Hot!SSH to Administration port not working for all sources

Author
cult_hero13
New Member
  • Total Posts : 4
  • Scores: 0
  • Reward points: 0
  • Joined: 2013/03/31 11:06:52
  • Status: offline
2018/12/22 10:32:02 (permalink) 6.0
0

SSH to Administration port not working for all sources

I have SSH for administration enabled on WAN1.  I require 2FA for the account with access (account2), and have designated trusted locations for that account.  This works as intended for some hosts, but I cannot log in from others, and I can't find rhyme or reason for it.  For instance:
 
1. Can log in from Linux1 @ location1, as well as Mac1 @ location1. 
2. Can log in from Linux2 @ location2, but not from Mac2 @ location2.
3. Cannot log in from Mac3 @ location3.
4. Can log in from Mac3 @ location3 if I set public SSH key from Mac3 to account2, but bypasses requirement for 2FA.
5. Cannot log in from Mac3 even when allowed from any location.
6. Cannot log in from Mac3 when passphrase removed from SSH key.
 
Linux1 = CentOS 7.5, OpenSSH_7.4p1, OpenSSL 1.0.2k-fips, key type = ed25519
Linux2 = Debian 8.11, OpenSSH_6.7p1, OpenSSL 1.0.1t, key type = ed25519
Mac1 = High Sierra, OpenSSH_7.8p1, LibreSSL 2.6.2, key type = ed25519
Mac2 = Mojave, OpenSSH_7.1p2, OpenSSL 1.0.2e, key type = ed25519
Mac3 = Mojave, OpenSSH_7.1p2, OpenSSL 1.0.2e, key type = ed25519 & rsa
location1 = Work
location2 = Different state
location3 = Internal network on firewall
 
"ssh -v" shows the public key offered, and that authentications that can continue are publickey, and password, but for those hosts that can't log in the message is always "Permission denied".
 
Can anyone think of anything I'm missing?
#1

1 Reply Related Threads

    cult_hero13
    New Member
    • Total Posts : 4
    • Scores: 0
    • Reward points: 0
    • Joined: 2013/03/31 11:06:52
    • Status: offline
    Re: SSH to Administration port not working for all sources 2018/12/27 23:59:36 (permalink)
    0
    Update:  When looking at the System Events logs, I see "invalid ssh key".  This has me looking for a setting, like authorized_keys, but I can't find anything.  Anyone have any ideas?
    #2
    Jump to:
    © 2019 APG vNext Commercial Version 5.5