SSH connection after initial setup

Ameel_Beesony · October 17, 2018, 8:20am

Hi,

I’m using DIY dongle and cannot connect to 4G but instead rely on a wifi connection for dongle to access internet.

After initial setup, I no longer have the dongle’s wifi, but the dongle itself is connected to my home wifi.

However, when I try to SSH into the dongle’s wifi IP, it doesn’t work anymore.

How do I get access back to SSH?

Malte · October 17, 2018, 9:36am

Hi Ameel

You should be able to connect to the hotspot and then connect to the device via SSH.
I believe that the SSH access is only allowed when connected to the hotspot, to avoid security issues when connected to an open/unsecured wifi access point.

But this can be changed by altering the configuration on the device.

Best regards
/Malte

Ameel_Beesony · October 17, 2018, 9:57am

Hi Malte,

Thank you for the reply.
How can I enable the hotspot? I have a DIY dongle and on the dashboard settings, I cannot enter or change the empty hotspot details.

Also, how do I edit the settings to allow SSH on open/unsecured Wi-Fi access point?

Ameel_Beesony · October 20, 2018, 7:07am

So, you have to amend iptables as follows (or similar, depending on what you’re trying to do):
iptables -L --line-numbers
This will show you current iptables.

Look at the rules for INPUT, particularly for line with the following, and make note of the number at the start (in the example below it’s line 14):
14 DROP all -- anywhere anywhere

Delete the line number:
iptables -D INPUT 14

Add new rule to allow ssh on wlan0 (port 22). You can also enable other things (e.g. I have also enabled port 80 for http):
iptables -A INPUT -m state --state NEW -m tcp -p tcp -i wlan0 --dport 22 -j ACCEPT

Add rule to drop everything else:
iptables -A INPUT -j DROP

You should now have ssh access from wlan0

edit:

actually to keep changes, edit /etc/iptables/rules.v4 instead. Find line
-A INPUT -j DROP

Add any other rule for INPUT before that line. For SSH over wlan0, I added line:
-A INPUT -m state --state NEW -m tcp -p tcp -i wlan0 --dport 22 -j ACCEPT

Save and reboot. iptables should have kept the changes

Malte · October 23, 2018, 9:24am

It’s great that you got it working.

The wifi module on the device can be connected to your wifi and run the hotspot at the same time.
The hotspot is called AutoPi-Initial - or later when configured it will be called AutoPi-PARTIAL-UNITID

But I can perfectly see why you would want to connect to the device via your own wifi connection.
This will most likely be configurable by the user.

Best regards
/Malte

rohit21agrawal · April 8, 2019, 8:56pm

could you please provide steps on how to change this configuration so we can SSH without being connected to local hostpot?