 S    dropbear -R -E -a -r /tmp/.dropbear/dropcfg18617 -r /tmp/.dropbear/dropcfg28617 -p [192.168.29.154]:22 -p [10.0.0.1]:22 -P /var/run/dropbear.pid -B
18312 root      1640 S    grep drop
root@Docsis-Gateway:~#
root@Docsis-Gateway:~# netstat -lntp | grep dropbear
tcp        0      0 10.0.0.1:22             0.0.0.0:*               LISTEN      8662/dropbear
tcp        0      0 192.168.29.154:22       0.0.0.0:*               LISTEN      8662/dropbear
root@Docsis-Gateway:~# 
root@Docsis-Gateway:~# ifconfig brlan0
brlan0    Link encap:Ethernet  HWaddr FC:4A:E9:E2:63:C7  
          inet addr:10.0.0.1  Bcast:10.0.0.255  Mask:255.255.255.0
          inet6 addr: fe80::fe4a:e9ff:fee2:63c7/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:16094 errors:0 dropped:1 overruns:0 frame:0
          TX packets:852 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:2693655 (2.5 MiB)  TX bytes:141799 (138.4 KiB)

root@Docsis-Gateway:~#
root@Docsis-Gateway:~# cat /etc/version 
20220312122718
root@Docsis-Gateway:~#

The connection timeout happened on both wan and lan ip. 

spanidea166@spanidea166-ThinkPad-E15-Gen-2:~$ ping 10.0.0.1
PING 10.0.0.1 (10.0.0.1) 56(84) bytes of data.
64 bytes from 10.0.0.1: icmp_seq=1 ttl=64 time=5.38 ms
64 bytes from 10.0.0.1: icmp_seq=2 ttl=64 time=3.37 ms
64 bytes from 10.0.0.1: icmp_seq=3 ttl=64 time=3.20 ms
^C
--- 10.0.0.1 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2003ms
rtt min/avg/max/mdev = 3.197/3.980/5.379/0.991 ms
spanidea166@spanidea166-ThinkPad-E15-Gen-2:~$ ssh -vvv root@10.0.0.1
OpenSSH_8.2p1 Ubuntu-4ubuntu0.4, OpenSSL 1.1.1f  31 Mar 2020
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no files
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug2: resolve_canonicalize: hostname 10.0.0.1 is address
debug2: ssh_connect_direct
debug1: Connecting to 10.0.0.1 [10.0.0.1] port 22.
debug1: connect to address 10.0.0.1 port 22: Connection timed out
ssh: connect to host 10.0.0.1 port 22: Connection timed out
spanidea166@spanidea166-ThinkPad-E15-Gen-2:~$

  • No labels

16 Comments

  1. Deepika Ganapathi Bhat

    Hi Unknown User (muneeswaran)

    Try ssh with "erouter0" interface address.
    SSH daemon is starts with wan IPv6 address by default . If the IPv6 will not be available, it will start with IPv4 address. This can be confirmed in https://code.rdkcentral.com/r/plugins/gitiles/rdkb/components/opensource/ccsp/Utopia/+/refs/heads/rdkb-2021q4-dunfell/source/scripts/init/service.d/service_sshd.sh

  2. Unknown User (muneeswaran)

    Hi Unknown User (deepika.b) 

    As I mentioned earlier the dropbear deamon running on ipv4 of brlanIP and CM_IP address. 

    root@brcm93390smwvg2:~# ps | grep dropbear
    12746 root      2112 S    dropbear -R -E -a -r /etc/dropbear/dropbear_dss_host_key -r /etc/dropbear/dropbear_rsa_host_key -p [192.168.101.5]:22 -p [10.0.0.1]:22 -P /var/run/dropbear.pid -B
    31083 root      1640 S    grep dropbear
    root@brcm93390smwvg2:~#

    I could ping the ipv4 of erouter ip address but it's get time out for ssh access. Are we missing any other ssh server configuration on device ?

    spannidea-163@spanidea163:~$ ping -c 4 192.168.101.5
    PING 192.168.101.5 (192.168.101.5) 56(84) bytes of data.
    64 bytes from 192.168.101.5: icmp_seq=1 ttl=64 time=2.76 ms
    64 bytes from 192.168.101.5: icmp_seq=2 ttl=64 time=3.37 ms
    64 bytes from 192.168.101.5: icmp_seq=3 ttl=64 time=2.30 ms
    64 bytes from 192.168.101.5: icmp_seq=4 ttl=64 time=2.80 ms

    --- 192.168.101.5 ping statistics ---
    4 packets transmitted, 4 received, 0% packet loss, time 3004ms
    rtt min/avg/max/mdev = 2.296/2.807/3.374/0.382 ms

    spannidea-163@spanidea163:~$ ssh -vvv root@192.168.101.5
    OpenSSH_8.2p1 Ubuntu-4ubuntu0.3, OpenSSL 1.1.1f  31 Mar 2020
    debug1: Reading configuration data /home/spannidea-163/.ssh/config
    debug1: /home/spannidea-163/.ssh/config line 1: Applying options for *
    debug1: Reading configuration data /etc/ssh/ssh_config
    debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no files
    debug1: /etc/ssh/ssh_config line 21: Applying options for *
    debug2: resolve_canonicalize: hostname 192.168.101.5 is address
    debug2: ssh_connect_direct
    debug1: Connecting to 192.168.101.5 [192.168.101.5] port 22.
    debug1: connect to address 192.168.101.5 port 22: Connection timed out
    ssh: connect to host 192.168.101.5 port 22: Connection timed out
    spannidea-163@spanidea163:~$

  3. Deepika Ganapathi Bhat

    Hi Unknown User (muneeswaran) 

    Can you provide me the below details

    1. which rdkb release you are using ?
    2. ifconfig output of  VM where ssh being done (spanidea166@spanidea166-ThinkPad-E15-Gen-2) 
    3. output of dmcli eRT getv Device.X_CISCO_COM_DeviceControl.SSHEnable
    4. output of command → cat /nvram/syscfg.db | grep "last_erouter_mode" 

  4. Unknown User (muneeswaran)

    Hi Unknown User (deepika.b) ,

    Please find the requested details. Looks everything fine here. 

    1.which rdkb release you are using ?

               root@Docsis-Gateway:~# cat /version.txt 
               imagename:brcm_rdkb-2021q3-dunfell_20220331133006
               BRANCH=rdkb-2021q3-dunfell
               YOCTO_VERSION=dunfell
               VERSION=4.03.31.22
               SPIN=0
               BUILD_TIME="2022-03-31 13:30:06"
               Generated on Thu Mar 31  13:30:06 UTC 2022
               root@Docsis-Gateway:~# 

    2. ifconfig output of  VM where ssh being done (spanidea166@spanidea166-ThinkPad-E15-Gen-2) 

       spannidea-163@spanidea163:~$ ifconfig 
       docker0: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
            inet 172.17.0.1  netmask 255.255.0.0  broadcast 172.17.255.255
            ether 02:42:0e:64:d5:92  txqueuelen 0  (Ethernet)
            RX packets 0  bytes 0 (0.0 B)
            RX errors 0  dropped 0  overruns 0  frame 0
            TX packets 0  bytes 0 (0.0 B)
            TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

    enp4s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
            inet 10.0.0.10  netmask 255.255.255.0  broadcast 10.0.0.255
            inet6 fe80::66f8:1e95:4d35:60a5  prefixlen 64  scopeid 0x20<link>
            ether 90:2e:16:4d:47:3c  txqueuelen 1000  (Ethernet)
            RX packets 0  bytes 0 (0.0 B)
            RX errors 0  dropped 0  overruns 0  frame 0
            TX packets 198  bytes 25620 (25.6 KB)
            TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

    enx000e09872e4f: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
            inet 192.168.101.8  netmask 255.255.255.0  broadcast 192.168.101.255
            inet6 fe80::b9ea:b8ab:6038:c7b3  prefixlen 64  scopeid 0x20<link>
            ether 00:0e:09:87:2e:4f  txqueuelen 1000  (Ethernet)
            RX packets 65696  bytes 74123800 (74.1 MB)
            RX errors 0  dropped 3754  overruns 0  frame 0
            TX packets 42306  bytes 4705462 (4.7 MB)
            TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

    lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
            inet 127.0.0.1  netmask 255.0.0.0
            inet6 ::1  prefixlen 128  scopeid 0x10<host>
            loop  txqueuelen 1000  (Local Loopback)
            RX packets 2848  bytes 233327 (233.3 KB)
            RX errors 0  dropped 0  overruns 0  frame 0
            TX packets 2848  bytes 233327 (233.3 KB)
            TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

    wlp0s20f3: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
            inet 192.168.101.4  netmask 255.255.255.0  broadcast 192.168.101.255
            inet6 fe80::95cd:db77:c9c2:e08  prefixlen 64  scopeid 0x20<link>
            ether b0:60:88:f1:44:06  txqueuelen 1000  (Ethernet)
            RX packets 3044  bytes 208744 (208.7 KB)
            RX errors 0  dropped 2572  overruns 0  frame 0
            TX packets 304  bytes 37325 (37.3 KB)
            TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

    spannidea-163@spanidea163:~

    3.output of dmcli eRT getv Device.X_CISCO_COM_DeviceControl.SSHEnable

    root@Docsis-Gateway:~# dmcli eRT getv Device.X_CISCO_COM_DeviceControl.SSHEnable
    CR component name is: eRT.com.cisco.spvtg.ccsp.CR
    subsystem_prefix eRT.
    getv from/to component(eRT.com.cisco.spvtg.ccsp.pam): Device.X_CISCO_COM_DeviceControl.SSHEnable
    Execution succeed.
    Parameter    1 name: Device.X_CISCO_COM_DeviceControl.SSHEnable
                   type:       bool,    value: true 

    root@Docsis-Gateway:~#

    4.output of command → cat /nvram/syscfg.db | grep "last_erouter_mode" 

    root@Docsis-Gateway:~# cat /opt/secure/data/syscfg.db | grep last_erouter_mode
    last_erouter_mode=3
    root@Docsis-Gateway:~#

  5. Deepika Ganapathi Bhat

    Hi Unknown User (muneeswaran) 

    Docker Desktop for Windows can’t route traffic to Linux platforms.
    However, you can ping .

     Could you check ssh using other VM, ubuntu machine or linux machines once.

  6. Unknown User (muneeswaran)

    Hi Unknown User (deepika.b) 

    i'm using ubuntu machine 20.04 distribuion not docker desktop. even i have deleted the docker interface in the ubuntu machine but the same connection timeout observed. 

    spannidea-163@spanidea163:~$ cat /etc/lsb-release 
    DISTRIB_ID=Ubuntu
    DISTRIB_RELEASE=20.04
    DISTRIB_CODENAME=focal
    DISTRIB_DESCRIPTION="Ubuntu 20.04.3 LTS"
    spannidea-163@spanidea163:~$ 

    spannidea-163@spanidea163:~$ sudo ip link delete docker0
    spannidea-163@spanidea163:~$ ifconfig 
    enp4s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
            inet 10.0.0.10  netmask 255.255.255.0  broadcast 10.0.0.255
            inet6 fe80::66f8:1e95:4d35:60a5  prefixlen 64  scopeid 0x20<link>
            ether 90:2e:16:4d:47:3c  txqueuelen 1000  (Ethernet)
            RX packets 0  bytes 0 (0.0 B)
            RX errors 0  dropped 0  overruns 0  frame 0
            TX packets 403  bytes 60920 (60.9 KB)
            TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

    enx000e09872e4f: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
            inet 192.168.101.8  netmask 255.255.255.0  broadcast 192.168.101.255
            inet6 fe80::b9ea:b8ab:6038:c7b3  prefixlen 64  scopeid 0x20<link>
            ether 00:0e:09:87:2e:4f  txqueuelen 1000  (Ethernet)
            RX packets 533779  bytes 644657774 (644.6 MB)
            RX errors 0  dropped 6294  overruns 0  frame 0
            TX packets 437863  bytes 52968759 (52.9 MB)
            TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

    lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
            inet 127.0.0.1  netmask 255.0.0.0
            inet6 ::1  prefixlen 128  scopeid 0x10<host>
            loop  txqueuelen 1000  (Local Loopback)
            RX packets 6619  bytes 608072 (608.0 KB)
            RX errors 0  dropped 0  overruns 0  frame 0
            TX packets 6619  bytes 608072 (608.0 KB)
            TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

    wlp0s20f3: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
            inet 192.168.101.4  netmask 255.255.255.0  broadcast 192.168.101.255
            inet6 fe80::95cd:db77:c9c2:e08  prefixlen 64  scopeid 0x20<link>
            ether b0:60:88:f1:44:06  txqueuelen 1000  (Ethernet)
            RX packets 6577  bytes 1750393 (1.7 MB)
            RX errors 0  dropped 4374  overruns 0  frame 0
            TX packets 700  bytes 124467 (124.4 KB)
            TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

    spannidea-163@spanidea163:~$ ping 192.168.101.5
    PING 192.168.101.5 (192.168.101.5) 56(84) bytes of data.
    64 bytes from 192.168.101.5: icmp_seq=1 ttl=64 time=3.05 ms
    64 bytes from 192.168.101.5: icmp_seq=2 ttl=64 time=2.47 ms
    ^C
    --- 192.168.101.5 ping statistics ---
    2 packets transmitted, 2 received, 0% packet loss, time 1001ms
    rtt min/avg/max/mdev = 2.472/2.761/3.051/0.289 ms
    spannidea-163@spanidea163:~$ ssh -vvv root@192.168.101.5
    OpenSSH_8.2p1 Ubuntu-4ubuntu0.3, OpenSSL 1.1.1f  31 Mar 2020
    debug1: Reading configuration data /home/spannidea-163/.ssh/config
    debug1: /home/spannidea-163/.ssh/config line 1: Applying options for *
    debug1: Reading configuration data /etc/ssh/ssh_config
    debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no files
    debug1: /etc/ssh/ssh_config line 21: Applying options for *
    debug2: resolve_canonicalize: hostname 192.168.101.5 is address
    debug2: ssh_connect_direct
    debug1: Connecting to 192.168.101.5 [192.168.101.5] port 22.
    debug1: connect to address 192.168.101.5 port 22: Connection timed out
    ssh: connect to host 192.168.101.5 port 22: Connection timed out
    spannidea-163@spanidea163:~$ 

    I can ssh my ubuntu host machine into docsis gateway.Its working fine

    root@Docsis-Gateway:~# ssh spannidea-163@192.168.101.8

    Host '192.168.101.8' is not in the trusted hosts file.
    (ecdsa-sha2-nistp256 fingerprint sha1!! ce:6a:53:25:21:3a:e2:24:6f:e1:fe:6c:7f:de:36:4b:5a:64:ef:05)
    Do you want to continue connecting? (y/n) y
    Login for spannidea-163@192.168.101.8
    Password: [ 3850.371529] CcspPandMSsp[4390]: Updated ntp_time to Lattice  = 2022-04-06T05:14:59Z

    Welcome to Ubuntu 20.04.3 LTS (GNU/Linux 5.13.0-39-generic x86_64)

     * Documentation:  https://help.ubuntu.com
     * Management:     https://landscape.canonical.com
     * Support:        https://ubuntu.com/advantage

    1 device has a firmware upgrade available.
    Run `fwupdmgr get-upgrades` for more information.


    90 updates can be applied immediately.
    To see these additional updates run: apt list --upgradable

    Your Hardware Enablement Stack (HWE) is supported until April 2025.
    Last login: Fri Apr  1 13:55:03 2022 from 10.0.0.1
    0;spannidea-163@spanidea163: ~spannidea-163@spanidea163:~$

  7. Unknown User (muneeswaran)

    checked the ssh on another ubuntu machine the same connection timeout issue observed.

    root@Docsis-Gateway:~# ps | grep dropbear
     8662 root      2112 S    dropbear -R -E -a -r /tmp/.dropbear/dropcfg18617 -r /tmp/.dropbear/dropcfg28617 -p [192.168.29.154]:22 -p [10.0.0.1]:22 -P /var/run/dropbear.pid -B
    13191 root      1640 S    grep dropbear
    root@Docsis-Gateway:~#

    spanidea166@spanidea166-ThinkPad-E15-Gen-2:~$ ping 192.168.29.154
    PING 192.168.29.154 (192.168.29.154) 56(84) bytes of data.
    64 bytes from 192.168.29.154: icmp_seq=1 ttl=64 time=1.81 ms
    64 bytes from 192.168.29.154: icmp_seq=2 ttl=64 time=1.74 ms
    64 bytes from 192.168.29.154: icmp_seq=3 ttl=64 time=1.76 ms
    ^C
    --- 192.168.29.154 ping statistics ---
    3 packets transmitted, 3 received, 0% packet loss, time 2004ms
    rtt min/avg/max/mdev = 1.737/1.770/1.813/0.031 ms
    spanidea166@spanidea166-ThinkPad-E15-Gen-2:~$ ssh -vvv root@192.168.29.154
    OpenSSH_8.2p1 Ubuntu-4ubuntu0.4, OpenSSL 1.1.1f  31 Mar 2020
    debug1: Reading configuration data /etc/ssh/ssh_config
    debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no files
    debug1: /etc/ssh/ssh_config line 21: Applying options for *
    debug2: resolve_canonicalize: hostname 192.168.29.154 is address
    debug2: ssh_connect_direct
    debug1: Connecting to 192.168.29.154 [192.168.29.154] port 22.
    debug1: connect to address 192.168.29.154 port 22: Connection timed out
    ssh: connect to host 192.168.29.154 port 22: Connection timed out
    spanidea166@spanidea166-ThinkPad-E15-Gen-2:~$ 

    1. user-3ffc2

      Hi Unknown User (muneeswaran) ,

      Could you please share the below details 

      • SSH to other m/c or devices are working fine ? and not able to do ssh only for this device ? or SSH to any other devices or m/c itself not working ?
      • can you restart ssh(sudo /etc/init.d/ssh restart) in your VM and try
      • Run the command "sudo ufw allow ssh" in your VM and try . (Ensure ssh has been installed in your VM)
      • Try with -f option in ssh -vvv

  8. Unknown User (muneeswaran)

    Hi Priyankaa K V B,

    • SSH to other device is working fine without any issue only this broadcom docsis gateway reference device had issue with ssh.
    • already tried with firewall disable option and restarting the ssh.

    spannidea-163@spanidea163:~$ sudo /etc/init.d/ssh restart
    [sudo] password for spannidea-163: 
    Restarting ssh (via systemctl): ssh.service.
    spannidea-163@spanidea163:~$ 

    spannidea-163@spanidea163:~$ sudo ufw allow ssh
    [sudo] password for spannidea-163: 
    Skipping adding existing rule
    Skipping adding existing rule (v6)
    spannidea-163@spanidea163:~$ ssh -fN -vvv root@192.168.101.5
    OpenSSH_8.2p1 Ubuntu-4ubuntu0.3, OpenSSL 1.1.1f  31 Mar 2020
    debug1: Reading configuration data /home/spannidea-163/.ssh/config
    debug1: /home/spannidea-163/.ssh/config line 1: Applying options for *
    debug1: Reading configuration data /etc/ssh/ssh_config
    debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no files
    debug1: /etc/ssh/ssh_config line 21: Applying options for *
    debug2: resolve_canonicalize: hostname 192.168.101.5 is address
    debug2: ssh_connect_direct
    debug1: Connecting to 192.168.101.5 [192.168.101.5] port 22.
    debug1: connect to address 192.168.101.5 port 22: Connection timed out
    ssh: connect to host 192.168.101.5 port 22: Connection timed out
    spannidea-163@spanidea163:~$ 


    I suspect the dropbear service running on docsis gateway had some issue w.r.t broadcom. Its not asking any finger print pop up to authenticate the ssh device. can we check the dropbear logs in the device side when we trying to ssh in host machine.  


    1. user-3ffc2

      Hi Unknown User (muneeswaran),

      Please track SPANIDEA-2 - Getting issue details... STATUS for this issue . 

      Regards,
      Priyankaa KVB

  9. Unknown User (muneeswaran)

    Hi @Priyankaa K V B.,

    I unable to view this SPANIDEA-2 jira. can you please give permission to view it.

    Thanks,

    Munees


    1. user-3ffc2

      Hi Unknown User (ymaharana) ,

      Could you please provide permission for Unknown User (muneeswaran) to access SPANIDEA-2 - Getting issue details... STATUS

      Regards,
      Priyankaa KVB

  10. Unknown User (muneeswaran)

    Hi Unknown User (ymaharana) 

    Could you please provide permission Unknown User (muneeswaran) to access SPANIDEA-2 - Jira issue.

    Regards,

    Munees

    1. Unknown User (ymaharana)

      Unknown User (muneeswaran)  - Access has been added to the project

  11. Unknown User (junnan.xu)

    Unknown User (ymaharana) Unknown User (priyankaa.kvb) 

    May you also add my access for JIRA SPANIDEA-2 ticket? I'm also meet this issues.

  12. Unknown User (pdesai)

    Unknown User (junnan.xu) - Sorry we will not be able to grant access to another company's Jira project.  Please create a specific support ticket for your issue, and we will work to resolve it.