Issue
My friend and I are trying to get ssh access on his server working from external networks. He is running Debian 7.1. He can access the server from the internal network but every time I try to access his server (of course from an external network), I get the following error.
debug1: Authentications that can continue: publickey,password
debug3: start over, passed a different list publickey,password
debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /Users/MyUser/.ssh/id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,password
debug1: Trying private key: /Users/MyUser/.ssh/id_dsa
debug3: no such identity: /Users/MyUser/.ssh/id_dsa
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred: ,password
debug3: authmethod_is_enabled password
debug1: Next authentication method: password
[email protected]'s password:
debug3: packet_send2: adding 64 (len 56 padlen 8 extra_pad 64)
debug2: we sent a password packet, wait for reply
debug1: Authentications that can continue: publickey,password
Permission denied, please try again.
Permission of ~/.ssh/ is 700 and ~/.ssh/* is 600. He has
RSAAuthentication yes
PubkeyAuthentication yes
ChallengeResponseAuthentication yes
PasswordAuthentication no
UsePAM yes
included in his sshd_config.
Port checker says that Port 22/tcp is open. Strangest thing is that we can't find any history of access in the log. sudo grep ssh /var/log/* only shows his activity.
Thus, I suspect it's the router's config that's causing the problem, but shouldn't we be able to ssh if the port is open?
Solution
The reason why we couldn't ssh from external networks was because my friend had a "nested LAN".
It turns out that his apartment had its own LAN, so even after he port-forwarded tcp/22 to his server's private IP address (within his home's LAN), external access got stuck at the apartment's LAN.
He could have paid around $30 per port to open ports with numbers larger than 1000, if I remember correctly, but he figured it wasn't worth it, so we basically gave up.
Answered By - NigoroJr