Connection refused after v22.03.0 upgrade (WRT1900ACS)

I have a Linksys WRT1900ACS running OpenWrt 21.02.3 r16554-1d4dea6d4f. It runs fine and I can connect to the LUCI admin interface and ssh in using root@myrouter.lan and the password I've set.

When I upgrade to OpenWRT v22.03.0 the process appears to succeed, the device connects and appears to work fine BUT I can no longer connect the the LUCI admin interface or ssh in with the root account.

When I attempt to make these connections I receive:

LUCI

This site can’t be reached

myrouter.lan refused to connect.
Try:

Checking the connection
Checking the proxy and the firewall
ERR_CONNECTION_REFUSED

SSH

ssh root@myrouter.lan 
root@myrouter.lan Permission denied (publickey)

So, I use the 4-reboot failsafe method and revert to the 21.02.3 build.

Any suggestions?

Am I missing some fundamental key issue?

I've done several OpenWRT sysupgrades before without problem and without encountering this issue.

It's pretty hard to troubleshoot the problem when I can't get access to logs or adjust the configuration in the upgraded system.

What details of my setup would assist?

cheers

myrouter.lan is a nonstandard name, so you likely have kept your settings in the upgrade.

You might start with the default config. First sysupgrade without keeping settings, and then manually config the basic stuff like public keys and wireless.
Use the settings backup file just for reference.

Likely something reagrding firewall, VLANs, DSA, or similar has changed and your old config causes a lockup.

Just to be clear "myrouter" is not the hostname of my router. It's just a generic string I used for the post.

The actual hostname of my router has not changed since I first installed OpenWRT,

But @hnyman's point may still be right... did you keep settings when you upgraded to 22.03.0? If so, that may be the problem (due to incompatible configurations from the previous version), and you may need to use failsafe mode to reset to defaults.

2 Likes

Yes, I kept the settings through the upgrade and, presumably there's a problem somewhere but that seems a reasonable approach without release notes stating settings should not be preserved. I was suspecting the new work on the firewall but am puzzled by the ssh access problem that doesn't look like a firewall rejection.

I suspect my only way forward is to update without the settings and reconfigure afterwards but still wonder whether others have encountered this and whether they've isolated the cause.

What version did you upgrade from? Did it come directly from 21.02 (seems like it from above). That should have already migrated to DSA, so you should have been fine... but if it came from anything earlier... see release notes:

Sysupgrade can be used to upgrade a device from OpenWrt 21.02 to 22.03, and configuration will be preserved in most cases. Upgrades from a previous 22.03.0 release candidate are also supported.

:!: Sysupgrade from 19.07 to 22.03 is not supported.

:!: There is no migration path for targets that switched from swconfig to DSA. In that case, sysupgrade will refuse to proceed with an appropriate error message:
Image version mismatch. image 1.1 device 1.0 Please wipe config during upgrade (force required) or reinstall. Config cannot be migrated from swconfig to DSA Image check failed

It was a single-step direct sysupgrade from OpenWrt 21.02.3 r16554-1d4dea6d4f. I'd already dealt with DSA when I previously upgraded to that version.

It's strange that the device appears to be working OK except that I can't log into it via the web interface or SSH.

I suspected the firewall based on the error I got from LUCI.

But the error from SSH seems to point in a different direction. Perhaps the new version disables root login via ssh by default but I can't tell that because I can't get in to see. Then again, that's not what the error message suggests.

Nope... it is not disabled. Unless you have an error in your configs or previously disabled it.

Can you login with password? (Instead of a key pair)

I am just thinking the possibility that you would have a really old key generated with an unsupported key algorithm. The allowed algorithms have evolved during the years.

It doesn't.

I repeat the advice to first sysupgrade without settings, and then use the settings backup to re-config (manually).

We haven't seen your settings, so it is pretty difficult to guess what you might have changed and what of those changes is the reason.

You might also try sysupgrading with other settings, but without /etc/config/system file that e.g. controls the ssh login settings. (Just rename the file before sysupgrade)
If the file is missing, the defaults are generated there at the boot.

Third idea is something related to nonstandard shell. Do you use the default busybox ash, or have you installed bash ? Bash is not included in the image, so having configured root to use nonexistent shell would also lead to login errors.

No, I can't login with a password.

I CAN login with a password in OpenWrt 21.02.3 r16554-1d4dea6d4f but from the same command line after the upgrade the login attempt fails with the publickey message.

I'm not sure where root's authorized keys might be stored. There is no .ssh directory in /root which is where I would expect to find them.