ssh permission denied on public key

[nojohnny101]

hey everyone,
so i'm in the process of setting up remote access to my freenas box. here is the setup i have with information that is relevant:

- ssh through terminal on mac
- share setup is afp
- user created (ex: "user") within freenas box
- public key generated by "user"s client computer pasted into user profile on freenas box
- have port forwarding setup with the standard internal port for ssh as 22; forwards to port 1277 (example) which is the external facing port for the freenas box
- static internal IP address for freenas box
- have DNS forwarding setup through duckdns.org

when i try to ssh in from an outside networking using the following command:

ssh -p 1277 user@domain.duckdns.org

i get this error: "Permission denied (public key)"

i checked the permissions of both the id_rsa & id_rsa.pub files on the client computer and the permission are set to "read and write" for the logged in user which is the administrative account on the computer.

what am i missing? are there permission settings on the freenas box that i'm missing?

i really do appreciate any help! i feel as if permission are the bain of my peaceful coexistence with this freenas box!

 

[SweetAndLow]

Does it work when testing from the local network?

 

[nojohnny101]

hey
thanks for the response sweetandlow.....so did some more testing on the internal network and here is what i got:

when trying to connecting through my dns forwarding service (duckdns.org) using:
ssh user@domain.duckdns.org
i get a "connect to host user@domain.duckdns.org port 22: connection refused"

when i connect directly with the IP address of the freenas
ssh user@ip.ad.dres.s
it goes through successfully!

is my router rejecting or is the freenas rejecting?

Oh and I confirmed the SSH service is running on the freenas box and the TCP port is 22

 

[SweetAndLow]

Router is, make sure you have forwarded port 1277 from external to internal port 22 on your freenas system. Your previous explanation makes it sound like you did the opposite.

 

[nojohnny101]

hey
this is what my router settings are:

also i thought since i was connecting internally, it wouldn't matter and i shouldn't have to be going through the external facing port of 1277?

 

[SweetAndLow]

It says port mapping which is a strange description. Is there one that says port forwarding?

 

[nojohnny101]

hello,
that is the only option for the apple airport extreme and after doing some research on the internet, it seems "port mapping" is the same as "port forwarding" in apple terms, strange i know but i don't think that is the problem.

why am i able to connect though directly to the IP address but not through the domain service?

 

[SweetAndLow]

Can you use your external ip instead of your external domain name? This will show if it's the DNS it still a router issue.

 

[nojohnny101]

hello,
man this is frustrating, i've been trying to dig all around and nothing seems to be coming up. a couple of people back in 2007 figured out (after so much trouble of back and forth) that their airport extreme base stations were defective and event though the routers were saying they were port forwarding, they weren't....but mine is not that old so i don't believe that is it....

just to test i went to canyouseeme.org and check port 1277 on my public facing IP address (not the internal IP address for the freenas box) and it says it is open. i then tested port 22 from the external IP address and it says it is closed. this is correct right?

i do have a cron job running on the freenas box, here is what it looks like:

oh and external IP address still give connection refused

 

[SweetAndLow]

Use the ddnd feature of freenas for this.

But like I said before try your external ip to see if it's your router or your DNS entry. Looks like your DNS settings are wrong.

 

[nojohnny101]

hello,
thanks for all the help sweetandlow....

i tried the external IP address when i'm open the internal network and it says port 22 connection refused, same error....

sorry i'm not familiar with the ddnd feature, can you elaborate or point me in the correct direction?

 

[SweetAndLow]

Under the services section of freenas you can configure your ddns and skip the cron job. And you have something wrong with your router. That is why it's not working.

 

[nojohnny101]

hello,
sorry i have been away, now i finally have time to get this remote login working.

sweetandlow i tried taking your advice to just use the DDNS service but i can't get it to start once i enter everything. the settings say they update correctly but then it won't toggle on when i try to. I look in the logs and it says something like

W:MAIN: Main: Error 'RC_CMD_PARSER_INVALID_OPTION_ARGUMENT' (

i have tried the curl method and it seems to work when i run the curl command from the root shell because it returns "OK". And i can SSH the machine from the local IP address it has. but when i to try ssh from the terminal on my computer using my subdomain@duckdns.org on the default port (22, which is its internal port) it says "port 22: Operation timed out"

where is the link failing? this is really frustrating, i feel like i'm so close!