Hello Friends
How are you?

I need open my ssh connection for remote support.
It is installed and open in SuSE firewall. Inside my network I can access normally but by public/static IP not
I have other server that works ok by public connection ssh

Putty Give me:
login as: root
Using keyboard-interactive authentication
Password:
Access Denied

I did read about sshd_config

port 22 was commented

PermitRoot no was comment

I make backup (sshd_config)
Change the parameters

Port 22
#AddressFamily any
ListenAddress 10.1.1.22
#ListenAddress ::

# Authentication:

#LoginGraceTime 2m
PermitRootLogin yes
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10

Save
sudo systemctl restart sshd.service
sudo system restart SuSEfirewall2

NOT work

And, after new parameters it does not let me do login. Putty stay black.

Please, Someone knows to fix or what to do?
Thanks your help and attention

Douglas

This needs more information.

“Access denied” is normally an authentication problem. You have already got past the firewall and connected to the service at that point.

There should be some logs.

If trying to login from another linux system, I would try “ssh -v” or even “ssh -v -v -v” to get more information. Presumably, this is putty from Windows. I’m not sure how you request the equivalent of “-v”. But I think there’s an option there for logging information about the connection. You need more detailed info about what is going wrong.

I frequently ssh into other LAN hosts here, including as root. I happen to use publickey authentication. I rarely have problems.

On 04/20/2018 11:06 AM, doguibnu wrote:
>
> I need open my ssh connection for remote support.
> It is installed and open in SuSE firewall. Inside my network I can
> access normally but by public/static IP not

Show us the command that works. Are you using ‘root’? Which IP address
are you using on the client and server sides of the connection?

When it does not work, what do you mean by “public connection” or “public
IP”? A 10.x.x.x address is, by definition, not routable on the Internet,
so if you try to access a work box at 10.x.x.x from your home, without
some kind of VPN, it will never get there.

> I have other server that works ok by public connection ssh

What do you mean, exactly? What is the source and destination IP? Which
user are you using for the connection? Password or using keys or other?

> Putty Give me:
> login as: root
> Using keyboard-interactive authentication
> Password:
> Access Denied

This looks like you have either the wrong password, or else the system is
blocking ‘root’ by default. Try a non-root user instead.

> I did read about sshd_config
>
> # port 22 was commented
> # PermitRoot no was comment
>
> I make backup (sshd_config)
> Change the parameters
>
>
> Code:
> --------------------
>
> Port 22
> #AddressFamily any
> ListenAddress 10.1.1.22
> #ListenAddress ::
>
> # Authentication:
>
> #LoginGraceTime 2m
> PermitRootLogin yes
> #StrictModes yes
> #MaxAuthTries 6
> #MaxSessions 10
>
>
> --------------------
>
>
> Save
> sudo systemctl restart sshd.service
> sudo system restart SuSEfirewall2
>
> NOT work

How did it not work? What did you try, and what was shown as output?

–
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below.

If you want to send me a private message, please let me know in the
forum as I do not use the web interface often.

Because standard way to use PuTTy requires to you enter all connection information before you attempt to make the connection, I wouldn’t know for sure that the problem is password related (although it might very well be).

Try connecting without providing a password in the connection settings,
You should then be prompted for entering a password if your client machine is able to successfully make the initial connection.
Then you’ll be sure that if you get your error only after submitting the password, then the problem is related to the password.

If you are unable to even get to a password prompt, then the problem is likely a firewall blocking (For that specific error “Access Denied”).

Make sure both your Server and Client machines are fully updated, particularly with the currently available security packages.

TSU

Perhaps an obvious thing to look for, but the obvious things are easiest
to miss…

From outside your network, you may need to set port forwarding in your
router - is the port forwarding set to forward to the correct system?

Jim

–
Jim Henderson
openSUSE Forums Administrator
Forum Use Terms & Conditions at http://tinyurl.com/openSUSE-T-C

Hello All

I have other Opensuse 42.2 with enable ssh, and its works fine
How do I made the config?

We have an Static IP (200…)
We have a PFsense with a NAT to Opensuse 42.2 ssh:
Pfsense Nat: 200… port 22 To internal IP Opensuse 42.2 ssh: (10.1…) ok?

Opensuse 42.2 config:
Enable SSH on SuSE firewall
Enable ssh port 22

If someone needs give me remote support (came from Internet) by ssh with Putty, access the server this mode:
In putty:
insert our Static IP (200…) Here the connection go to PFsense Nat (10.1… openseuse ssh)
Insert ssh port on putty
Click Open
Putty open window:
login as:
The person insert user: root for example
Putty ask for passwd
and works fine

At the new Opensuse 42.3 I am doing the same configuration, of course with other ssh port. This Opensuse is in Oracle VM. I am working to test it to be a new server. But, before I and other Company software wants made some internal tests to see that all is right and works good

I do not know where the error
I check ports
I check pfsense
I check sshd_config

I Will verify the other texts on thread

Thanks a lot attention and help

Douglas

Before you get too busy testing pfsense and external connections, can you
get to the new VM from its host? From another VM on that host? From
another box on the internal network (NOT going through pfsense)? If any
of that works, then the problem you are having is probably with the
pfsense side of things.

If something above does not work, you may need to configure the host, or
VirtualBox sofwtare/networking, or even the new openSUSE VM.

You may also want to watch your /var/log/firewall file as you try things
to see if the firewall reports blocking stuff; if not, again likely not
the VM’s firewall but something before it.

On 04/20/2018 01:36 PM, doguibnu wrote:
>
> Hello All
>
> I have other Opensuse 42.2 with enable ssh, and its works fine
> How do I made the config?
>
> We have an Static IP (200…)
> We have a PFsense with a NAT to Opensuse 42.2 ssh:
> Pfsense Nat: 200… port 22 To internal IP Opensuse 42.2 ssh:
> (10.1…) ok?
>
> Opensuse 42.2 config:
> Enable SSH on SuSE firewall
> Enable ssh port 22
>
> If someone needs give me remote support (came from Internet) by ssh with
> Putty, access the server this mode:
> In putty:
> insert our Static IP (200…) Here the connection go to PFsense Nat
> (10.1… openseuse ssh)
> Insert ssh port on putty
> Click Open
> Putty open window:
> login as:
> The person insert user: root for example
> Putty ask for passwd
> and works fine
>
> At the new Opensuse 42.3 I am doing the same configuration, of course
> with other ssh port. This Opensuse is in Oracle VM. I am working to test
> it to be a new server. But, before I and other Company software wants
> made some internal tests to see that all is right and works good
>
> I do not know where the error
> I check ports
> I check pfsense
> I check sshd_config
>
> I Will verify the other texts on thread
>
> Thanks a lot attention and help
>
> Douglas
>
>
> nrickert;2863291 Wrote:
>> This needs more information.
>>
>> “Access denied” is normally an authentication problem. You have already
>> got past the firewall and connected to the service at that point.
>>
>> There should be some logs.
>>
>> If trying to login from another linux system, I would try “ssh -v” or
>> even “ssh -v -v -v” to get more information. Presumably, this is putty
>> from Windows. I’m not sure how you request the equivalent of “-v”. But
>> I think there’s an option there for logging information about the
>> connection. You need more detailed info about what is going wrong.
>>
>> I frequently ssh into other LAN hosts here, including as root. I happen
>> to use publickey authentication. I rarely have problems.
>
>

–
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below.

If you want to send me a private message, please let me know in the
forum as I do not use the web interface often.

Hello Jim!
How are you?

Owwwwwww yeahhhh, I did not check this, really.
Next monday I will verify.

Thanks your help and attention.

Great

Douglas

–
Jim Henderson
openSUSE Forums Administrator
Forum Use Terms & Conditions at http://tinyurl.com/openSUSE-T-C

As others have noted,
You can and probably should test your SSH entirely within your LAN before you test going across your firewall…

For now,
As long as you’re crossing your firewall, you should probably double check your port forwarding… Your description wasn’t clear to me whether you a different IP address with the default SSH port (22) is being forwarded to your 42.3, or if the same public address but with a different port is being forwarded to your 42.3. Either way can work, but you need to verify the rule is correct and working.

So, test entirely within your LAN first. If you’re not on site, since you are able to successfully SSH into your 42.2, go ahead and connect to your 42.2 and from that machine try to SSH into your 42.3.

When you have that working, then you can turn your attention to your firewall and its firewall rules.

TSU

Hello!
I will to try more clear possible with my config:

Opensue 42.3:
My Opensuse 42.3 is on VM with Bridge Mode Network
There is an internal IP configured (my network is not DHCP)
SSH enable port 22
Suse firewall enable ssh

PFsense config
It has Static IP (public IP)
I did NAT in Pfsense to Opensuse 42.3 VM to port 22:
Static IP: 200… port 22 ----> Internal IP Opensuse 42.3 VM (10…) port 22

Right?

On Atual Opensuse 42.2 that does not inside on VM, I have the same config above and works fine!

Searching about solution I believe the wall/problem is the VM. Seems that VM blocked this service/connection. I did read there is a mode to do it configuring a new network inside VM, choosing NAT connection and config port forward. Without this config (nat forward) inside my network I can do ssh connection. But, I need that VM accept connection came from world.
The PFsense is ok, because I test many times, and it let do connection with Opensuse 42.2 that does not inside a VM, It is a pure server.

I can do ssh connection from Opensuse 42.2 to Opensuse 42.3 VM only inside my network.

I think is better get one computer and start the server test again from zero and call company to do test softwares.

I hope that I did understand me, sorry confusion!

Thanks all help and attention

Douglas

Have you thought about going to VirtualBox’s site/forums for help? Surely they will be able to help you even more than we could (since it’s their software you’re having a problem with).

Hello Friends!
How are you?

I would like to say the problem is solved.
It was not the problem with SSH or Opensuse. The problem was in Pfsense. It does not let do new rules because table firewall was full. The default is 200000 and change to 400000.
Who wants know:
On Pfsense:
Menu System - Advanced - Firewall / NAT - Firewall Maximum Table Entries
Then changeg to 400000.
Solved ssh connection

Thanks for all attention and help

Douglas

I’m glad you were able to solve the problem. And thanks for that explanation.

Excellent news.