From a remote host on the internet, I can SSH to my OpenWrt box.  But when I try to continue
through to a host on my private network, I get the following:

ssh: connection to user@192.168.1.100:22 exited: No auth methods could be used.

I can ssh to that machine from other (regular linux) machines, but not from OpenWrt.

Admittedly, I don't have DNS working on my internal net right now- I'm transitioning to having OpenWrt provide DNS services.  Is it poossible that this is causing the problem?

Thanks for any ideas.

I've had this problem too but I've found a way around it. You can edit your /etc/init.d/S45firewall such that you forward port 22 on the WAN side to some host on your private network (be sure to comment out the SSH from WAN section). From that node on your LAN you should have no problem connecting to your router or any other node.

(Last edited by femtonaut on 10 Aug 2005, 22:23)

You could also use ssh port forwarding (man ssh, /-L) to forward the ssh from any host behind the router.

The message "no auths methods could be used" is related to the following utilization : dropbear as ssh client and openssh as sshd server, basically, activating this option in /etc/ssh/sshd_config works :

PasswordAuthentication yes

Many thanks!  Setting PasswordAuthentication to Yes solved the problem.

The documentation is uncertain at best- the config file has the comment:

# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication no

I'm not sure I follow.  But because I'm using ssh to get to OpenWrt, I'm pretty sure that the password I send isn't in cleartext anyway.

And...  I can ssh to that linux machine, using a password, from other machines, just not from OpenWrt.

perhaps the taret linux box issues some kind of ssh authentication challenge that other PCs pass and OpenWrt fails, and therefore I can't use passwords.

Heck, I'm speculating.

You got me up and running.  Thank you.

Same problem. I can SSH with password auth to my gentoo box from other machines on the net (port forwarded from OpenWRT iptables) and from putty on my local windows box, but I can't ssh from OpenWRT to my gentoo box.

I want to use sshfsmount, but I can't even access my machine. The fix above works, but will this cause the password to be sent plaintext when I connect from an internet client?

(Last edited by bobpaul on 5 Feb 2006, 21:19)

in whiterussion, there is no such /etc/ssh/sshd_config file.

how come?

No, your password will still be encrypted before it is sent to the server.
This comment in the server's config file is very misleading:

# To disable tunneled clear text passwords, change to no here!

The point is, when PasswordAuthentication is enabled on the server, your password is sent through the encrypted tunnel. In theory, someone with root privileges on the server could see your non-encrypted password, but that's highly unlikely. Someone snooping the network traffic will never see your plaintext password - the SSH communication sets up encryption before you're even prompted to enter your password!

So, why would anyone ever disallow PasswordAuthentication? Because there is that possibility that someone on the server could see your password. When you use public key authentication, the server never sees your password (or passphrase) - a different encryption-decryption-authentication method is used. For more information, see the Wiki page on Dropbear public key authentication howto... but note that it, too, implies that passwords are sent as plaintext! Argh!