0

I am trying to set up an personal SSH server behind a router and be able to connect to it with my laptop. I have tried several guides but nothing has worked so far. I have

  • enabled port forwarding on my router, directing all traffic on the port XXXX to my server's port 22.
  • started the sshd daemon on my server (default listening on port 22), and verified port 22 on my server was open.
  • used ssh-keygen on my laptop to generate a key pair, then transferred it via usb to the server as my_key.pub. I left the password field blank during the keygen creation.
  • On the server, I mkdir ~/.ssh and cat my_key.pub >> ~/.ssh/authorized_keys. On the laptop I mkdir ~/.ssh and move my private key my_key in there.

My public IP is YYY.YYY.YYY.YYY. My local IP for the server is 192.168.1.73.

When I try ssh root@YYY.YYY.YYY.YYY -p XXXX -v I get that the connection is refused, with no other debug messages. The same thing happens without the port specification.

When I try ssh root@YYY.YYY.YYY.YYY -v I get that I am greeted with a password field, which no password works for:

debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to 192.168.1.73 [192.168.1.73] port 22.
debug1: Connection established.
debug1: key_load_public: No such file or directory
debug1: identity file /home/xps/.ssh/id_rsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/xps/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/xps/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/xps/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/xps/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/xps/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/xps/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/xps/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.2
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.3p1 Debian-1
debug1: match: OpenSSH_7.3p1 Debian-1 pat OpenSSH* compat 0x04000000
debug1: Authenticating to 192.168.1.73:22 as 'root'                                                                                                                                                                                          
debug1: SSH2_MSG_KEXINIT sent                                                                                                                                                                                                                
debug1: SSH2_MSG_KEXINIT received                                                                                                                                                                                                            
debug1: kex: algorithm: curve25519-sha256@libssh.org                                                                                                                                                                                         
debug1: kex: host key algorithm: ecdsa-sha2-nistp256                                                                                                                                                                                         
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none                                                                                                                                          
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none                                                                                                                                          
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY                                                                                                                                                                                                    
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:0wIYI/LCJOSgjJMN9uiinKC5GVwNyH7cVf1CeqnAQEs                                                                                                                                              
debug1: Host '192.168.1.73' is known and matches the ECDSA host key.                                                                                                                                                                         
debug1: Found key in /home/xps/.ssh/known_hosts:1                                                                                                                                                                                            
debug1: rekey after 134217728 blocks                                                                                                                                                                                                         
debug1: SSH2_MSG_NEWKEYS sent                                                                                                                                                                                                                
debug1: expecting SSH2_MSG_NEWKEYS                                                                                                                                                                                                           
debug1: rekey after 134217728 blocks                                                                                                                                                                                                         
debug1: SSH2_MSG_NEWKEYS received                                                                                                                                                                                                            
debug1: SSH2_MSG_EXT_INFO received                                                                                                                                                                                                           
debug1: kex_input_ext_info: server-sig-algs=<rsa-sha2-256,rsa-sha2-512>                                                                                                                                                                      
debug1: SSH2_MSG_SERVICE_ACCEPT received                                                                                                                                                                                                     
debug1: Authentications that can continue: publickey,password                                                                                                                                                                                
debug1: Next authentication method: publickey                                                                                                                                                                                                
debug1: Trying private key: /home/xps/.ssh/id_rsa                                                                                                                                                                                            
debug1: Trying private key: /home/xps/.ssh/id_dsa                                                                                                                                                                                            
debug1: Trying private key: /home/xps/.ssh/id_ecdsa
debug1: Trying private key: /home/xps/.ssh/id_ed25519
debug1: Next authentication method: password
root@192.168.1.73's password: 
debug1: Authentications that can continue: publickey,password
Permission denied, please try again.
root@192.168.1.73's password: 
debug1: Authentications that can continue: publickey,password
Permission denied, please try again.
root@192.168.1.73's password: 
debug1: Authentications that can continue: publickey,password
debug1: No more authentication methods to try.
Permission denied (publickey,password).

Specifying the port in this option gives me another connection refused. I am confused by what is going wrong here!

Thank you.

EDIT Here is the debug info for the rest of the scenarios:

OpenSSH_7.3p1, OpenSSL 1.0.2h  3 May 2016
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to YYY.YYY.YYY.YYY [YYY.YYY.YYY.YYY] port XXXX.
debug1: connect to address YYY.YYY.YYY.YYY port XXXX: Connection refused
ssh: connect to host YYY.YYY.YYY.YYY port XXXX: Connection refused
ardunn
  • 61
  • 1
    Connecting to 192.168.1.73 - that's not your public IP address; it's likely your internal IP address. Do you have a .ssh/config entry remapping things? – Stephen Harris Sep 06 '16 at 00:10
  • 1
    On the server side, by ~/.ssh ..., do you mean /root/.ssh since you are trying to login as root? And is PermitRootLogin set to yes in sshd_config on the server side? – Paul Nordin Sep 06 '16 at 00:11
  • yeah, 192.168.1.73 is my local IP. I tried that after trying my public IP, YYY.YYY.YYY.YYY.

    Yes, Paul I mean those to be the same. PermitRootLogin is set to prohibit-password, should I change that? I mean I dont want this server to be accessible via crackable password, so how could I circumvent that?

     – ardunn Sep 06 '16 at 01:03
  • Presenting debug output that doesn't match the real scenario doesn't help... – Stephen Harris Sep 06 '16 at 01:17
  • @user3919624 No, that is fine. You should also set PasswordAuthentication to no if you want to prohibit all SSH access via password. – Paul Nordin Sep 06 '16 at 01:32

2 Answers2

1

In my experience, it's easier than you think, at least for me using Ubuntu as a client. But you need to do things in the right sequence. Before trying to transfer the key, you should try to make sure you can connect with the login name and password, which is your login creditials, not necessarily root.

Then, once you can connect, you can then transfer the key:

generate key (RSA or DSA) 

ssh-keygen -t rsa      --  or dsa

transfer the key to remote host: 

ssh-copy-id username@host   (your username and the host name or IP)

if not standard port 22: Note quotes around argument 

ssh-copy-id "username@host -p PortNumber"  (substitute number forPortNumber)

I find it easiest to set up a ddns account to handle the external ip address. Makes things a lot easier.

If you're using Ubuntu or something similar, you can find good information here. If not, and if it doesn't work, sorry but I tried.

Stephen Harris
  • 44,540
Marty Fried
  • 623
0

A few things pop out at me to try:

1) On your client, the default Private Key that it will use when negotiating a connection is ~/.ssh/id_rsa In order to specify a different key, you can specify like this: ssh -i ~/.ssh/my_key root@yyy.yyy.yyy.yyy -p xxxx

The -i specifies the Key to use

2) On the server, you need to verify that the permissions on authorized_keys and the .ssh folder are accurate. 

chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys

3) There is an option in /etc/ssh/sshd_config to prohibit root login -- make sure that is turned OFF:

#PermitRootLogin yes

You want to see that # hash symbol, meaning the command to Prohibit is commented OUT (so root CAN log in)

4) If the client & server are on the same LAN, (simplistically, if they are both connected to the same switch); then you should be using the PRIVATE IP (192.168.x.x) and port 22. If your client is somewhere else in the world (McDonald's WiFi, etc) then you will point your client at the PUBLIC IP and the port xxxx. In other words -- if they are both on the same LAN, then the router doesn't come into play at all!

5) If you're still stuck, check the SSH log on the server. This article is a great guide. In summary though:

  • If your server is Ubuntu or a variant, check /var/log/auth.log
  • If your server is CentOS or a variant, check /var/log/secure

Good Luck, and keep us posted!

Community
  • 1
Jon Wadsworth
  • 181