Problems Establishing ssh Connection With 802.11a Wireless Canopy System

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
Hello All,

I have been having a very frustrating problem with openssh esatablishing a
connection over an 802.11a wireless connection.

I am running two separate networks across the U.S.... Both networks have
multiple RedHat 8.0 Linux servers all completely up2date with the latest
patches on all sofware installed.  All systems run Linux kernel-2.4.20-20.8
and openssh-3.4p1-7.  At each location, we are running an ethernet star
topology 100MB LAN wired with Cat 5e, however at one location the outgoing
connection to the Internet is through a fractional T-1 (I will refer to as
Net-A) while on the other network, the outgoing connection to the Internet
is a wireless 802.11a network using a Canopy Service Module to a Canopy AP
(I will refer to as Net-B).

On both networks, I can use openssh and putty (on Windows machines connected
to the LAN) to see all of the Linux servers on the respective local networks
on which they are located.

On both networks I use a Linux server as a gateway (both with static valid
IP addresses) to the Internet and use Class C non-routeable ip addresses on
the private side of each network and NAT requests through the Linux gateway

When establishing an ssh connection to Net-A (fractional T-1 network) from
an outside connection (either dialup or through a dsl line) I connect to the
gateway no problem.  So I know this server is not the problem...

But when I try to use Net-B (client) to connect to Net-A (server) or vice
versa or try to use any other connection to try to connect to Net-B from the
outside, I can not establish a connection to the Net-B Linux gateway.  I
have used the -vvv option with ssh to see what is going on and the
connection seems to establish properly.  When the ssh command is issued to
the Net-B server, the Net-B gateway prompts for the password and then the
connection seems to hang... I never get a prompt back...  The debug command
shows that the connection gets to the point where it says

    "debug1: channel 0: open confirm rwindow 0 rmax 32768"

When tracing other ssh connections this is the last step before returning a
prompt, but I never get one back when trying to connect to the Net-B

If I disable the wireless 802.11a nic connection and use dialup on the Net-B
gateway, I can establish a ssh connection (both inside and outside) without
a problem, so I don't think it is a software problem with openssh on either

My ISP unix guru has been trying to trouble shoot this and I have been
trying to trouble shoot this for about 6 months...  I called Motorola and
they stated that they have no known issues with Canopy Wireless system and
ssh and openssh... My ISP has a wide open router and is not blocking any IP
traffic at all...

There are no firewall rules blocking any ssh requests on either network...

I have also touched base with a openssh expert who told me to check the
reverse dns records to see if everything was ok with them (apparently
openssh does a reverse ip check before it establishes a connection unless
you disable it in the config file)...  I checked, reverse dns is working
properly on both networks ip addresses...

Here is a kicker, on Net-B, if I use a Windows machine behind the Net-B
gateway and putty into Net-A gateway, all works just fine....

I am hoping someone has a clue as to what might be going on here as my ISP,
the expert on Openssh and myself can not seem to come up with a solution to
the problem...  I have tried a bunch of different settings to the rwindows
and mtu settings and disabled reverse dns lookups, but nothing seems to
work... all settings that have been changed are now set back to default...

Any information would be greatly appreciated....  Please let me know if you
need any further information to help me trouble shoot...


Darrell L. Ford

Re: Problems Establishing ssh Connection With 802.11a Wireless Canopy System

My guess is that this is a network problem, not an ssh problem.
tcpdump says what?   MTU size?  Seeing ICMP need-frag messages?
Does the AP/router NAT the wireless addrs?

Re: Problems Establishing ssh Connection With 802.11a Wireless Canopy System

Quoted text here. Click to load it
    I agree... we just can't seem to figure out where it is occurring..

Quoted text here. Click to load it
    I am not local to the Net-B gateway right now and since I can't get in
with ssh, can't produce output for you right now, but will on Wednesday...
Have done this in the past but didn't give much info on the problem...

 > MTU size?
    MTU is now set back to 1500, but I have walked down the buffer size with
the ping -f -l (size of buffer) (ipaddress) and did set both client and
server MTU's to the same size ended up at 1488.... Anyway, tried setting the
MTU's on both client and server down as low as 576.... still same problem...

  Seeing ICMP need-frag messages?
No ICMP need-frag messages at all......

Quoted text here. Click to load it
No, the AP is a valid publicly routeable static ip address and NAT is not
involved....  Incidentally, NAT is not involved on the situation above as I
am using my public interface to try to establish the ssh connection still to
no avail....  I have even turned off the firewall and disabled my private
side NIC (on both networks) to make sure there were no problems with NAT
translation errors and still the same thing....

Hmmm... any other avenunes someone might think of?????

Thanks again,

Quoted text here. Click to load it

Re: Problems Establishing ssh Connection With 802.11a Wireless Canopy System

Quoted text here. Click to load it

That's possibly an MTU issue, see:

Darren Tucker (dtucker at
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

Re: Problems Establishing ssh Connection With 802.11a Wireless Canopy System

Thanks Darren,

See my comments under "MTU" in my reply post to Michael...

Quoted text here. Click to load it

Site Timeline