Thank you for your reply, Andy. ufw was enabled on the server machine. Because I don't have enough knoledge about iptables, I did $ sudo ufw allow proto tcp from 192.168.0.3 to any port 9999 on the server machine. Then I successfully connected from the client machine by ssh.
And next I want to do ssh with authentication key instead of password. I've been struggling for hours. I rewrited /etc/ssh/sshd_config. On the client machine, PasswordAuthentication no AuthorizedKeysFile %h/.ssh/authorized_keys UsePAM no On the server machine, PasswordAuthentication no AuthorizedKeysFile %h/.ssh/authorized_keys UsePAM no Then I tried, but Password: still appeared. $ ssh -v -p 9999 testac@192.168.0.5 OpenSSH_6.7p1 Debian-5+deb8u3, OpenSSL 1.0.1t 3 May 2016 debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 19: Applying options for * debug1: Connecting to 192.168.0.5 [192.168.0.5] port 9999. debug1: Connection established. debug1: key_load_public: No such file or directory debug1: identity file /home/emmm/.ssh/id_rsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/emmm/.ssh/id_rsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/emmm/.ssh/id_dsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/emmm/.ssh/id_dsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/emmm/.ssh/id_ecdsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/emmm/.ssh/id_ecdsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/emmm/.ssh/id_ed25519 type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/emmm/.ssh/id_ed25519-cert type -1 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_6.7p1 Debian-5+deb8u3 debug1: Remote protocol version 2.0, remote software version OpenSSH_6.7p1 Debian-5+deb8u3 debug1: match: OpenSSH_6.7p1 Debian-5+deb8u3 pat OpenSSH* compat 0x04000000 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes128-ctr umac-64-...@openssh.com none debug1: kex: client->server aes128-ctr umac-64-...@openssh.com none debug1: sending SSH2_MSG_KEX_ECDH_INIT debug1: expecting SSH2_MSG_KEX_ECDH_REPLY debug1: Server host key: ECDSA --:--:--:--:--:--:--:--:--:--:--:--:--:--:--:-- debug1: Host '[192.168.0.5]:9999' is known and matches the ECDSA host key. debug1: Found key in /home/emmm/.ssh/known_hosts:1 debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey,keyboard-interactive debug1: Next authentication method: publickey debug1: Offering RSA public key: emmm@jessie debug1: Authentications that can continue: publickey,keyboard-interactive debug1: Trying private key: /home/emmm/.ssh/id_rsa debug1: Trying private key: /home/emmm/.ssh/id_dsa debug1: Trying private key: /home/emmm/.ssh/id_ecdsa debug1: Trying private key: /home/emmm/.ssh/id_ed25519 debug1: Next authentication method: keyboard-interactive Password: debug1: Authentication succeeded (keyboard-interactive). Authenticated to 192.168.0.5 ([192.168.0.5]:9999). debug1: channel 0: new [client-session] debug1: Requesting no-more-sessi...@openssh.com debug1: Entering interactive session. debug1: Sending environment. debug1: Sending env LANG = ja_JP.UTF-8 The programs included with the Debian GNU/Linux system are free software; the exact distribution terms for each program are described in the individual files in /usr/share/doc/*/copyright. Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law. Last login: Thu Dec 8 08:28:43 2016 from 192.168.0.3 testac@jessie2:~$ I rewrited /etc/ssh/sshd_config on the server again 'cause my key is 2048 bit. ServerKeyBits 2048 Then tried again. $ ssh -v -p 9999 testac@192.168.0.5 OpenSSH_6.7p1 Debian-5+deb8u3, OpenSSL 1.0.1t 3 May 2016 debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 19: Applying options for * debug1: Connecting to 192.168.0.5 [192.168.0.5] port 9999. debug1: Connection established. debug1: key_load_public: No such file or directory debug1: identity file /home/emmm/.ssh/id_rsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/emmm/.ssh/id_rsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/emmm/.ssh/id_dsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/emmm/.ssh/id_dsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/emmm/.ssh/id_ecdsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/emmm/.ssh/id_ecdsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/emmm/.ssh/id_ed25519 type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/emmm/.ssh/id_ed25519-cert type -1 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_6.7p1 Debian-5+deb8u3 debug1: Remote protocol version 2.0, remote software version OpenSSH_6.7p1 Debian-5+deb8u3 debug1: match: OpenSSH_6.7p1 Debian-5+deb8u3 pat OpenSSH* compat 0x04000000 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes128-ctr umac-64-...@openssh.com none debug1: kex: client->server aes128-ctr umac-64-...@openssh.com none debug1: sending SSH2_MSG_KEX_ECDH_INIT debug1: expecting SSH2_MSG_KEX_ECDH_REPLY debug1: Server host key: ECDSA --:--:--:--:--:--:--:--:--:--:--:--:--:--:--:-- debug1: Host '[192.168.0.5]:9999' is known and matches the ECDSA host key. debug1: Found key in /home/emmm/.ssh/known_hosts:1 debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey,keyboard-interactive debug1: Next authentication method: publickey debug1: Offering RSA public key: emmm@jessie debug1: Authentications that can continue: publickey,keyboard-interactive debug1: Trying private key: /home/emmm/.ssh/id_rsa debug1: Trying private key: /home/emmm/.ssh/id_dsa debug1: Trying private key: /home/emmm/.ssh/id_ecdsa debug1: Trying private key: /home/emmm/.ssh/id_ed25519 debug1: Next authentication method: keyboard-interactive debug1: Authentications that can continue: publickey,keyboard-interactive debug1: No more authentication methods to try. Permission denied (publickey,keyboard-interactive). Restoring /etc/ssh/sshd_config by ServerKeyBits 1024 was not helpful. How can I do ssh with authentication key instead of password? Cheers, EenyMeenyMinyMoa 2016-12-06 15:22 GMT+09:00 Andy Smith <a...@strugglers.net>: > Hi, > > On Tue, Dec 06, 2016 at 01:33:07PM +0900, EenyMeenyMinyMoa wrote: > > But when I execute either of these commands > > $ ssh -p 9999 testac@192.168.0.5 > > $ ssh -p 9999 -l testac -i ~/.ssh/id_rsa_test 192.168.0.5 > > , the terminal doesn't resopnd for minutes and finally gives this > message. > > ssh: connect to host 192.168.0.5 port 9999: Connection timed out > > The settings you've shown seem correct but the above output implies > a lack of connectivity. Have you checked there is no firewall > preventing port 9999 TCP communication? > > To list rules: > > # iptables -nL > > If that comes up empty, some basic connectivity checks (ping > 192.168.0.5 from client) may be useful. > > Cheers, > Andy > > -- > https://bitfolk.com/ -- No-nonsense VPS hosting > > "I'd be happy to buy all variations of sex to ensure I got what I wanted." > — Gary Coates (talking about cabling) > >