zyxel emg3525-t50b - can't open port 22 for SSH

I want to open ports 22 (TCP) for SSH (incoming traffic) on my MX Linux (21.3)
server. I installed the firewall and the port is open according to the
operating system.

In addition to that I changed the following on the Router ( after I logged in - Go to: Network Settings, NAT, Port forwarding (landing page). The following changes were made:

Then I gave the server a static IP:

Then I used DNS Entry and Dynamic DNS to link the PC to a DNS name registered with Dynu.com. I tested the DNS name from outside, it sees my server.

The firewall has the following settings:

And Remote Management, MGMT Services has the following settings:

When I try to SSH from a computer on the LAN to this server (using the DNS name, it asks for my password, but then gives the following error: Permission denied, please try again.

Any help you can offer will be much Appreciated!


Gert Kruger

All Replies

  • GKruger
    GKruger Posts: 4
    First Comment

    I forgot to mention. SSH is running:


  • tonygibbs16
    tonygibbs16 Posts: 803  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    edited May 2023

    Hello Gert @GKruger

    Welcome to the forum.

    Have you tried adding the LAN as a Trust Domain, see section 35.3 of the user guide at https://spdl.zyxel.com/VMG8623-T50B/user_guide/VMG8623-T50B_1.pdf ?

    You might want to try an SSH client like PuTTY to see how that works or not? see https://www.chiark.greenend.org.uk/~sgtatham/putty/

    The Remote Management page is for SSH into the EMG3525-T50B only.

    If your own server is rejecting SSH connections from hosts on the LAN after login, then it might be that the user account is not on the allow list or that you have not generated a public-private key pair on your SSH server.

    I hope that this is helpful.

    Kind regards,


    PS: The O'Reilly Book on SSH might be helpful to you, see https://www.oreilly.com/library/view/ssh-the-secure/0596008953/

  • GKruger
    GKruger Posts: 4
    First Comment

    Dear Tony,

    I set a trusted domain for a Linux computer with a fixed IP address (at work) on my home router. Just to refresh: My home computer also has a fixed IP address with a FQDN.

    I used https://www.yougetsignal.com/tools/open-ports/

    to test that port 22 is open.

    Then tried to SSH from my work computer into the home computer. It does not go. here are the Ping and Traceroute results:

    ping -c 2 FQDN
    PING FQND (197.xx.xx.135) 56(84) bytes of data.

    --- FQDN ping statistics ---
    2 packets transmitted, 0 received, 100% packet loss, time 1033ms

    traceroute werkubuntu.nl
    traceroute to werkubuntu.nl (, 30 hops max, 60 byte packets
    1 _gateway ( 0.384 ms 0.394 ms 0.437 ms
    2 ( 1.716 ms 1.828 ms 1.898 ms
    3 ( 1.243 ms 1.352 ms 1.382 ms
    4 * * *
    5 * * *
    6 * * *

    Any other help you can offer?


    Gert Kruger

Consumer Product Help Center