Menu
▾
▴
Re: [Devil-Linux-discuss] Can't connect with SSH from outside LAN: Permission denied (publickey, password).
|
From: Samo Z. <sam...@gm...> - 2011-01-07 08:53:23
|
> > <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> > <html> > <head> > <meta content="text/html; charset=ISO-8859-1" > http-equiv="Content-Type"> > </head> > <body bgcolor="#ffffff" text="#000000"> > On 06/01/2011 11:46, Samo Zgonik wrote: > <blockquote > cite="mid:AAN...@ma..." > type="cite">If I try to login to my home Devil-linux router from > location outside my LAN (over the internet), it won't accept my > password, eventhough the password is correct. After lots of > googling and reading sshd and ssh_config manuals on the OpenSSH > website, I still can't find the answer that would make this work.<br> > <br> > I use Putty to SSH to the router from my home LAN using the same > username and password and it logs me in without any problems, and > it doesn't matter if I enter the routers local NIC IP or <a > moz-do-not-send="true" href=" > http://samo.kicsk-ass.net">samo.kicsk-ass.net</a<http://samo.kicsk-ass.net/> > > > as the hostname. The WAN IP is provided by DHCP, so that silly > domain name is provided by <a moz-do-not-send="true" > href="http://dyndns.org">dyndns.org</a <http://dyndns.org/>>. If I login > to the > router locally using the same username and password and SSH to it > using 127.0.0.1 address it also logs in with the same username and > password. So it seems the OpenSSH configuration works...</blockquote> > <blockquote type="cite">If I get it right, my opensshd is configured > to accepts two types of authentication - either public key or > password. First it is looking for private keys and can't find any > (that's OK, because I don't want to use them for now), so it asks > for the other type of authentication - the password, which I tried > even typing in notepad and than pasting it to make sure there aro > no typos or wrong characters because of different keymap I use at > work, but the password is still rejected.<br> > <br> > The problem can't be the firewall configuration beacause if the > port 22 wasn't open, it wouldn't even connect to ask me for the > password. If there was wrong hostname, then it woukld also be > impossible to connect and ask fo the password. If the username was > wrong, I couldn't connect with the same username from my home LAN. > Tha password consists of alfanumerical characters and special > characters, but that can't be the poroblem either, because it > works fine from my LAN.<br> > <br> > It's not only my work computer that can't connect I also tried two > different computers on two different locations at my friends' > home, both running Windows XP and Putty. So there can't be > anything wrong with router setup at my work.<br> > <br> > So it seems it works as it should from LAN, but it doesn't outside > the LAN. I was thinking that there might be separate settings to > access the LAN NIC and the WAN NIC. But reading the OpenSSHH > manual I can't find any NIC related settings.<br> > <br> > Are there any other security settings, specific to Devil-linux, > that deny my login credentials? Or am I missing something > else?</blockquote> > I don't use DL as router so I am shooting in the dark, but to rule > out the firewall issue, try disabling firewall (temporarily of > course):<br> > <br> > /etc/init.d/firewall stop<br> > <br> > If you can now gain access via internet, check settings in > /etc/init.d/firewall.rules (you must always restart firewall after > making any changes here). If you selected in DL 'setup' the basic > 2-network-card firewall then it looks to me as if port 22 is closed > 'by design' on internet side, and you could change this by > altering/uncommenting lines 115-116.<br> > <br> > If you still can't gain SSH access via internet, at least you know > it's not the DL firewall that is causing your problem...<br> > <br> > Are you sure that the login you see when trying to connect from > internet side is definitely DL? Maybe some other device is offering > SSH login at the address you are trying? Might be an idea to monitor > SSH connections at DL machine (e.g. with netstat -atc|grep ssh) and > then try SSH login via internet and see if the monitor shows the new > connection appearing (it should appear as soon as login request is > given by DL, before actual login.)<br> > <br> > Dominic<br> > <a class="moz-txt-link-abbreviated" href=" > http://www.edendevelopments.co.uk/dlsetup">www.edendevelopments.co.uk/dlsetup</a><br<http://www.edendevelopments.co.uk/dlsetup> > > > </body> > </html> > > Thank you very much for your reply it helped me solve the problem. You couldn't have been more right. As I disabled the firewall, I could login. After enabling the firewall and trying to login again, the openssh client warned me that the server public key has changed and didn't conenct. So in fact the server I was trying to conenct to, while firewall was enabled, was really different than the server I was conencting to when the firewall was disabled. So I checked the firewall configuration and it turned out the port 22 was indeed forwarded to a server in my LAN. I guess I set the forwarding some time ago and forgot about it, silly me. Thank you again for your help. Regards, Samo |
