Can no longer SSH to openwrt router after update [SOLVED]

Hello
I decided to shutdown the web server and only use SSH to manage my router and I also decided to use an SSH key. But after updating my firmware I am no longer able to SSH into the router. I keep geting Unable to negotiate with 192.168.1.1 port 22: no matching host key type found. Their offer: ssh-rsa errors.

Here is the output of ssh -v

OpenSSH_9.0p1, OpenSSL 1.1.1q  5 Jul 2022
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to 192.168.1.1 [192.168.1.1] port 22.
debug1: Connection established.
debug1: identity file /home/username/.ssh/id_rsa type 0
debug1: identity file /home/username/.ssh/id_rsa-cert type -1
debug1: identity file /home/username/.ssh/id_ecdsa type -1
debug1: identity file /home/username/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/username/.ssh/id_ecdsa_sk type -1
debug1: identity file /home/username/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /home/username/.ssh/id_ed25519 type -1
debug1: identity file /home/username/.ssh/id_ed25519-cert type -1
debug1: identity file /home/username/.ssh/id_ed25519_sk type -1
debug1: identity file /home/username/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /home/username/.ssh/id_xmss type -1
debug1: identity file /home/username/.ssh/id_xmss-cert type -1
debug1: identity file /home/username/.ssh/id_dsa type -1
debug1: identity file /home/username/.ssh/id_dsa-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_9.0
debug1: Remote protocol version 2.0, remote software version dropbear
debug1: compat_banner: no match: dropbear
debug1: Authenticating to 192.168.1.1:22 as 'admin_username'
debug1: load_hostkeys: fopen /home/username/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: (no match)
Unable to negotiate with 192.168.1.1 port 22: no matching host key type found. Their offer: ssh-rsa

I tried going into failsafe mode but I still get the same errors. I also tried using the physical reset button on my router but nothing happened.

I tried using ssh -oHostKeyAlgorithms=+ssh-rsa but all I got was

Permission denied (publickey).

I'm using a tp-link archer A7 AC1750 and I'm on arch linux. I'm not sure what else I can do at this point. Any help would be greatly appreciated. Thank you.

Solved: I had to press the WPS button during boot to access failsafe mode instead of the reset button. I also needed to use ssh -oHostKeyAlgorithms=+ssh-rsa to log into my router. Thanks for the help.

You could reflash it, using tftp.

Do you have the key in your keychain?
And are you sure the user admin_username is correct and it's not root?

Do you have the key in your keychain?
And are you sure the user admin_username is correct and it's not root?

I don't think so. The SSH key is in ~/.ssh. After I created the key I pushed the public key to the router and I typed in the password every time I logged in to the router. The user is root, I thought you could set up different users and I didn't want people to see the account I was using to administrate the router so I changed it in the post.

You could reflash it, using tftp.

I'm not sure how to do that but I'll look into it.

Are you sure you successfully entered failsafe mode?
Turn on the device, wait until the power LED starts blinking and press once the WPS button.
The power LED should start blinking very quickly and all other LEDs should be off.

The reset button does nothing under OpenWrt on this model. You can only use it to re-flash the device using the tftp method.

Did you ever manage to ssh into the router with public key before upgrading it?

Thanks this worked.

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.