[SOLVED] SSH into my NAS4FREE with Debian 9

[lkraemer]

I've had a NAS4FREE Server that I've been using for years with Debian 8 (32 Bit). I've upgraded to Debian 9 (64 Bit) and now
I can't ssh into my NAS4Free because of some change in ssh (or Openssh) that prevents me from being able to login.
I've got Password Authentication enabled and also DSA Key Authentication enabled for testing. (Everything works fine
from my old Debain 8 (32 Bit Laptop)). But, since changing to Debian 9 (64 Bit) I can ssh into my NAS4FREE Server.

Here is the debug message I am getting, and it hangs at this point, until it times out.

Code: Select all

larry@debian:~$ ssh -vvv lkraemer78@192.168.1.250
OpenSSH_7.4p1 Debian-10+deb9u6, OpenSSL 1.0.2s  28 May 2019
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug2: resolving "192.168.1.250" port 22
debug2: ssh_connect_direct: needpriv 0
debug1: Connecting to 192.168.1.250 [192.168.1.250] port 22.
.....................................................
.....................................................
debug1: connect to address 192.168.1.250 port 22: Connection timed out
ssh: connect to host 192.168.1.250 port 22: Connection timed out

The important lines of /etc/ssh/ssh_config are:

Code: Select all

#   RSAAuthentication yes
    PasswordAuthentication yes
    HostbasedAuthentication yes
#   GSSAPIAuthentication no
#
#   IdentityFile ~/.ssh/id_rsa
    IdentityFile ~/.ssh/id_dsa
#   IdentityFile ~/.ssh/id_ecdsa
#   IdentityFile ~/.ssh/id_ed25519
    Port 22
    Protocol 2,1
#   Cipher 3des
#

Code: Select all

$man ssh

Public key authentication

The file ~/.ssh/authorized_keys lists the public keys that are permitted for logging in.
............
The user should then copy the public key to ~/.ssh/authorized_keys in his/her home directory on the remote machine.

But, my NAS4FREE doesn't have a /home/user directory available.

Code: Select all

nas4free:/# pwd
/
nas4free:/# ls -alt
total 37
dr-xr-xr-x   1 root  wheel        0 Jul 27 06:14 proc
drwxr-xr-x   3 root  wheel      512 Jul 27 05:17 root
drwxr-xr-x  14 root  wheel     2048 Jul 27 04:49 etc
drwxr-xr-x   4 root  wheel      512 Jul 27 04:47 mnt
-rw-------   1 www   www        265 Jul 27 02:19 .websrv_htpasswd
drwxr-xr-x   3 root  wheel     1024 Jul 27 02:12 lib
drwxr-xr-x  18 root  wheel      512 Jul 27 02:12 .
drwxr-xr-x  18 root  wheel      512 Jul 27 02:12 ..
drwxr-xr-x  13 root  wheel      512 Jul 27 02:12 var
lrwxr-xr-x   1 root  wheel        8 Jul 27 02:12 home -> usr/home
drwxr-xr-x   9 root  wheel      512 Jul 27 02:12 usr
dr-xr-xr-x  18 root  wheel      512 Jul 27 02:12 dev
drwxr-xr-x   5 root  wheel      512 Feb  4  2013 cf
drwxrwxr-x   2 root  operator   512 Feb  4  2013 .snap
drwxr-xr-x   2 root  wheel      512 Feb  4  2013 conf.default
drwxr-xr-x   2 root  wheel     2048 Feb  4  2013 sbin
drwxr-xr-x   2 root  wheel     1024 Feb  4  2013 bin
drwxr-xr-x   6 root  wheel      512 Jan 31  2013 boot
drwxr-xr-x   3 root  wheel      512 Jan 31  2013 libexec
lrwxr-xr-x   1 root  wheel        7 Jan 31  2013 conf -> cf/conf
lrwxr-xr-x   1 root  wheel        8 Jan 31  2013 tmp -> /var/tmp
drwxr-xr-x   2 root  wheel      512 Jan 31  2013 ftmp

nas4free:/mnt# pwd
/mnt
nas4free:/mnt# ls -alt
drwxr-xr-x   4 root  wheel   512 Jul 27 04:47 .
drwx--x--x   2 root  wheel   512 Jul 27 02:12 .ssh
drwxr-xr-x  18 root  wheel   512 Jul 27 02:12 ..
drwxrwxrwx  12 root  wheel  1024 Jul 26 13:45 store

nas4free:/mnt# cd .ssh
nas4free:/mnt/.ssh# ls -alt

drwxr-xr-x  4 root           wheel  512 Jul 27 06:17 ..
drwx--x--x  2 root           wheel  512 Jul 27 02:12 .
-rw-------  1 root           wheel  602 Jul 12  2012 authorized_keys2
nas4free:/mnt/.ssh#

The main storage directory is /mnt/store

So, I copied the authorized_keys2 file to authoried_keys, and it did not work to authenticate my
connection. What am I missing? I need a developer or ssh GURU that can describe what changed
so I can get my Laptop functional with Debian 9.

I need a bit of help getting the ssh, scp, and Filezilla working with NAS4FREE from Debian 9.


Thanks.

Larry

[theblueplll]

You don't have any iptables or nftables rules that may be blocking you from traffic going out on port 22 do you?

Obviously it isn't your router or modem doing it since you can connect with the other machine.

Sorry I can't help more and I may have only stated the obvious that you already checked.

[lkraemer]

thebluepill,
OH WOW! How could I have overlooked that line of my IPTABLES. That was the first problem.

Code: Select all

hostname -I

showed my Laptop to be 192.168.1.243 and I needed to add 243 to my IPTABLE.

Second problem was ssh didn't like my laptop's file ~/.ssh/id_dsa to be 644 vs 600. That was an easy fix.

Third problem was the ssh-dss needed to be added to my laptop's /etc/ssh/ssh_config

Code: Select all

#
#https://askubuntu.com/questions/836048/ssh-returns-no-matching-host-key-type-found-their-offer-ssh-dss
#   Host *
    Host 192.168.1.250
#   Hostname 192.168.1.250
    HostkeyAlgorithms +ssh-dss
    PubkeyAcceptedKeyTypes +ssh-dss

Host *

Now Debian 9 is working like my old laptop. THANKS for jogging my memory.

Larry

[theblueplll]

You're welcome.

Sometimes all it takes is for someone else to mention something obvious that you didn't think of or forgot about.