Ubuntu
openssh package

ssh client not working on WPA auth 802.11b/g/n wireless network

Asked by anna_vt

When using a new router that uses WPA/WPA2 authentication, I am unable to ssh out to an external server

I am able to connect when I use wired connection.
The internet connection seems to drop a lot as well but is more usable.
I can use ssh from other OS' over wifi (Tried putty on Windows7 and prompt on iOS).
When I go back to the old router which uses WEP it works fine again.
The only other difference between the routers is the newer one is 802.11b/g/n whereas the old one is just 802.11b/g.

Any ideas on how to solve this problem?

This is the output when I use ssh -vv
$ ssh -vv <email address hidden>
OpenSSH_5.3p1 Debian-3ubuntu7, OpenSSL 0.9.8k 25 Mar 2009
debug1: Reading configuration data /home/anna/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to xxx.xxx.xxx.xxx [xxx.xxx.xxx.xxx] port 22.
debug1: Connection established.
debug1: identity file /home/anna/.ssh/identity type -1
debug2: key_type_from_name: unknown key type '-----BEGIN'
debug2: key_type_from_name: unknown key type '-----END'
debug1: identity file /home/anna/.ssh/id_rsa type 1
debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048
debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048
debug1: identity file /home/anna/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3
debug1: match: OpenSSH_5.3 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.3p1 Debian-3ubuntu7
debug2: fd 3 setting O_NONBLOCK
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,<email address hidden>
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,<email address hidden>
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,<email address hidden>,hmac-ripemd160,<email address hidden>,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,<email address hidden>,hmac-ripemd160,<email address hidden>,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,<email address hidden>,zlib
debug2: kex_parse_kexinit: none,<email address hidden>,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,<email address hidden>
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,<email address hidden>
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,<email address hidden>,hmac-ripemd160,<email address hidden>,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,<email address hidden>,hmac-ripemd160,<email address hidden>,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,<email address hidden>
debug2: kex_parse_kexinit: none,<email address hidden>
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_setup: found hmac-md5
debug1: kex: server->client aes128-ctr hmac-md5 none
debug2: mac_setup: found hmac-md5
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
Connection closed by xxx.xxx.xxx.xxx

relevant output from lspci:

03:00.0 Network controller [0280]: Realtek Semiconductor Co., Ltd. Device [10ec:8172] (rev 10)
 Subsystem: Realtek Semiconductor Co., Ltd. Device [10ec:e020]
 Flags: bus master, fast devsel, latency 0, IRQ 19
 I/O ports at b000 [size=256]
 Memory at d0300000 (32-bit, non-prefetchable) [size=16K]
 Capabilities: <access denied>
 Kernel driver in use: rtl819xSE
 Kernel modules: rtl8192se, r8192se_pci

$ iwconfig wlan0
wlan0 802.11bgn ESSID:"O2wirelessF934A7" Nickname:"rtl8191SEVA2"
          Mode:Managed Frequency=2.462 GHz Access Point: 00:26:44:F9:34:A7
          Bit Rate=39 Mb/s
          Retry:on RTS thr:off Fragment thr:off
          Power Management period:0us mode:All packets received
          Link Quality=50/100 Signal level=-81 dBm Noise level=-95 dBm
          Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0
          Tx excessive retries:0 Invalid misc:0 Missed beacon:0

Distribution Ubuntu 10.04
Architecture i386
Kernel Linux 2.6.32-38-generic i686
OpenSSH_5.3p1 Debian-3ubuntu7
wireless-tools 30~pre9-3ubuntu4
wpasupplicant 0.6.9-3ubuntu3

Question information

Language:
English Edit question
Status:
Solved
For:
Ubuntu openssh Edit question
Assignee:
No assignee Edit question
Solved by:
actionparsnip
Solved:
Last query:
Last reply:
Revision history for this message
actionparsnip (andrew-woodhead666) said : 		#1

Can you ping the server over the wifi?

Revision history for this message
Hilario J. Montoliu (hjmf) (hmontoliu) said : 		#2

Hi anna_vt,

Maybe it's not related at all to ssh. Is the connection stable enough? drops? latency issues?

HTH

--
hmontoliu <at> ubuntu.com
http://hmontoliu.blogspot.com

Revision history for this message
actionparsnip (andrew-woodhead666) said : 		#3

Does it work over WEP?

Revision history for this message
anna_vt (iseeglass) said : 		#4

Hi,

ping seems to be fine:

$ ping -c 100 -q XXX.XX.XXX.X
PING XXX.XX.XXX.X (XXX.XX.XXX.X) 56(84) bytes of data.

--- XXX.XX.XXX.X ping statistics ---
100 packets transmitted, 100 received, 0% packet loss, time 99124ms
rtt min/avg/max/mdev = 18.331/40.505/1538.317/158.882 ms, pipe 2

I wouldn't rule out latency issues - do you know how I could test and fix this?

The router is not configurable (It's just the free one provided by ISP) and I can only use the authentication set up on it, but the old one we have is WEP and I don't have this issue.

Thanks
Anna

Revision history for this message
actionparsnip (andrew-woodhead666) said : 		#5

Can you give the output of:

lsb_release -a; uname -a

Also try making a longer timeout for disconnection on the server.

Revision history for this message
anna_vt (iseeglass) said : 		#6

$ lsb_release -a; uname -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 10.04.4 LTS
Release: 10.04
Codename: lucid
Linux garnet 2.6.32-38-generic #83-Ubuntu SMP Wed Jan 4 11:13:04 UTC 2012 i686 GNU/Linux

I don't think the timeout on the server is too short - 2 minutes. I have tried a few servers and have the same problem. I set the LoginGraceTime on one to thirty minutes, but the connection timed out with message "Read from socket failed: Connection timed out" after 18 minutes.

Revision history for this message
actionparsnip (andrew-woodhead666) said : 		#7

Try an oneiric live cd, is it ok there?

Revision history for this message
anna_vt (iseeglass) said : 		#8

Yeah, it seems to be fine in Oneric

Revision history for this message
Best actionparsnip (andrew-woodhead666) said : 		#9

I suggest you report a bug then. You could always install Oneiric, or even Precise which is in Beta but due for release next month

Revision history for this message
anna_vt (iseeglass) said : 		#10

Spent my weekend migrating to Oneiric! I tried Precise but the USB installer wouldn't work.
Anyway, this has solved the ssh problem.
Many thanks

Revision history for this message
anna_vt (iseeglass) said : 		#11

Thanks actionparsnip, that solved my question.