NSA325v2 SSH Problem on Windows 11

aldapooh
aldapooh Posts: 66  Ally Member
First Comment Friend Collector Second Anniversary Community MVP

Hello everyone,

I run into a strange issue: on NSA325v2 I cannot login using Putty/SSH on Win 11.

It works fine on Win 10.

Somehow Win 11 command ssh returns the error: "ssh: connect to host <ip> port 22: Connection refused" The same with Putty.

It's irrelevant if I use IP or domain name.

PS as I do have a new Win 11 laptop, I do not know if the issue has been there before. On Win 10 Putty works fine.

PPS I am not sure if this is related but I installed recently zyxel-samba-replacement to enable SMB2 as per thread here:

Anything I can trouble shoot?

Regards, -Alexey

Accepted Solution

  • Mijzelf
    Mijzelf Posts: 2,764  Guru Member
    250 Answers 2500 Comments Friend Collector Seventh Anniversary
    Answer ✓

    does it make big difference?

    Not at all.

    The server rejected SFTP connection, but it listens for FTP connections.

    could it be the related error? since SFTP access port 22.

    Yes, that could be related. SFTP is actually a subsystem of ssh.

    what I cannot then understand how on earth Putty on Win7 can login then?

    Are you sure it's ssh? PuTTY can do telnet either.

All Replies

  • Mijzelf
    Mijzelf Posts: 2,764  Guru Member
    250 Answers 2500 Comments Friend Collector Seventh Anniversary

    My guess is that the firewall of W11 is acting up. When it runs from a W10 box in the same network, it should also run from that W11 box. The NAS doesn't have a firewall, and doesn't discriminate between remote IP addresses.

    Did you install some fancy 'internet protection kit' as replacement for the build-in firewall? Anyway, try to disable it, and try again.

  • aldapooh
    aldapooh Posts: 66  Ally Member
    First Comment Friend Collector Second Anniversary Community MVP

    Hi Mijzelf,

    thank you.

    No, I do not have internet protection kits. It is a new Win 11 laptop and I did not install anything on top. I additionally added Putty to Windows Firewall exception.

    Another thing I cannot underhand: I can login to NAS524 from the same Win 11 laptop via Putty with out any issues. It is only NSA325v2 which returns "connection refused".

    Regards, -Alexey

  • Mijzelf
    Mijzelf Posts: 2,764  Guru Member
    250 Answers 2500 Comments Friend Collector Seventh Anniversary

    The plot thickens. There is another possible problem, an outdated handshake, but then I'd expect another error. And I'd expect the same version of PuTTY to behave the same for W10 and W11.

    On W11 you have a command line ssh, don't you? what is the output of

    ssh -vv user@nas
    

  • aldapooh
    aldapooh Posts: 66  Ally Member
    First Comment Friend Collector Second Anniversary Community MVP

    Hi Mijzelf,

    thank you million times for looking into that. Appreciated.

    here is the output of cmd on Win 11 for NSA325v2:

    C:\Users\<user>ssh -vv admin@<NSA>
    OpenSSH_for_Windows_8.6p1, LibreSSL 3.4.3
    debug1: Authenticator provider $SSH_SK_PROVIDER did not resolve; disabling
    debug2: resolving "<NSA>" port 22
    debug1: Connecting to <>NSA[192.168.0.222] port 22.
    debug1: connect to address 192.168.0.222 port 22: Connection refused
    ssh: connect to host <NSA> port 22: Connection refused

    PS as a non expert, I recently installed https://metarepo.tk/Users/Mijzelf/zypkg-repo/ and I see the following list of packages

    What is interesting I dont see Telnet/SSH package plus Google Drive package is now greyed out (despite it is supposed to be built in).

    Regards, -A

  • Mijzelf
    Mijzelf Posts: 2,764  Guru Member
    250 Answers 2500 Comments Friend Collector Seventh Anniversary

    debug1: connect to address 192.168.0.222 port 22: Connection refused

    That looks like a genuine 'Connection refused'. If you get that, than either nothing is listening on that port, or a firewall is blocking it. If you can connect to the same IP and port on the same moment using a W10 box, then the port is open. The NSA325 doesn't run a firewall, nor can it be added. (It's not compiled in in the kernel, nor can it be added using modules. You would need another kernel).

    So conclusion: there is another firewall in between, or due to routing issues your W11 box is accessing another box with the same IP address. As I assume you are accessing Samba on the NAS from the W11 box, I suppose the latter isn't true. So a firewall remains. Is there any firewall between the W11 box and the NAS? Have you already tried to switch off the build-in firewall?

    What is interesting I dont see Telnet/SSH package

    ZyXEL has switched off their package server for the 325, and so you don't see any stock packages, except those which were already installed. Don't know why you don't see ssh, it's obviously installed.

    plus Google Drive package is now greyed out

    From other threads I understand that Google Drive doesn't work anymore, due to a changed protocol. Maybe the firmware detects that and greys it out?

  • aldapooh
    aldapooh Posts: 66  Ally Member
    First Comment Friend Collector Second Anniversary Community MVP

    Hmm… thank you and I see your points, Mijzelf.

    first a minor correction: another machine is not win 10, another machine is win 7 actually. does it make big difference? Putty works on Win 7 machine. Sorry for stating it was Win 10, stupid mistake.

    I start testing few things on my Win 7 machine i used since 10 years. and try to check how my WinSCP are set up there.

    one thing I found out:

    for NSA325v2 I cannot use SFTP as well. as soon as I try to use SFTP I got this error:

    The server rejected SFTP connection, but it listens for FTP connections.

    could it be the related error? since SFTP access port 22.

    is there a way to fix it on NSA325v2

    what I cannot then understand how on earth Putty on Win7 can login then?

    Thank you, and best regards, -A

  • Mijzelf
    Mijzelf Posts: 2,764  Guru Member
    250 Answers 2500 Comments Friend Collector Seventh Anniversary
    Answer ✓

    does it make big difference?

    Not at all.

    The server rejected SFTP connection, but it listens for FTP connections.

    could it be the related error? since SFTP access port 22.

    Yes, that could be related. SFTP is actually a subsystem of ssh.

    what I cannot then understand how on earth Putty on Win7 can login then?

    Are you sure it's ssh? PuTTY can do telnet either.

  • aldapooh
    aldapooh Posts: 66  Ally Member
    First Comment Friend Collector Second Anniversary Community MVP

    Hello Mijzelf,

    I am so sorry and you are so right. I was using Telnet on Win 7 machine. When I changed to SSH on Win 7 machine, I could not connect to NSA325v2 either. I apologize for me being so incorrect in my initial request. And yes, I can connect via Telnet on Win 11 machine

    FYI - on my NAS524 box I can use both Telnet and SSH on both Win 7 and Win 11

    But now I have a question - it looks there is no SSH, only Telnet on my NSA325v2. Is it per design or I screwed something over? And it looks like there was no SSH since ages there, as the last time I changed Putty connection settings was like 10 years ago.

    Happy new year!

    Regards, -A

  • Mijzelf
    Mijzelf Posts: 2,764  Guru Member
    250 Answers 2500 Comments Friend Collector Seventh Anniversary

    it looks there is no SSH, only Telnet on my NSA325v2. Is it per design or I screwed something over?

    The 'original' 325 didn't have either of them, apart from The Telnet Backdoor. Later there came an installable ssh server package. But AFAIK the official firmware doesn't have a way to start a telnet daemon on boot. So how is yours active? My Tweaks package has a way to enable the telnet daemon, but it seems you didn't install it. Maybe the Entware-ng package enables it? Can't remember, it is possible that it does so, as you can't do anything with it without a shell.

    BTW, if you want ssh, you'll either have to put my backup of the original packages (http://metarepo.tk/Users/Mijzelf/zypkg-repo/fw4_stock_packages/) in your MetaRepository list and install the 'official' ssh server package, or install dropbear from my repo, or install (and enable) the Entware-ng ssh server.

Consumer Product Help Center