[Devil-Linux-discuss] Can't connect with SSH from outside LAN: Permission denied (publickey, passwo

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Hello everybody!

If  I try to login to my home Devil-linux router from location outside my
LAN (over the internet), it won't accept my password, eventhough the
password is correct. After lots of googling and reading sshd and ssh_config
manuals on the OpenSSH website, I still can't find the answer that would
make this work.

I use Putty to SSH to the router from my home LAN using the same username
and password and it logs me in without any problems, and it doesn't matter
if I enter the routers local NIC IP or samo.kicsk-ass.net as the hostname.
The WAN IP is provided by DHCP, so that silly domain name is provided by
dyndns.org. If I login to the router locally using the same username and
password and SSH to it using 127.0.0.1 address it also logs in with the same
username and password. So it seems the OpenSSH configuration works.

The computer I use at work is running Windows XP. I tried to login with
Putty and after no success also with OpenSSH for Windows. Here's the output
of the ssh -vv command:

          *ssh -vv sa...@sa...
*

* OpenSSH_3.8.1p1, OpenSSL 0.9.7d 17 Mar 2004
debug2: ssh_connect: needpriv 0
debug1: Connecting to samo.kicks-ass.net [93.103.158.71] port 22.
debug1: Connection established.
debug1: identity file /home/in1284/.ssh/identity type -1
debug1: identity file /home/in1284/.ssh/id_rsa type -1
debug1: identity file /home/in1284/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version dropbear_0.52
debug1: no match: dropbear_0.52
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.8.1p1
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-**
sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-**
cbc,cast128-cbc,arcfour,
aes192-cbc,aes256-cbc,rij...@ly...,aes128-**
ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-**
cbc,cast128-cbc,arcfour,
aes192-cbc,aes256-cbc,rij...@ly...,aes128-**
ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-**
ripemd160,hmac-ripemd160@open
ssh.com,hmac-sha1-96,hmac-md5-**96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-**
ripemd160,hmac-ripemd160@open
ssh.com* *,hmac-sha1-96,hmac-md5-**96
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,3des-ctr,aes256-**
ctr,aes128-cbc,3des-cbc,ae
s256-cbc,twofish256-cbc,**twofish-cbc,twofish128-cbc,**blowfish-cbc
debug2: kex_parse_kexinit: aes128-ctr,3des-ctr,aes256-**
ctr,aes128-cbc,3des-cbc,ae
s256-cbc,twofish256-cbc,**twofish-cbc,twofish128-cbc,**blowfish-cbc
debug2: kex_parse_kexinit: hmac-sha1-96,hmac-sha1,hmac-**md5
debug2: kex_parse_kexinit: hmac-sha1-96,hmac-sha1,hmac-**md5
debug2: kex_parse_kexinit: zlib,zl...@op...,none
debug2: kex_parse_kexinit: zlib,zl...@op...,none
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_init: found hmac-md5
debug1: kex: server->client aes128-cbc hmac-md5 none
debug2: mac_init: found hmac-md5
debug1: kex: client->server aes128-cbc hmac-md5 none
debug2: dh_gen_key: priv key bits set: 125/256
debug2: bits set: 520/1024
debug1: sending SSH2_MSG_KEXDH_INIT
debug1: expecting SSH2_MSG_KEXDH_REPLY
debug1: Host 'samo.kicks-ass.net' is known and matches the RSA host key.
debug1: Found key in /home/in1284/.ssh/known_hosts:**1
debug2: bits set: 515/1024
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /home/in1284/.ssh/identity (0x0)
debug2: key: /home/in1284/.ssh/id_rsa (0x0)
debug2: key: /home/in1284/.ssh/id_dsa (0x0)
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Trying private key: /home/in1284/.ssh/identity
debug1: Trying private key: /home/in1284/.ssh/id_rsa
debug1: Trying private key: /home/in1284/.ssh/id_dsa
debug2: we did not send a packet, disable method
debug1: Next authentication method: password
sa...@sa...'s password:
debug2: we sent a password packet, wait for reply
debug1: Authentications that can continue: publickey,password
Permission denied, please try again.
sa...@sa...'s password:
debug2: we sent a password packet, wait for reply
debug1: Authentications that can continue: publickey,password
Permission denied, please try again.
sa...@sa...'s password:
debug2: we sent a password packet, wait for reply
debug1: Authentications that can continue: publickey,password
debug2: we did not send a packet, disable method
debug1: No more authentication methods to try.
Permission denied (publickey,password).*

If I get it right, my opensshd is configured to accepts two types of
authentication - either public key or password. First it is looking for
private keys and can't find any (that's OK, because I don't want to use them
for now), so it asks for the other type of authentication - the password,
which I tried even typing in notepad and than pasting it to make sure there
aro no typos or wrong characters because of different keymap I use at work,
but the password is still rejected.

The problem can't be the firewall configuration beacause if the port 22
wasn't open, it wouldn't even connect to ask me for the password. If there
was wrong hostname, then it woukld also be impossible to connect and ask fo
the password. If the username was wrong, I couldn't connect with the same
username from my home LAN. Tha password consists of alfanumerical characters
and special characters, but that can't be the poroblem either, because it
works fine from my LAN.

It's not only my work computer that can't connect I also tried two different
computers on two different locations at my friends' home, both running
Windows XP and Putty. So there can't be anything wrong with router setup at
my work.

So it seems it works as it should from LAN, but it doesn't outside the LAN.
I was thinking that there might be separate settings to access the LAN NIC
and the WAN NIC. But reading the OpenSSHH manual I can't find any NIC
related settings.

Are there any other security settings, specific to Devil-linux, that deny my
login credentials? Or am I missing something else?

Regards,

Samo

[Devil-Linux-discuss] Can't connect with SSH from outside LAN: Permission denied (publickey, passwo

[Devil-Linux-discuss] Can't connect with SSH from outside LAN: Permission denied (publickey, password).