cannot ssh into server via local wifi

M

molofishy

On my router, I've forwarded local IP 192.168.0.10 to port 22.
I can ssh into my freebsd box when pointing to the public IP.

However I cannot ssh when pointing to the local IP of the box (when I'm on the local wifi).

ssh oliver@192.168.0.10 returns:
Connection reset by 192.168.0.10 port 22
Click to expand...


ifconfig returns:
Code: 
igb0: flags=8802<BROADCAST,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=4e507bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,TSO6,LRO,VLAN_HWFILTER,VLAN_HWTSO,RXCSUM_IPV6,TXCSUM_IPV6,HWSTATS,MEXTPG>
    ether a4:ae:12:35:22:12
    media: Ethernet autoselect
    status: no carrier
    nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
em0: flags=1008843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,LOWER_UP> metric 0 mtu 1500    options=4e504bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,LRO,VLAN_HWFILTER,VLAN_HWTSO,RXCSUM_IPV6,TXCSUM_IPV6,HWSTATS,MEXTPG>
    ether a4:ae:12:35:22:11
    inet 192.168.0.10 netmask 0xffffff00 broadcast 192.168.0.255
    media: Ethernet autoselect (100baseTX <full-duplex>)
    status: active
    nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
lo0: flags=1008049<UP,LOOPBACK,RUNNING,MULTICAST,LOWER_UP> metric 0 mtu 16384
    options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
    inet 127.0.0.1 netmask 0xff000000
    inet6 ::1 prefixlen 128
    inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3
    groups: lo
    nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
pflog0: flags=1000141<UP,RUNNING,PROMISC,LOWER_UP> metric 0 mtu 33152
    options=0
    groups: pflog

/etc/hosts
looks like:
Code: 
::1                     localhost localhost.my.domain
127.0.0.1               localhost localhost.my.domain
192.168.0.10            kingklip kingklip.ddns.net

Thanks for your help
Oliver
 
Local firewall on 192.168.0.10 killing the connection? Or the sshd(8) isn't listening on port 22? Connection reset means it received a RST on its SYN packet.
 
telnet 192.168.0.10 22 returns:

Trying 192.168.0.10...
Connected to 192.168.0.10.
Escape character is '^]'.
SSH-2.0-OpenSSH_9.7 FreeBSD-20250219
Connection closed by foreign host.
Click to expand...
I.e. it didn't work

ping 192.168.0.10 shows something:
PING 192.168.0.10 (192.168.0.10): 56 data bytes
64 bytes from 192.168.0.10: icmp_seq=0 ttl=64 time=8.136 ms
64 bytes from 192.168.0.10: icmp_seq=1 ttl=64 time=8.258 ms
64 bytes from 192.168.0.10: icmp_seq=2 ttl=64 time=4.574 ms
64 bytes from 192.168.0.10: icmp_seq=3 ttl=64 time=4.698 ms
Click to expand...

Port forwarding in router looks like:
1743020598425.png


No local firewall as far as I'm aware... how would I check that?
 
Firewall protection was enabled by default on the router. I disabled it and rebooted the router.
Same behaviour... cannot ssh locally.

1743021142722.png
 
Your ssh server accepts the connection but close it immediately. I don't think it's a firewall problem. Look in /var/log/auth.log of the ssh server.
 
Your ssh server accepts the connection but close it immediately. I don't think it's a firewall problem. Look in /var/log/auth.log of the ssh server.
Click to expand...

Seeing this when I try to ssh in:

Mar 27 07:29:56 kingklip sshd[12466]: Connection reset by 77.56.208.92 port 64797 [preauth]
Mar 27 07:29:56 kingklip sshguard[1585]: Attack from "77.56.208.92" on service SSH with danger 2.


Why would it try to ssh in from my public IP when I'm clearly on the local wifi...

Also this IP is not on the sshguard black list ( pfctl -T show -t sshguard), so why would it be blocked...


You should run a sshd in debug mode on the server while you try logging in.
Click to expand...


ssh -vvv oliver@192.168.0.10
OpenSSH_8.6p1, LibreSSL 3.3.6
debug1: Reading configuration data /Users/oliverangelil/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 21: include /etc/ssh/ssh_config.d/* matched no files
debug1: /etc/ssh/ssh_config line 54: Applying options for *
debug2: resolve_canonicalize: hostname 192.168.0.10 is address
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts' -> '/Users/oliverangelil/.ssh/known_hosts'
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts2' -> '/Users/oliverangelil/.ssh/known_hosts2'
debug1: Authenticator provider $SSH_SK_PROVIDER did not resolve; disabling
debug3: ssh_connect_direct: entering
debug1: Connecting to 192.168.0.10 [192.168.0.10] port 22.
debug3: set_sock_tos: set socket 3 IP_TOS 0x48
debug1: Connection established.
debug1: identity file /Users/oliverangelil/.ssh/id_rsa type 0
debug1: identity file /Users/oliverangelil/.ssh/id_rsa-cert type -1
debug1: identity file /Users/oliverangelil/.ssh/id_dsa type -1
debug1: identity file /Users/oliverangelil/.ssh/id_dsa-cert type -1
debug1: identity file /Users/oliverangelil/.ssh/id_ecdsa type -1
debug1: identity file /Users/oliverangelil/.ssh/id_ecdsa-cert type -1
debug1: identity file /Users/oliverangelil/.ssh/id_ecdsa_sk type -1
debug1: identity file /Users/oliverangelil/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /Users/oliverangelil/.ssh/id_ed25519 type 3
debug1: identity file /Users/oliverangelil/.ssh/id_ed25519-cert type -1
debug1: identity file /Users/oliverangelil/.ssh/id_ed25519_sk type -1
debug1: identity file /Users/oliverangelil/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /Users/oliverangelil/.ssh/id_xmss type -1
debug1: identity file /Users/oliverangelil/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.6
debug1: Remote protocol version 2.0, remote software version OpenSSH_9.7 FreeBSD-20250219
debug1: compat_banner: match: OpenSSH_9.7 FreeBSD-20250219 pat OpenSSH* compat 0x04000000
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to 192.168.0.10:22 as 'oliver'
debug3: record_hostkey: found key type ED25519 in file /Users/oliverangelil/.ssh/known_hosts:6
debug3: load_hostkeys_file: loaded 1 keys from 192.168.0.10
debug1: load_hostkeys: fopen /Users/oliverangelil/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug3: order_hostkeyalgs: have matching best-preference key type ssh-ed25519-cert-v01@openssh.com, using HostkeyAlgorithms verbatim
debug3: send packet: type 20
debug1: SSH2_MSG_KEXINIT sent
Connection reset by 192.168.0.10 port 22
Click to expand...

I'm using passwordless ssh-keys (using the ed25519 method) — this is why I can ssh in without a password (except when pointing to the local host 192.168.0.10)
 
It's 192.168.0.89, not 77.56.208.92, which is my public IP and where the attack is apparently coming from every time I try to login with
ssh oliver@192.168.0.10
 
molofishy said:
Port forwarding in router looks like:
Click to expand...
Port forwarding on the router is only relevant for connections coming from the internet.
molofishy said:
Firewall protection was enabled by default on the router. I disabled it and rebooted the router.
Click to expand...
CeXP1917 said:
Looks like some issues with router: NAT loopback/NAT hairpin.
Click to expand...
192.168.0.89 and 192.168.0.10 appear to be on the same subnet, thus directly connected, router plays no role in this unless the network is seriously screwed up. Most SOHO router/modems bridge their wifi with the LAN. But maybe you messed up that configuration? Wifi and LAN aren't bridged anymore but serve two separate broadcast domains that happen to use the same 192.168.0.0/24 addresses?

Also verify the client (192.168.0.89) has a 255.255.255.0 subnet mask. Getting the subnet mask wrong can lead to weird connection issues.

What does netstat -rn show on the client? Then do a ping -c 4 192.168.0.10 followed by arp -an. Do you see the MAC address of the 192.168.0.10 host?

And when in doubt make liberal use of tcpdump(1) to see what's actually going on "on-the-wire".
 
You must log in or register to reply here.
Back
Top