Can't access to SSH using PuTTY


#1

Hi,

I tried several things to achieve this, but I failed everytime. The result on the PuTTY screen is "access denied". I use root as the username and the same password of webgui. What can be missing and how to solve this?

Thanks.


#2

Are you on LAN, or connecting from the Internet?


#3

Try to change the password on LuCI again.


#4

If LuCI accepts a password, and SSH is configured to allow password login, it must accept the same password since it's matching (I assume) the hash in /etc/shadow


#5

I'm on LAN...


#6

I tried your solution, but it did not change anything. Still unable to login by using SSH.
I think there will be some kind of error or is still something missing on Dropbear Service.
Anyone can help?


#7

Please post output of /etc/config/dropbear


#8

How to get an output? I really don't know that...
Tried putting it on custom commands, the result is:
sh: /etc/config/dropbear: Permission denied

Additional info: Command failed (Code: 32256)


#9
  • vi /etc/config/dropbear
  • cat /etc/config/dropbear

I cant even tell where you ran this command.


#10

If you're not able to SSH in, the only way to get the output is via a USB-TTL serial connection.

  • This is one of the reasons I recommend having access to a USB-TTL cable or USB-to-UART before flashing 3rd party firmware.

If you don't have access to either for a serial connection, backup your configuration via LuCI and re-flash OpenWrt 18.06.1, ensuring Keep Settings is unticked.


#11

What kind of connection does this cable provide in both ends? One is USB, which shall be connected to the USB port of the router. The other end? Can you explain its functionality throughly?
While backing up the current configuration and reflashing the current firmware via LuCI might help, I surely prefer this method as a solution, if backed up configuration can be restored 100%.
What shall be the next step, if this would not solve my problem?
Shouldn't we find the culprit of this problem?
I may give you some specifics, how I could flash OpenWRT on this device.
First, I tried dd-WRT after flashing with TFTPd64. But I could not put static DNS addresses with that firmware, as the device became completely unresponsive after creating these DNS entries. After that, I decided to switch to OpenWRT and found only this solution:

  1. First change to the adapter setting the folowing data:
  • ip adress: 192.168.0.66
  • subnet mask 255.255.255.0
  • default gateway 192.168.0.1
  1. Install TFPD client

  2. Download the factory latest firmware or witch one you want from TP-LINK website (V4 variant) mine was EU version

  3. Download From LEDE Project the folowing firmware :https://downloads.lede-project.org/snapshots/targets/ar71xx/generic/openwrt-ar71xx-generic-archer-c7-v4-squashfs-factory.bin

  4. Download them in separate folder because you will have to update the router firmware with both files separately.

  5. First in the row will be the LEDE firmware - you have to rename-it :ArcherC7v4_tp_recovery.bin.

  6. Start TFPT, select the folder destination to be the LEDE firmware renamed allready by clicking the show dir button.

  7. Select the server interface from the list to be: 192.168.0.66

  8. Connect the ftp cable to the lan port of your computer and the other end to one of the yelow ports of the router.

  9. Turn off the router from the on off button.

  10. Make sure again that in TFPD the server interface is 192.168.0.66

  11. Press with something thin the reset button and keep-it press, push the on button and keep the resset button until the wps led is on and release both.
    In the mean time TFPD will transfer the LEDE firmware to the router. After that will install the LEDE firmware but without web interface.

  12. Do the same thing with the TP link original firmware. in the same steps identical folowing the step from 6 to 12 but using the TP link Interface.

Afterwards you have to wait for let say 5 minutes until the router is updating the firmware.

Go to the network settings and check the buttons for optaining the IP Adress automatically.

Yes, the problem was reverting to stock. After that, I could flash OpenWRT via webgui.


#12

USB side is for the PC, TTL side is for the router's serial header or serial pins... this allows access to the serial console (similar console as with SSH, but without login).

Creating a backup tar is done via LuCI System - Backup/Flash tab.

Have you tried logging in via an SSH key, of which will bypass password auth? The SSH key's public key is added via LuCI - System - Administration.

  • If not, please try that first, then verify if you've disabled password auth in /etc/config/dropbear.
    • If the dropbear config shows password auth as yes, backup your configuration and reflash as there's corruption somewhere.

#13

How could I possibly see this configuration without SSH or anything like that?
What I can only see is this option screen:08%20AM


#14

Another option for you is to reset the router to default settings. That should again enable normal dropbear settings.

You can do the reset from Luci.

Note that it removes also the root password.


#15

Would this method reset all additional installed packages?


#16

I believe it does, but haven't utilized the Factory Reset functionality for years (I compile my own images), so I can't be 100% sure that /sbin/firstboot doesn't also remove all user installed packages. Either way, perform the following:

  • Create a backup tar, of which backs up all your config files
  • Issue the following and save the output to external storage:
    opkg list-installed > /mnt/<partition>/installed_packages
    • Once the Factory Reset completes and you're rebooted, you can reinstall your packages by opening the document in vi / nano and copy/paste the packages into the command
      opkg install <pasted packages>
      • There's a ~254 character limit for the install command, which is why you can't simply
        opkg install < cat /mnt/<partition>/installed_packages

#17

I used WinSCP on my windows box and it lets me view, upload and download to the file system. You should be able to use SCP to view these files using your root/password. Hth, not much i can say about your ssh though that is weird


#18

Password Auth should only be enabled for minutes, as upon flashing, a complex root password should be set, PKI SSH login should be configured, and SSH password login should be disabled.


#19

Sure it does. It resets everything like just after a clean flash without settings. Any packages and settings would be removed.


#20

Yes, firstboot or the GUI reset to defaults will reset all of you settings and remove all user packages that were not part of the compiled image.

Even though it may be a bit annoying to have to reconfigure and reinstall everything, it is the easiest path to resolve your issue.

There is one thing you can try before you pull the trigger on the reset— there is a package called luci-app-commands that allows you to execute commands from the web ui. It might just work to help you run some diagnostics and or try to fix a bad config file. All else fails, it could still be used to get the list of installed packages.