Can't access SSH server when it's on a wireless laptop.
 

Hello all, I've got a bit of a network problem I was hoping someone could shed some light on. I appreciate any help.

I have Debian installed on my laptop. When the laptop is connected to the network via ethernet cord, I can ssh into it fine. However if I switch to wireless, I can no longer SSH in.

I have confirmed SSHD is running.

I am switching between wired/wireless by editing /etc/network/interfaces and re-booting the laptop.

The laptop can connect to the internet, and SSH into other computers on the LAN just fine with either connection. But they can't connect to it when it's wireless.

When it's wireless, the laptop can SSH into itself as well.

My iptables is set to allow everything.

They're both on the same subnet.

Thanks for any help, I'm out of troubleshooting capabilities.
~R

Oh, I forgot to mention this isn't just SSH. I can't ping the laptop either when it is wireless. But it can ping other computers.

I have a Linksys router that I have clicked through the settings of a few times to make sure it doesn't have any "incoming wireless SSH" rules or something odd like that.

do you use hostname or ip address to connect?
Debian normally doesn't install firewalls by default.

IP Address.

I just tried hostname, it wasn't able to find the machine that way either.

Are you using the same ip address for wired and wireless ? Because if you're using dhcp you will probably have a different address.
What is the error ?

I normally use a static ip, but to eliminate it as a suspect I switched to dhcp and try to ssh in with whatever ifconfig tells me the ipaddress is.

The error message I get from trying to putty in from a windows machine varies based on what I'm trying, but it is always one of these:

Connection timed out
Can't find route to 192.168.1.161
Host is down
And an 'unreachable' msg I can't remember the wording of.

I am able to use putty to connect to other Linux machines on the network. With the same Debian install as well, the only significant difference I can think of is this is a laptop and I'm using wireless. (also this laptop works when wired, so i'm inclined to think it's a wireless thing)

On your wireless connected laptop, determine the interface name and IP address using ifconfig. Next, remember the interface name and:
Try pinging again. See any activity? If so, then iptables(8) is still not turned off, and it's throwing back confusing ICMP messages. If you do not see any activity, then pay attention to the error messages you're being told. There is simply no route to the wireless host (and they're not on the same subnet like you said earlier).

Try to access you laptop from a Linux client using "ssh -vvv". This will provide more debugging information on what the cause of the denial is.

The no route to host error indicates that you don't have an IP address in the subnet, or the default route for your laptop still uses eth0. Can you ping the laptop? Try "telnet w.x.y.z 20". This will use the telnet client to connect to port 22. You should see an initial connection if your networking/firewall is correct.

Double check that the firewall isn't blocking the wireless interface.

Check if the IP address uses same network address.
Check the route setup.
Check /etc/ssh/sshd_config. Does it have a ListenAddress line? That may bind the service to a particular device if the ipaddress changes.
Check hosts.allow. Does it bind sshd to a particular device (don't know offhand if it can)
Check login.defs. How does it restrict logins.

The authorized_keys file can contain entries with "from=<host_pattern>". If it contains an IP address which doesn't match, or a hostname which resolves differently, you might be denied a connection.

Thank you everyone for your suggestions, I'm going to look further into the areas you mentioned, here's the results of the diagnostics you suggested:

Anomie- tcpdump said it was listening on my interface, but did not output anything when I pinged it from another machine.

The ip address of my laptop: 192.168.1.117
Ip address of the other machine: 192.168.1.116
Subnet mask: 255.255.255.0

Unless my router is splitting off wireless and Ethernet into different subnets, they should be on the same one, correct?

Jschiwal - The verbose ssh gave an error that there was no route to host.

Telnetting to port 22 also was unable to connect, as it couldn't find the host.

I went through the firewall settings again, there was no mention of restriction. I was reminded that I was forwarding port 22 to a specific box on my network, I disabled it in the hopes that some crazy conflict was occurring, but that yielded no results. It's a relatively new linksys router if that sptrings any suggestions to mind.

Not sure what you meant about ip address using the same network address or route setup.

logins.defs has some terminology I didn't quite understand, but reading the comments, nothign about restrictions jumped out at me. It should be default anyway.
I don't have an authorized_keys file on the system.

Thank you for the diagnostic suggestions, I'm currently looking up more info in these areas. It certainly looks liek a routing issue, because of the results of those test. And also, this occurs:

Desktop: ping <laptop ip>
(starts complaining about unreachable route)

Laptop: ping <desktop ip>
(shows successful ping results)

And at the moment the laptop pings the desktop - the desktop is suddenly able to find the laptop and starts reporting successful pings.

Now there's an interesting piece of info. Is the netmask the same (/24) on both the desktop and the laptop? On the desktop side, does the ARP cache look different before / after it is magically able to ping the laptop?

Please post the results of "ifconfig" and "route". Also, does your router have mac access controls?

The netmask for both Desktop (which I should probably mention is a PC) and the laptop are both 255.255.255.0

Looking up how to find ARP logs right now.

The router does have controls for allowing/disallowing certain MAC addresses, or giving certain MAC Addresses static IPs. All of that is not set right now.

Output of ifconfig and route:



root@modef:~# ifconfig
eth1 Link encap:Ethernet HWaddr 00:0e:35:79:fe:40
inet addr:192.168.1.117 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::20e:35ff:fe79:fe40/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:128 errors:0 dropped:0 overruns:0 frame:0
TX packets:247 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:16893 (16.4 KiB) TX bytes:28972 (28.2 KiB)
Interrupt:18 Memory:e0206000-e0206fff

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:83 errors:0 dropped:0 overruns:0 frame:0
TX packets:83 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:8960 (8.7 KiB) TX bytes:8960 (8.7 KiB)

root@modef:~# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.1.0 * 255.255.255.0 U 0 0 0 eth1
default 192.168.1.1 0.0.0.0 UG 0 0 0 eth1
root@modef:~#

Ah, you just type arp (or arp -a for windows).

Waiting for the computers to forget about each other so I can do the before and after arp log.

Ok, they have forgotten about each other. Here's the arp output.

Before, when they have no idea about each other:
Then I tell them to ping each other. Something happens and I can SSH into the laptop again. New results of arp:


192.168.1.116 is my PC, and 192.168.1.117 is the laptop.

I wonder if the problem is with a spotty wifi connection. Once an ssh connection is made, does it drop off?

Something strange is happening with the PC's ARP cache. Next time the laptop hops from Ethernet to wifi, issue the command (from the laptop):
Everything work OK afterward?

Last night I tested to see how long a connection would last (once they find each other). I was able to stay SSH'ed in for six hours or so before I went to bed. I have been knocked off the SSH connection in the past but I wouldn't characterize the connection as tenuous once made.

running arping on the laptop didn't make the PC aware of it. They still can't see each other until they are both pinging each other.

I did have to use a lowercase 'u' instead of a capital 'U' for arping

results:

(117 is laptop, 116 is pc)

Fix?
 

Did you ever sort this out? I have exactly the same problem on my network. I cannot ping any Linux machines that are wirelessly connected to my router unless they are first pinged by a windows machine, after which time it can be accessed for about a minute before being pinged again. Please help.....

Sorry, no. I was never able to resolve this. I'm assuming it is an issue with my wireless drivers or Debian.

Your router may be isolating wireless connections only allowing internet traffic. Wireless can be tricky. My router will stop wireless authentication. I found that this only happens when my laptop is connected on the wired side. Strangely, this still happens after switching to the Tomato firnware!

Thank you Schiwal, with that tip I believe I have found the problem.

My Linksys Router has a feature on it (which is apparently common) called AP isolation. It isolates wireless devices so they can only communicate to the router, not each other.

It took forever to find, because in my router's settings, it was set to off. However it was indeed on, and toggling that setting on and off was needed to fully disable it.

Since the toggle I haven't had any issues connecting via wireless.