Broken pipe / Connection reset after switching from Dropbear to OpenSSH

Hi everyone,

I'm running a self-compiled OpenWrt Master build on a GL.iNet GL-MT6000 (Flint 2). I recently decided to replace Dropbear with OpenSSH-server in my build. Since the flash, I am unable to access my router via SSH.

The symptoms:

1. I get a Connection reset by peer or Broken pipe immediately after entering the password (or even before).
2. ssh -v shows the connection closes right after the key exchange or password prompt.

What I've tried via LuCI (Local Startup / rc.local):

Verified and fixed /root and /root/.ssh permissions (700 and 600).
Created a basic /etc/ssh/sshd_config with PermitRootLogin yes, PasswordAuthentication yes, and StrictModes no.
Tried to move my old authorized_keys from /etc/dropbear/ to /root/.ssh/.
Ran ssh-keygen -A to ensure host keys are generated.
Restarted the service with /etc/init.d/sshd restart.

Despite these efforts, the "Broken pipe" persists. Since I removed luci-app-ttyd from my build, I only have access to the LuCI web interface. It seems OpenSSH is crashing or rejecting the connection before a shell can be opened.

Environment:

Device:** GL.iNet GL-MT6000
Version: OpenWrt Master (SNAPSHOT) with apk
SSH Client: Linux Mint (OpenSSH client)

Has anyone encountered this issue with OpenSSH on the MT6000 Master branch? Are there specific dependencies or PAM configurations missing by default in recent Master builds when dropping Dropbear?

Any help to restore SSH access via LuCI commands would be greatly appreciated.

ssh -v root@192.168.1.1
debug1: OpenSSH_10.0p2 Debian-7, OpenSSL 3.5.4 30 Sep 2025
debug1: Reading configuration data /home/james/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Reading configuration data /etc/ssh/ssh_config.d/20-systemd-ssh-proxy.conf
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug1: Connecting to 192.168.1.1 [192.168.1.1] port 22.
debug1: Connection established.
debug1: identity file /home/james/.ssh/id_rsa type -1
debug1: identity file /home/james/.ssh/id_rsa-cert type -1
debug1: identity file /home/james/.ssh/id_ecdsa type -1
debug1: identity file /home/james/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/james/.ssh/id_ecdsa_sk type -1
debug1: identity file /home/james/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /home/james/.ssh/id_ed25519 type 3
debug1: identity file /home/james/.ssh/id_ed25519-cert type -1
debug1: identity file /home/james/.ssh/id_ed25519_sk type -1
debug1: identity file /home/james/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /home/james/.ssh/id_xmss type -1
debug1: identity file /home/james/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_10.0p2 Debian-7
debug1: Remote protocol version 2.0, remote software version OpenSSH_10.2
debug1: compat_banner: match: OpenSSH_10.2 pat OpenSSH* compat 0x04000000
debug1: Authenticating to 192.168.1.1:22 as 'root'
debug1: load_hostkeys: fopen /home/james/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: mlkem768x25519-sha256
debug1: kex: host key algorithm: ssh-ed25519
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: SSH2_MSG_KEX_ECDH_REPLY received
debug1: Server host key: ssh-ed25519 SHA256:Bh0l8WrR/4MOTm7HNBYslAbQ2OKzevPKhr6ULTTYHoo
debug1: load_hostkeys: fopen /home/james/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: Host '192.168.1.1' is known and matches the ED25519 host key.
debug1: Found key in /home/james/.ssh/known_hosts:13
debug1: ssh_packet_send2_wrapped: resetting send seqnr 3
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: Sending SSH2_MSG_EXT_INFO
debug1: expecting SSH2_MSG_NEWKEYS
debug1: ssh_packet_read_poll2: resetting read seqnr 3
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after 134217728 blocks
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_ext_info_client_parse: server-sig-algs=<ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ssh-ed25519@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,rsa-sha2-512,rsa-sha2-256>
debug1: kex_ext_info_check_ver: publickey-hostbound@openssh.com=<0>
debug1: kex_ext_info_check_ver: ping@openssh.com=<0>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_ext_info_client_parse: server-sig-algs=<ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ssh-ed25519@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,rsa-sha2-512,rsa-sha2-256>
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: get_agent_identities: bound agent to hostkey
debug1: get_agent_identities: agent returned 1 keys
debug1: Will attempt key: /home/james/.ssh/id_ed25519 ED25519 SHA256:seZraDa3xxxxxxxxxxxxxxxxxxxxHHcOEXYw0 agent
debug1: Will attempt key: /home/james/.ssh/id_rsa 
debug1: Will attempt key: /home/james/.ssh/id_ecdsa 
debug1: Will attempt key: /home/james/.ssh/id_ecdsa_sk 
debug1: Will attempt key: /home/james/.ssh/id_ed25519_sk 
debug1: Will attempt key: /home/james/.ssh/id_xmss 
debug1: Offering public key: /home/james/.ssh/id_ed25519 ED25519 SHA256:seZraDaxxxxxxxxxxxxxxxxxxxxEXYw0 agent
debug1: Server accepts key: /home/james/.ssh/id_ed25519 ED25519 SHA256:seZraDa3xxxxxxxxxxxxxxxxHHcOEXYw0 agent
Authenticated to 192.168.1.1 ([192.168.1.1]:22) using "publickey".
debug1: channel 0: new session [client-session] (inactive timeout: 0)
debug1: Requesting no-more-sessions@openssh.com
debug1: Entering interactive session.
debug1: pledge: filesystem
Read from remote host 192.168.1.1: Connection reset by peer
Connection to 192.168.1.1 closed.
client_loop: send disconnect: Broken pipe

Screenshot from 2026-01-23 17-04-101597×500 30.9 KB

Do you have any sshd logs?

Suggest putting Dropbear back and move it to a different port as you work on getting OpenSSH working.

Is my Luci system/admin seems to be complete when we use OpenSSH instead of dropbear?

there’s the option of keeping dropbear but using openssh for sftp, works seamlessly if you select it

but yeah that only covers file transfers

Far as a I know: Luci system/admin is for Dropbear instance(s) only and there is no luci/uci support for configuring OpenSSH. Most switching to it are doing so for additional features so what is there for Dropbear wouldn’t be enough so may as well use /etc/ssh/sshd_config directly for everything.

You can run both the dropbear and sshd (OpenSSH) services at the same time if you move them off the same port. Makes it a lot easier to troubleshoot / check logs / copy files etc.

A quick test here just installed OpenSSH and uncommenting + changing lines in /etc/ssh/sshd_config to Port 2222 and PermitRootLogin yes lets me login with ssh root@192.168.1.1 -p 2222 by entering the password when prompted. After restarting the sshd service of course.

yes thanks, I did something like that but before that, I've had to reset and load my last backup..

do you know if we can have a openSSH option for LuCi, if need it?
and I dont have acces to my ssh to router: root@192.168.1.1: Permission denied (publickey).