Ubuntu Server 16.04 - Can't login to SSH user even though password is correct
Solution 1
Turns out my ISP was blocking port 22 all along!
Following Jakuje's tips I looked into the port forwarding. I am now using a virtual server to redirect port 2222
to 22
, so I didn't have to change anything in my configurations, just add a :2222
at the end of my IP.
Thanks for all the help guys!
Solution 2
You are not connecting to your Ubuntu server, but to the router or something else on the network:
debug1: Remote protocol version 2.0, remote software version dropbear_0.52
This line should idenitify your server as openSSH, but it says dropbear (usually routers and embedded systems). Once more, check the port forwarding on your router and make sure that you even have public IP to connect.
Related videos on Youtube
![Alexandre Voloch](https://lh3.googleusercontent.com/-eiz6BPAXTm0/AAAAAAAAAAI/AAAAAAAAAM4/rhcHlTBVcM8/photo.jpg?sz=256)
Alexandre Voloch
Updated on September 18, 2022Comments
-
Alexandre Voloch almost 2 years
Edit: just so mods don't mark this as duplicate, I have seen pretty much all related questions and none of them have helped me.
Let me just state before beginning that I am relatively new to linux and do not know many commands.
I decided to transform my old laptop into a gaming server with SSH and FTP. The problem is that I am rarely at the same location for a lot of time so I need to access said server with the external IP. Which is where I get the problem.
Whenever I try to login through my internal IP (in this case, 10.0.0.5), I get the following:
C:\>ssh [email protected] [email protected]'s password: Welcome to Ubuntu 16.04 LTS (GNU/Linux 4.4.0-24-generic i686) * Documentation: https://help.ubuntu.com/ 0 packages can be updated. 0 updates are security updates. Last login: Sat Jun 11 19:16:52 2016 from 10.0.0.12 minecraft@xps-ubuntusrv:~$
Which obviously means that the SSH is working. However when I try to access the server through external IP, I get this:
C:\>ssh minecraft@yupnotgivingawaymyiplol [email protected]'s password: Permission denied, please try again. [email protected]'s password: Permission denied, please try again. [email protected]'s password: Permission denied (publickey,password).
Keep in mind that all three times I was entering the same passcode as before. This also happens with the default user.
This is my -vvv (keep in mind that I replaced the original IP with 127.0.0.1):
C:\>ssh -vvv [email protected] OpenSSH_7.2p2, OpenSSL 1.0.2g 1 Mar 2016 debug1: Reading configuration data /home/MVoloch/.ssh/config debug3: kex names ok: [diffie-hellman-group1-sha1] debug2: resolving "127.0.0.1" port 22 debug2: ssh_connect_direct: needpriv 0 debug1: Connecting to 127.0.0.1 [127.0.0.1] port 22. debug1: Connection established. debug1: key_load_public: No such file or directory debug1: identity file /home/MVoloch/.ssh/id_rsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/MVoloch/.ssh/id_rsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/MVoloch/.ssh/id_dsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/MVoloch/.ssh/id_dsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/MVoloch/.ssh/id_ecdsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/MVoloch/.ssh/id_ecdsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/MVoloch/.ssh/id_ed25519 type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/MVoloch/.ssh/id_ed25519-cert type -1 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_7.2 debug1: Remote protocol version 2.0, remote software version dropbear_0.52 debug1: no match: dropbear_0.52 debug2: fd 3 setting O_NONBLOCK debug1: Authenticating to 127.0.0.1:22 as 'alex' debug3: hostkeys_foreach: reading file "/home/MVoloch/.ssh/known_hosts" debug3: record_hostkey: found key type RSA in file /home/MVoloch/.ssh/known_hosts:1 debug3: load_hostkeys: loaded 1 keys from 127.0.0.1 debug3: order_hostkeyalgs: prefer hostkeyalgs: ssh-rsa-cert- [email protected],rsa- sha2-512,rsa-sha2-256,ssh-rsa debug3: send packet: type 20 debug1: SSH2_MSG_KEXINIT sent debug3: receive packet: type 20 debug1: SSH2_MSG_KEXINIT received debug2: local client KEXINIT proposal debug2: KEX algorithms: [email protected],ecdh-sha2- nistp256,ecdh- sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group- exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14- sha1,diffie-hellman-group1-sha1,ext-info-c debug2: host key algorithms: [email protected],rsa-sha2-512,rsa-sha2-256,ssh-rsa,[email protected],[email protected],[email protected],ssh-ed25519-cert- [email protected],ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519 debug2: ciphers ctos: [email protected],aes128-ctr,aes192- ctr,aes256-ctr,[email protected],[email protected],aes128-cbc,aes192- cbc,aes256-cbc,3des-cbc debug2: ciphers stoc: [email protected],aes128-ctr,aes192- ctr,aes256-ctr,[email protected],[email protected],aes128-cbc,aes192- cbc,aes256-cbc,3des-cbc debug2: MACs ctos: [email protected],[email protected],hmac- sha2- [email protected],[email protected],hmac-sha1- [email protected],[email protected],[email protected],hmac-sha2-256,hmac- sha2-512,hmac-sha1 debug2: MACs stoc: [email protected],[email protected],hmac- sha2- [email protected],[email protected],hmac-sha1- [email protected],[email protected],[email protected],hmac-sha2-256,hmac- sha2-512,hmac-sha1 debug2: compression ctos: none,[email protected],zlib debug2: compression stoc: none,[email protected],zlib debug2: languages ctos: debug2: languages stoc: debug2: first_kex_follows 0 debug2: reserved 0 debug2: peer server KEXINIT proposal debug2: KEX algorithms: diffie-hellman-group1-sha1 debug2: host key algorithms: ssh-rsa debug2: ciphers ctos: aes128-ctr,3des-ctr,aes256-ctr,aes128-cbc,3des-cbc,aes256- cbc,twofish256-cbc,twofish-cbc,twofish128-cbc,blowfish-cbc debug2: ciphers stoc: aes128-ctr,3des-ctr,aes256-ctr,aes128-cbc,3des-cbc,aes256- cbc,twofish256-cbc,twofish-cbc,twofish128-cbc,blowfish-cbc debug2: MACs ctos: hmac-sha1-96,hmac-sha1,hmac-md5 debug2: MACs stoc: hmac-sha1-96,hmac-sha1,hmac-md5 debug2: compression ctos: none debug2: compression stoc: none debug2: languages ctos: debug2: languages stoc: debug2: first_kex_follows 0 debug2: reserved 0 debug1: kex: algorithm: diffie-hellman-group1-sha1 debug1: kex: host key algorithm: ssh-rsa debug1: kex: server->client cipher: aes128-ctr MAC: hmac-sha1 compression: none debug1: kex: client->server cipher: aes128-ctr MAC: hmac-sha1 compression: none debug1: sending SSH2_MSG_KEXDH_INIT debug2: bits set: 495/1024 debug3: send packet: type 30 debug1: expecting SSH2_MSG_KEXDH_REPLY debug3: receive packet: type 31 debug1: Server host key: ssh-rsa SHA256:zaEfS0zzZ4DyGf0BjXPPkEi+6puzJs73EkbEm3XSSqU debug3: hostkeys_foreach: reading file "/home/MVoloch/.ssh/known_hosts" debug3: record_hostkey: found key type RSA in file /home/MVoloch/.ssh/known_hosts:1 debug3: load_hostkeys: loaded 1 keys from 127.0.0.1 debug1: Host '127.0.0.1' is known and matches the RSA host key. debug1: Found key in /home/MVoloch/.ssh/known_hosts:1 debug2: bits set: 540/1024 debug3: send packet: type 21 debug2: set_newkeys: mode 1 debug1: rekey after 4294967296 blocks debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug3: receive packet: type 21 debug2: set_newkeys: mode 0 debug1: rekey after 4294967296 blocks debug1: SSH2_MSG_NEWKEYS received debug2: key: /home/MVoloch/.ssh/id_rsa (0x0) debug2: key: /home/MVoloch/.ssh/id_dsa (0x0) debug2: key: /home/MVoloch/.ssh/id_ecdsa (0x0) debug2: key: /home/MVoloch/.ssh/id_ed25519 (0x0) debug3: send packet: type 5 debug3: receive packet: type 6 debug2: service_accept: ssh-userauth debug1: SSH2_MSG_SERVICE_ACCEPT received debug3: send packet: type 50 debug3: receive packet: type 51 debug1: Authentications that can continue: publickey,password debug3: start over, passed a different list publickey,password debug3: preferred publickey,keyboard-interactive,password debug3: authmethod_lookup publickey debug3: remaining preferred: keyboard-interactive,password debug3: authmethod_is_enabled publickey debug1: Next authentication method: publickey debug1: Trying private key: /home/MVoloch/.ssh/id_rsa debug3: no such identity: /home/MVoloch/.ssh/id_rsa: No such file or directory debug1: Trying private key: /home/MVoloch/.ssh/id_dsa debug3: no such identity: /home/MVoloch/.ssh/id_dsa: No such file or directory debug1: Trying private key: /home/MVoloch/.ssh/id_ecdsa debug3: no such identity: /home/MVoloch/.ssh/id_ecdsa: No such file or directory debug1: Trying private key: /home/MVoloch/.ssh/id_ed25519 debug3: no such identity: /home/MVoloch/.ssh/id_ed25519: No such file or directory debug2: we did not send a packet, disable method debug3: authmethod_lookup password debug3: remaining preferred: ,password debug3: authmethod_is_enabled password debug1: Next authentication method: password [email protected]'s password: debug3: send packet: type 50 debug2: we sent a password packet, wait for reply debug3: receive packet: type 51 debug1: Authentications that can continue: publickey,password Permission denied, please try again. [email protected]'s password: debug3: send packet: type 50 vdebug2: we sent a password packet, wait for reply debug3: receive packet: type 51 debug1: Authentications that can continue: publickey,password Permission denied, please try again. [email protected]'s password: debug3: send packet: type 50 debug2: we sent a password packet, wait for reply debug3: receive packet: type 51 debug1: Authentications that can continue: publickey,password debug2: we did not send a packet, disable method debug1: No more authentication methods to try. Permission denied (publickey,password).
This is my sshd_config:
# Package generated configuration file # See the sshd_config(5) manpage for details # What ports, IPs and protocols we listen for Port 22 # Use these options to restrict which interfaces/protocols sshd will bind to #ListenAddress :: #ListenAddress 0.0.0.0 Protocol 2 # HostKeys for protocol version 2 HostKey /etc/ssh/ssh_host_rsa_key HostKey /etc/ssh/ssh_host_dsa_key HostKey /etc/ssh/ssh_host_ecdsa_key HostKey /etc/ssh/ssh_host_ed25519_key #Privilege Separation is turned on for security UsePrivilegeSeparation yes # Lifetime and size of ephemeral version 1 server key KeyRegenerationInterval 3600 ServerKeyBits 1024 # Logging SyslogFacility AUTH LogLevel INFO # Authentication: LoginGraceTime 120 PermitRootLogin yes StrictModes yes RSAAuthentication yes PubkeyAuthentication yes AuthorizedKeysFile %h/.ssh/authorized_keys # Don't read the user's ~/.rhosts and ~/.shosts files IgnoreRhosts yes # For this to work you will also need host keys in /etc/ssh_known_hosts RhostsRSAAuthentication no # similar for protocol version 2 HostbasedAuthentication no # Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication #IgnoreUserKnownHosts yes # To enable empty passwords, change to yes (NOT RECOMMENDED) #PermitEmptyPasswords no # Change to yes to enable challenge-response passwords (beware issues with # some PAM modules and threads) ChallengeResponseAuthentication no # Change to no to disable tunnelled clear text passwords PasswordAuthentication yes # Kerberos options #KerberosAuthentication no #KerberosGetAFSToken no #KerberosOrLocalPasswd yes #KerberosTicketCleanup yes # GSSAPI options #GSSAPIAuthentication no #GSSAPICleanupCredentials yes X11Forwarding yes X11DisplayOffset 10 PrintMotd no PrintLastLog yes TCPKeepAlive yes #UseLogin no #MaxStartups 10:30:60 #Banner /etc/issue.net # Allow client to pass locale environment variables AcceptEnv LANG LC_* Subsystem sftp /usr/lib/openssh/sftp-server # Set this to 'yes' to enable PAM authentication, account processing, # and session processing. If this is enabled, PAM authentication will # be allowed through the ChallengeResponseAuthentication and # PasswordAuthentication. Depending on your PAM configuration, # PAM authentication via ChallengeResponseAuthentication may bypass # the setting of "PermitRootLogin without-password". # If you just want the PAM account and session checks to run without # PAM authentication, then enable this but set PasswordAuthentication # and ChallengeResponseAuthentication to 'no'. UsePAM yes
Keep in mind that the SSH works completely fine if I connect from the internal IP but as I have to keep changing homes I regularly need to connect from the external IP. Also I am attempting login from a Windows 10 x64 machine with OpenSSH. Can someone help me out?
-
Alexandre Voloch about 8 yearsI get this error:
Couldn't agree to a host key algorithm (available: ecdsa-sha2-nistp256,ssh-ed25519)
-
PMiner about 8 yearsThis means that your host has a authentication key. Try to add an authentication key, and put your password on there.
-
Alexandre Voloch about 8 yearsYes, I do have one. How do I add it to Putty? OpenSSH worked fine without it..
-
Alexandre Voloch about 8 yearsConnections > SSH > Kex? If so, that's what I tried to get that error. Still doesn't work.
-
PMiner about 8 yearsWhen you say key, do you mean password? Of so, then you do not need a key, and you need to remove the key.
-
Alexandre Voloch about 8 yearsThat actually might be it as when I log in from the internal IP I get:
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.2p2 Ubuntu-4ubuntu1
. Any idea how to actually fix the portforwarding problem though? As I stated before, port checker websites state that port 22 is open on my external IP. -
saji89 about 8 yearsThis would better serve as a comment on Jakuje's answer, rather than a seperate answer. As you seem to be just verifying the answer that Jakuje suggested.
-
Alexandre Voloch about 8 yearsI was gonna make it the verified answer but I need to wait one day.. that's why it seems out of place. Don't worry
-
Jakuje about 8 yearsUnaccepting my answer, which basically led you to the solution is not the best approach. Your final solution it also important (but it was not possible to derive it from the original question, as it was stated). I agree that my answer as it is now is not comprehensive (the best is when the users find out on their own). @saji89 what do you think is the best approach here?
-
saji89 about 8 years@Jakuje If your answer served only as a pointer to the actual answer or its direction, then it seems to be fair enough to unaccept the answer you posted, and create a more comprehensive answer, he could thank you for your effort by upvoting your answer. In the other case, if your answer was complete barring a few minor details, those details can be appended to your answer and the OP can accept it, as the answer.
-
nelaaro over 5 years
OpenSSH may be unreliable
seams like a very broad and inaccurate statement to make.