Can log in using ssh via LAN not via WAN

[mob-i-l]

I have a strange problem since I get connection in both cases but the password doesn't work in one case. I can log in using ssh via LAN. I've looked at /var/log/auth.log but it doesn't contain anything about the failed login-attempts. I've also created a new user, mobil, that cannot use sudo -- user pi did also have wrong password from WAN but not from LAN. I get IP-number for the RasPi via DHCP but it always gets the same IP-number. (I have one other problem that is perhaps related: when I start aptitude without sudo and I want to install something it asks for the password but says it's the wrong password.)

When I try it from the outside I get the login prompt but it says:
$ ssh mobil@nnn.nnn.nnn.nnn
mobil@nnn.nnn.nnn.nnn's password:
Permission denied, please try again.
mobil@nnn.nnn.nnn.nnn's password:
Permission denied, please try again.
mobil@nnn.nnn.nnn.nnn's password:
Permission denied (publickey,password).

Here I login from LAN:
$ ssh mobil@192.168.1.nnn
mobil@192.168.1.nnn's password:
Linux aeblapi 3.10.25+ #622 PREEMPT Fri Jan 3 18:41:00 GMT 2014 armv6l

The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Mon Mar 31 20:43:34 2014 from lenovo3000.lan

[DougieLawson]

Try making a public key/private key pair.

Add the public key to /home/mobil/.ssh/authorized_keys take the private key with you to the remote location. It's more secure than allowing password based logins from the public internet.

Also take a look in your /etc/ssh/sshd_config for PasswordAuthentication no. If it's there remove it and restart sshd.

[klricks]

...... (I have one other problem that is perhaps related: when I start aptitude without sudo and I want to install something it asks for the password but says it's the wrong password.)........

Aptitude is asking for the root password, however the root password is not set by default in the Raspbian distro.
You can set a root password if you want, sudo passwd root, but it's easy to just start Aptitude with sudo from the command prompt.
I prefer to use Synaptic (GUI) package manager instead of Aptitude, much easier to use and does not require root password.
sudo apt-get install synaptic

[iinnovations]

When I try it from the outside I get the login prompt but it says:
$ ssh mobil@nnn.nnn.nnn.nnn
mobil@nnn.nnn.nnn.nnn's password:
Permission denied, please try again.
mobil@nnn.nnn.nnn.nnn's password:
Permission denied, please try again.
mobil@nnn.nnn.nnn.nnn's password:
Permission denied (publickey,password).

Are you sure your port forwarding is correct? This sounds to me as if you are trying to login to the wrong machine.

[mob-i-l]

When I try it from the outside I get the login prompt but it says:
$ ssh mobil@nnn.nnn.nnn.nnn
mobil@nnn.nnn.nnn.nnn's password:
Permission denied, please try again.
:
Permission denied (publickey,password).

Are you sure your port forwarding is correct? This sounds to me as if you are trying to login to the wrong machine.

This was the problem (or at least one of them). The router connected to a gateway runs OpenWrt with X-Wrt and I had forgot it has an SSH-server. Now I tried to change so that port 2222 gets forwarded to 22 but that didn't work (and I did restart the router and checked the external IP-number):
$ ssh -p 2222 mobil@nnn.nnn.nnn.nnn
ssh: connect to host nnn.nnn.nnn.nnn port 2222: Connection refused

Configuration in OpenWrt White Russian - With X-Wrt Extensions 0.9:
Destination ports: 2222 Target: 192.168.1.134 Port: 22 Protocol: TCP

One solution that works now is to log in to OpenWrt using SSh and from there login to Raspbian using SSh, but I would like to connect directly.

Edit: I connected it directly to the gateway and now it works on port 22 from the outside.

[iinnovations]

This would require that port 2222 gets through, which you cannot count on.

Typically to get to one of my Pis from outside I either fire up my Hamachi VPN or leapfrog through my primary server which I direct all external web and ssh traffic to. If I need to, I can log in to the webserver and then log in to a local Pi from there. An extra step, but it always works.

Colin