SSH Failure Due to Network Segmentation | Generated by AI
Diagnosis Complete: The Real Problem
Based on my diagnostics, here’s what’s actually happening:
Key Findings
- Your Mac is on 192.168.1.0/24 network (IP: 192.168.1.37)
- Router is on 192.168.2.0/24 network (IP: 192.168.2.1)
- No ARP entry for 192.168.2.1 (router not directly reachable)
- Port 22 times out even without proxy variables
- Ping works because it’s routed through gateway 192.168.1.1
The Real Issue: Network Segmentation
The SSH failure has nothing to do with your proxy. The problem is:
Your Mac (192.168.1.37) → Gateway (192.168.1.1) → Router (192.168.2.1)
The router is on a different subnet. When you try SSH:
- Ping works because ICMP is routed through the gateway
- SSH port 22 is blocked or not accessible across the network boundary
Why Your Proxy Theory Was Wrong
Your SSH config shows:
Host !192.168.*.*
ProxyCommand ncat --proxy localhost:7891 --proxy-type socks5 %h %p
This means “use proxy for everything EXCEPT 192.168..” — so 192.168.2.1 should NOT go through the proxy anyway. The negation ! excludes local networks.
How to Fix
Option 1: Connect directly to the router’s network
- Physically connect to the 192.168.2.0/24 network
- Or configure your gateway to allow SSH forwarding
Option 2: Check if SSH is actually enabled on the router
# Try telnet first (if enabled on OpenWrt)
telnet 192.168.2.1
# Or check if HTTP admin interface works
curl -I http://192.168.2.1
Option 3: SSH through the gateway If your gateway (192.168.1.1) can reach the router:
ssh -J user@192.168.1.1 root@192.168.2.1
Test This Theory
Run this to confirm the router is actually unreachable on port 22:
# This should also timeout (proving it's not the proxy)
env -u ALL_PROXY -u HTTP_PROXY -u HTTPS_PROXY \
nc -zv -w 5 192.168.2.1 22
The proxy environment variables are a red herring — the real issue is network routing/firewall between the two subnets.