Menu
▾
▴
Re: [Devil-Linux-discuss] Can't connect with SSH from outside LAN: Permission denied (publickey, password).
|
From: Dominic R. <dl...@ed...> - 2011-01-06 13:07:45
|
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
On 06/01/2011 11:46, Samo Zgonik wrote:
<blockquote
cite="mid:AAN...@ma..."
type="cite">If I try to login to my home Devil-linux router from
location outside my LAN (over the internet), it won't accept my
password, eventhough the password is correct. After lots of
googling and reading sshd and ssh_config manuals on the OpenSSH
website, I still can't find the answer that would make this work.<br>
<br>
I use Putty to SSH to the router from my home LAN using the same
username and password and it logs me in without any problems, and
it doesn't matter if I enter the routers local NIC IP or <a
moz-do-not-send="true" href="http://samo.kicsk-ass.net">samo.kicsk-ass.net</a>
as the hostname. The WAN IP is provided by DHCP, so that silly
domain name is provided by <a moz-do-not-send="true"
href="http://dyndns.org">dyndns.org</a>. If I login to the
router locally using the same username and password and SSH to it
using 127.0.0.1 address it also logs in with the same username and
password. So it seems the OpenSSH configuration works...</blockquote>
<blockquote type="cite">If I get it right, my opensshd is configured
to accepts two types of authentication - either public key or
password. First it is looking for private keys and can't find any
(that's OK, because I don't want to use them for now), so it asks
for the other type of authentication - the password, which I tried
even typing in notepad and than pasting it to make sure there aro
no typos or wrong characters because of different keymap I use at
work, but the password is still rejected.<br>
<br>
The problem can't be the firewall configuration beacause if the
port 22 wasn't open, it wouldn't even connect to ask me for the
password. If there was wrong hostname, then it woukld also be
impossible to connect and ask fo the password. If the username was
wrong, I couldn't connect with the same username from my home LAN.
Tha password consists of alfanumerical characters and special
characters, but that can't be the poroblem either, because it
works fine from my LAN.<br>
<br>
It's not only my work computer that can't connect I also tried two
different computers on two different locations at my friends'
home, both running Windows XP and Putty. So there can't be
anything wrong with router setup at my work.<br>
<br>
So it seems it works as it should from LAN, but it doesn't outside
the LAN. I was thinking that there might be separate settings to
access the LAN NIC and the WAN NIC. But reading the OpenSSHH
manual I can't find any NIC related settings.<br>
<br>
Are there any other security settings, specific to Devil-linux,
that deny my login credentials? Or am I missing something else?</blockquote>
I don't use DL as router so I am shooting in the dark, but to rule
out the firewall issue, try disabling firewall (temporarily of
course):<br>
<br>
/etc/init.d/firewall stop<br>
<br>
If you can now gain access via internet, check settings in
/etc/init.d/firewall.rules (you must always restart firewall after
making any changes here). If you selected in DL 'setup' the basic
2-network-card firewall then it looks to me as if port 22 is closed
'by design' on internet side, and you could change this by
altering/uncommenting lines 115-116.<br>
<br>
If you still can't gain SSH access via internet, at least you know
it's not the DL firewall that is causing your problem...<br>
<br>
Are you sure that the login you see when trying to connect from
internet side is definitely DL? Maybe some other device is offering
SSH login at the address you are trying? Might be an idea to monitor
SSH connections at DL machine (e.g. with netstat -atc|grep ssh) and
then try SSH login via internet and see if the monitor shows the new
connection appearing (it should appear as soon as login request is
given by DL, before actual login.)<br>
<br>
Dominic<br>
<a class="moz-txt-link-abbreviated" href="http://www.edendevelopments.co.uk/dlsetup">www.edendevelopments.co.uk/dlsetup</a><br>
</body>
</html>
|
