Cannot connect to openwrt via ssh/lan port after upgrade

I updated my release of openwrt some time ago and just noticed that I can no longer ssh to it from a host behind the firewall (although I am able to http to it and login). Here is the status information from the router:

Here is what I get when I try to access the router via ssh on windows 10 host from a git (unix-ish) window (I have tried this from various hosts with the same key file and results):

$ ssh -v 192.168.1.1
OpenSSH_7.7p1, OpenSSL 1.0.2o  27 Mar 2018
debug1: Reading configuration data /c/Users/jordan/.ssh/config
debug1: /c/Users/jordan/.ssh/config line 13: Applying options for 192.168.1.1
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to 192.168.1.1 [192.168.1.1] port 2222.
debug1: connect to address 192.168.1.1 port 2222: Connection refused
ssh: connect to host 192.168.1.1 port 2222: Connection refused

Here is a snippet of my ~/.ssh/config file (note that I can access my three other access points with the same key file):

Host router bedroom-ap office-ap livingroom-ap 192.168.1.1 192.168.1.91 192.168.1.92 192.168.1.93
        User root
        Port 2222
        IdentityFile ~/.ssh/id_rsa

Here is a screenshot of my ssh settings:

I have confirmed that the public key in the dropbear instance matches the one on my host (and the private key works with other devices with the same public key). I tried commenting out the entry in the ~/.ssh/config file hoping that the host would prompt me for a password, but I am still getting connection refused. I also toggled "Password authentication", "Allow root logins with password", to no avail. I also tried setting the interface to "unspecified" but that had no effect either.

Any ideas on how to proceed?

Perhaps...how did you get LuCI installed?

I'd use the same method.

Interface binding can lead to race condition resulting in DoS, so better disable it.
Try to restart Dropbear and reinstall the package.
Alternatively you can install OpenSSH server.

Further troubleshooting requires server side diagnostics:

  • Dropbear port bindings, service status and log.
  • Firewall configuration.
2 Likes

What @vgaetera said. To clarify a little, a "Connection refused" error means that the TCP port is not open or it is blocked by the firewall. The authentication stage was never reached.

2 Likes

Unless I am wrong, I included the port in the screenshot (2222). What is the service status? I could include the logs, but whatever happened to my router occured quite a while (months) ago, so I am not sure the logs will be of much help.