Page 1 of 2 12 LastLast
Results 1 to 10 of 14

Thread: ssh access denied and Using keyboard-interactive authentication not work public IP by putty

  1. #1
    Join Date
    Oct 2014
    Location
    Brazil
    Posts
    88

    Default ssh access denied and Using keyboard-interactive authentication not work public IP by putty

    Hello Friends
    How are you?

    I need open my ssh connection for remote support.
    It is installed and open in SuSE firewall. Inside my network I can access normally but by public/static IP not
    I have other server that works ok by public connection ssh

    Putty Give me:
    login as: root
    Using keyboard-interactive authentication
    Password:
    Access Denied

    I did read about sshd_config

    # port 22 was commented
    # PermitRoot no was comment

    I make backup (sshd_config)
    Change the parameters

    Code:
    Port 22
    #AddressFamily any
    ListenAddress 10.1.1.22
    #ListenAddress ::
    
    # Authentication:
    
    #LoginGraceTime 2m
    PermitRootLogin yes
    #StrictModes yes
    #MaxAuthTries 6
    #MaxSessions 10
    Save
    sudo systemctl restart sshd.service
    sudo system restart SuSEfirewall2

    NOT work

    And, after new parameters it does not let me do login. Putty stay black.

    Please, Someone knows to fix or what to do?
    Thanks your help and attention

    Douglas

  2. #2
    Join Date
    Aug 2010
    Location
    Chicago suburbs
    Posts
    15,681
    Blog Entries
    3

    Default Re: ssh access denied and Using keyboard-interactive authentication not work public IP by putty

    This needs more information.

    "Access denied" is normally an authentication problem. You have already got past the firewall and connected to the service at that point.

    There should be some logs.

    If trying to login from another linux system, I would try "ssh -v" or even "ssh -v -v -v" to get more information. Presumably, this is putty from Windows. I'm not sure how you request the equivalent of "-v". But I think there's an option there for logging information about the connection. You need more detailed info about what is going wrong.

    I frequently ssh into other LAN hosts here, including as root. I happen to use publickey authentication. I rarely have problems.
    openSUSE Leap 15.3; KDE Plasma 5.18.6;

  3. #3

    Default Re: ssh access denied and Using keyboard-interactive authenticationnot work public IP by putty

    On 04/20/2018 11:06 AM, doguibnu wrote:
    >
    > I need open my ssh connection for remote support.
    > It is installed and open in SuSE firewall. Inside my network I can
    > access normally but by public/static IP not


    Show us the command that works. Are you using 'root'? Which IP address
    are you using on the client and server sides of the connection?

    When it does not work, what do you mean by "public connection" or "public
    IP"? A 10.x.x.x address is, by definition, not routable on the Internet,
    so if you try to access a work box at 10.x.x.x from your home, without
    some kind of VPN, it will never get there.

    > I have other server that works ok by public connection ssh


    What do you mean, exactly? What is the source and destination IP? Which
    user are you using for the connection? Password or using keys or other?

    > Putty Give me:
    > login as: root
    > Using keyboard-interactive authentication
    > Password:
    > Access Denied


    This looks like you have either the wrong password, or else the system is
    blocking 'root' by default. Try a non-root user instead.

    > I did read about sshd_config
    >
    > # port 22 was commented
    > # PermitRoot no was comment
    >
    > I make backup (sshd_config)
    > Change the parameters
    >
    >
    > Code:
    > --------------------
    >
    > Port 22
    > #AddressFamily any
    > ListenAddress 10.1.1.22
    > #ListenAddress ::
    >
    > # Authentication:
    >
    > #LoginGraceTime 2m
    > PermitRootLogin yes
    > #StrictModes yes
    > #MaxAuthTries 6
    > #MaxSessions 10
    >
    >
    > --------------------
    >
    >
    > Save
    > sudo systemctl restart sshd.service
    > sudo system restart SuSEfirewall2
    >
    > NOT work


    How did it not work? What did you try, and what was shown as output?


    --
    Good luck.

    If you find this post helpful and are logged into the web interface,
    show your appreciation and click on the star below.

    If you want to send me a private message, please let me know in the
    forum as I do not use the web interface often.

  4. #4
    Join Date
    Jun 2008
    Location
    San Diego, Ca, USA
    Posts
    13,295
    Blog Entries
    2

    Default Re: ssh access denied and Using keyboard-interactive authentication not work public IP by putty

    Because standard way to use PuTTy requires to you enter all connection information before you attempt to make the connection, I wouldn't know for sure that the problem is password related (although it might very well be).

    Try connecting without providing a password in the connection settings,
    You should then be prompted for entering a password if your client machine is able to successfully make the initial connection.
    Then you'll be sure that if you get your error only after submitting the password, then the problem is related to the password.

    If you are unable to even get to a password prompt, then the problem is likely a firewall blocking (For that specific error "Access Denied").

    Make sure both your Server and Client machines are fully updated, particularly with the currently available security packages.

    TSU
    Beginner Wiki Quickstart - https://en.opensuse.org/User:Tsu2/Quickstart_Wiki
    Solved a problem recently? Create a wiki page for future personal reference!
    Learn something new?
    Attended a computing event?
    Post and Share!

  5. #5
    Join Date
    Jul 2008
    Location
    Seattle, WA
    Posts
    17,317

    Default Re: ssh access denied and Using keyboard-interactive authenticationnot work public IP by putty

    Perhaps an obvious thing to look for, but the obvious things are easiest
    to miss...

    From outside your network, you may need to set port forwarding in your
    router - is the port forwarding set to forward to the correct system?

    Jim



    --
    Jim Henderson
    openSUSE Forums Administrator
    Forum Use Terms & Conditions at http://tinyurl.com/openSUSE-T-C

  6. #6
    Join Date
    Oct 2014
    Location
    Brazil
    Posts
    88

    Default Re: ssh access denied and Using keyboard-interactive authentication not work public IP by putty

    Hello All

    I have other Opensuse 42.2 with enable ssh, and its works fine
    How do I made the config?

    We have an Static IP (200....)
    We have a PFsense with a NAT to Opensuse 42.2 ssh:
    Pfsense Nat: 200.... port 22 To internal IP Opensuse 42.2 ssh: (10.1....) ok?

    Opensuse 42.2 config:
    Enable SSH on SuSE firewall
    Enable ssh port 22

    If someone needs give me remote support (came from Internet) by ssh with Putty, access the server this mode:
    In putty:
    insert our Static IP (200.....) Here the connection go to PFsense Nat (10.1.... openseuse ssh)
    Insert ssh port on putty
    Click Open
    Putty open window:
    login as:
    The person insert user: root for example
    Putty ask for passwd
    and works fine

    At the new Opensuse 42.3 I am doing the same configuration, of course with other ssh port. This Opensuse is in Oracle VM. I am working to test it to be a new server. But, before I and other Company software wants made some internal tests to see that all is right and works good

    I do not know where the error
    I check ports
    I check pfsense
    I check sshd_config

    I Will verify the other texts on thread

    Thanks a lot attention and help

    Douglas


    Quote Originally Posted by nrickert View Post
    This needs more information.

    "Access denied" is normally an authentication problem. You have already got past the firewall and connected to the service at that point.

    There should be some logs.

    If trying to login from another linux system, I would try "ssh -v" or even "ssh -v -v -v" to get more information. Presumably, this is putty from Windows. I'm not sure how you request the equivalent of "-v". But I think there's an option there for logging information about the connection. You need more detailed info about what is going wrong.

    I frequently ssh into other LAN hosts here, including as root. I happen to use publickey authentication. I rarely have problems.

  7. #7

    Default Re: ssh access denied and Using keyboard-interactive authenticationnot work public IP by putty

    Before you get too busy testing pfsense and external connections, can you
    get to the new VM from its host? From another VM on that host? From
    another box on the internal network (NOT going through pfsense)? If any
    of that works, then the problem you are having is probably with the
    pfsense side of things.

    If something above does not work, you may need to configure the host, or
    VirtualBox sofwtare/networking, or even the new openSUSE VM.

    You may also want to watch your /var/log/firewall file as you try things
    to see if the firewall reports blocking stuff; if not, again likely not
    the VM's firewall but something before it.

    On 04/20/2018 01:36 PM, doguibnu wrote:
    >
    > Hello All
    >
    > I have other Opensuse 42.2 with enable ssh, and its works fine
    > How do I made the config?
    >
    > We have an Static IP (200....)
    > We have a PFsense with a NAT to Opensuse 42.2 ssh:
    > Pfsense Nat: 200.... port 22 To internal IP Opensuse 42.2 ssh:
    > (10.1....) ok?
    >
    > Opensuse 42.2 config:
    > Enable SSH on SuSE firewall
    > Enable ssh port 22
    >
    > If someone needs give me remote support (came from Internet) by ssh with
    > Putty, access the server this mode:
    > In putty:
    > insert our Static IP (200.....) Here the connection go to PFsense Nat
    > (10.1.... openseuse ssh)
    > Insert ssh port on putty
    > Click Open
    > Putty open window:
    > login as:
    > The person insert user: root for example
    > Putty ask for passwd
    > and works fine
    >
    > At the new Opensuse 42.3 I am doing the same configuration, of course
    > with other ssh port. This Opensuse is in Oracle VM. I am working to test
    > it to be a new server. But, before I and other Company software wants
    > made some internal tests to see that all is right and works good
    >
    > I do not know where the error
    > I check ports
    > I check pfsense
    > I check sshd_config
    >
    > I Will verify the other texts on thread
    >
    > Thanks a lot attention and help
    >
    > Douglas
    >
    >
    > nrickert;2863291 Wrote:
    >> This needs more information.
    >>
    >> "Access denied" is normally an authentication problem. You have already
    >> got past the firewall and connected to the service at that point.
    >>
    >> There should be some logs.
    >>
    >> If trying to login from another linux system, I would try "ssh -v" or
    >> even "ssh -v -v -v" to get more information. Presumably, this is putty
    >> from Windows. I'm not sure how you request the equivalent of "-v". But
    >> I think there's an option there for logging information about the
    >> connection. You need more detailed info about what is going wrong.
    >>
    >> I frequently ssh into other LAN hosts here, including as root. I happen
    >> to use publickey authentication. I rarely have problems.

    >
    >


    --
    Good luck.

    If you find this post helpful and are logged into the web interface,
    show your appreciation and click on the star below.

    If you want to send me a private message, please let me know in the
    forum as I do not use the web interface often.

  8. #8
    Join Date
    Oct 2014
    Location
    Brazil
    Posts
    88

    Default Re: ssh access denied and Using keyboard-interactive authenticationnot work public IP by putty

    Quote Originally Posted by hendersj View Post
    Perhaps an obvious thing to look for, but the obvious things are easiest
    to miss...

    From outside your network, you may need to set port forwarding in your
    router - is the port forwarding set to forward to the correct system?

    Jim
    Hello Jim!
    How are you?

    Owwwwwww yeahhhh, I did not check this, really.
    Next monday I will verify.

    Thanks your help and attention.

    Great

    Douglas


    --
    Jim Henderson
    openSUSE Forums Administrator
    Forum Use Terms & Conditions at http://tinyurl.com/openSUSE-T-C
    Last edited by hcvv; 21-Apr-2018 at 09:42. Reason: repaired QUOTE tags

  9. #9
    Join Date
    Jun 2008
    Location
    San Diego, Ca, USA
    Posts
    13,295
    Blog Entries
    2

    Default Re: ssh access denied and Using keyboard-interactive authentication not work public IP by putty

    As others have noted,
    You can and probably should test your SSH entirely within your LAN before you test going across your firewall...

    For now,
    As long as you're crossing your firewall, you should probably double check your port forwarding... Your description wasn't clear to me whether you a different IP address with the default SSH port (22) is being forwarded to your 42.3, or if the same public address but with a different port is being forwarded to your 42.3. Either way can work, but you need to verify the rule is correct and working.

    So, test entirely within your LAN first. If you're not on site, since you are able to successfully SSH into your 42.2, go ahead and connect to your 42.2 and from that machine try to SSH into your 42.3.

    When you have that working, then you can turn your attention to your firewall and its firewall rules.

    TSU
    Beginner Wiki Quickstart - https://en.opensuse.org/User:Tsu2/Quickstart_Wiki
    Solved a problem recently? Create a wiki page for future personal reference!
    Learn something new?
    Attended a computing event?
    Post and Share!

  10. #10
    Join Date
    Oct 2014
    Location
    Brazil
    Posts
    88

    Unhappy Re: ssh access denied and Using keyboard-interactive authentication not work public IP by putty

    Quote Originally Posted by tsu2 View Post
    As others have noted,
    You can and probably should test your SSH entirely within your LAN before you test going across your firewall...

    For now,
    As long as you're crossing your firewall, you should probably double check your port forwarding... Your description wasn't clear to me whether you a different IP address with the default SSH port (22) is being forwarded to your 42.3, or if the same public address but with a different port is being forwarded to your 42.3. Either way can work, but you need to verify the rule is correct and working.

    So, test entirely within your LAN first. If you're not on site, since you are able to successfully SSH into your 42.2, go ahead and connect to your 42.2 and from that machine try to SSH into your 42.3.

    When you have that working, then you can turn your attention to your firewall and its firewall rules.

    TSU
    Hello!
    I will to try more clear possible with my config:

    Opensue 42.3:
    My Opensuse 42.3 is on VM with Bridge Mode Network
    There is an internal IP configured (my network is not DHCP)
    SSH enable port 22
    Suse firewall enable ssh


    PFsense config
    It has Static IP (public IP)
    I did NAT in Pfsense to Opensuse 42.3 VM to port 22:
    Static IP: 200... port 22 ----> Internal IP Opensuse 42.3 VM (10....) port 22

    Right?

    On Atual Opensuse 42.2 that does not inside on VM, I have the same config above and works fine!

    Searching about solution I believe the wall/problem is the VM. Seems that VM blocked this service/connection. I did read there is a mode to do it configuring a new network inside VM, choosing NAT connection and config port forward. Without this config (nat forward) inside my network I can do ssh connection. But, I need that VM accept connection came from world.
    The PFsense is ok, because I test many times, and it let do connection with Opensuse 42.2 that does not inside a VM, It is a pure server.

    I can do ssh connection from Opensuse 42.2 to Opensuse 42.3 VM only inside my network.

    I think is better get one computer and start the server test again from zero and call company to do test softwares.

    I hope that I did understand me, sorry confusion!

    Thanks all help and attention

    Douglas

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •