Cannot ssh out of NN to another machine on my LAN. Other direction works fine.

Delbert Franz ddf at
Wed Sep 19 13:57:23 EDT 2012

On Tue, 18 Sep 2012 10:28:05 -0700
Delbert Franz <ddf at> wrote:

> On Sun, 16 Sep 2012 01:07:52 +0200
> David Kuehling <dvdkhlng at> wrote:
> > Hi Delbert,
> > 
> > >>>>> "Delbert" == Delbert Franz <ddf at> writes:
> > [..] 
> >
> > 
> > Nice to see that you were able to solve your problems.  It still leaves
> > me startled as to why it's actually working for you :)  You're certainly
> > not using the standard NAT setup described in 
> > 
> >
> > 
> > Because with NAT you won't be able to SSH into your NanoNote from other
> > machines on your LAN.
> > 
> > However, without NAT, your other LAN machines would have to be aware of
> > the network having two routers; (1) the internet gateway and (2) the
> > machine that the NanoNote is connected to via USB.  Or do you somehow
> > connect the NN directly to a USB-enabled router?  
> > 
> > Just being curious.  I would have used a eth0-to-usb0 ethernet bridging
> > setup for simplicity, but never heard of anyone here who tried to make
> > that work.
> > 
> > cheers,
> > 
> > David
> David, 
> I'm using what Xiangfu Liu presented on the list in response to 
> problems I had with what may have been the NAT setup you described.  I 
> forget now if the problem was caused by an update on my Debian 
> desktops or an update to a new image for the NN.  In any case I like 
> what I am using now better.  Here is what I have setup: 
> On the machine to which the NN is connected: (host machine)
> Create an executable script with the contents:
> #!/bin/sh
> ifconfig  usb0
> iptables -A POSTROUTING -t nat -j MASQUERADE -s
> sysctl -w net.ipv4.ip_forward=1
> route add -host usb
> Notice that the IP addresses are just picked from one of the local 
> networks set aside for NAT. If these conflict with what you have
> already, just pick another range and use those IP's consistently
> throughout the following scripts. 
> On the NN, in /etc/config/network, you should have this:
> config interface lan
> 	option ifname	usb0
> 	option proto	static
> 	option ipaddr
> 	option netmask
> 	option gateway
> 	option 'dns'      ''
> #	option 'dns'      ''
> The first of the two DNS IP addresses is a public DNS to access the 
> Internet.  The second is the local DNS for my LAN.
> With the NN booted and running, connect it to a USB port on your host 
> machine.  You might see some message about a "gadget" being attached, 
> depends on how you are running the NN.  I am always in console mode.  
> In fact, I remove gmenu2x from my rootfs:) Then execute the connection 
> script on the host machine.  On the NN restart the network by 
> executing: 
> /etc/init.d/network restart
> I put that in a script with a short name--involves less typing on the 
> NN.  
> You should now be able to ping the NN from the host machine and you 
> should be able to ping from the host machine.  My NN 
> has the name of "nn" so I put the following line in the /etc/hosts 
> file on the host machine and on other machines in your LAN: 
>  nn
> The final script needed is to be run on the other machines in your 
> LAN: 
> #!/bin/sh
> #Delete old route-ip address may have changed
> route del -net
> #Add a route to ac to access nn
> route add -net netmask gw ac eth0
> Here "ac" is the name of my host machine.  One could use a 
> command-line argument to the script to give the name of the host 
> machine if you are wont to connect the NN to different machines.  Also 
> your ethernet link may not be "eth0" and that may have to be changed.  
> However, we are not ready to ssh to anything yet.  By default, OpenWRT 
> uses dropbear for ssh.  It is smaller than openssh but as I vaguely 
> recall, I could not get something to work between dropbear and the 
> openssh on my other machines.  So I used opkg to remove dropbear and 
> to install openssh-client, openssh-keygen, and openssh-server.  I 
> think the default settings in the config files, which are in /etc/ssh 
> work out of the box.  I went to the effort to generate public-private 
> key pairs and then set up an authorized_keys file on nearly all my LAN 
> machines.  This is still a work in progress because the NN runs with 
> the root user and I don't have key pairs generated yet for the root 
> user on my other machines.  However, I reset the NN password to "nn" 
> so that the password request is not onerous:) There are various sites 
> on the Internet that discuss how to setup passwordless ssh.  I used 
> since I use Debian on all my other machines.  
> The setup works well.  I can ssh from the NN to any machine on my LAN 
> and from any machine on my LAN to the NN.  
> I currently make manual changes when I am off my LAN.  It is probably 
> possible to use a well contrived shell script to automate the process, 
> but that is not high on my list.  I just assign some numeric IP 
> address to the host machine and put that in the /etc/hosts file of the 
> host machine and in the /etc/hosts file of the NN.  Then it is 
> possible to ssh from the NN to the host machine, even when the host 
> machine is not on the Internet.  When the host machine is connected to 
> the Internet, say at a wireless access point, then one needs to get 
> the numeric IP address using the command: "ifconfig".  I usually just 
> "muddle" through and get it working after one or two tries.  My time 
> off my LAN is small, but maybe I can learn enough about shell 
> scripting to figure out something better:) 
> Hope this helps someone else.
>                Delbert

Just discovered that changing the last line of the script on the 
host machine from:

 route add -host usb


> route add -host usb0

eliminates a message, at least from Debian, that
was annoying but did not seem to make any difference. 
The interface, at least on Debian, is "usb0" and
not "usb".  Some other Linux distributions may fail
completely on this.  Debian, appeared to do the right
thing even though the command was in error:-)


More information about the discussion mailing list