Dropbear not running on OpenWrt 21.02.1 / AR150

I upgraded a GL-AR150 mini router from 21.02 to 21.02.1. Before the upgrade, I could access it via SSH. After the upgrade, port 22 is closed according to nmap. I can access the LuCI web interface.

In System/Software, dropbear is displayed as Installed.
In System/Startup, dropbear is displayed as Enabled.
In Status/Processes, no dropbear process is listed.
I don't find any hints in the syslog.
Another router of type GL-AR300M is upgraded too and works as expected. Could this be a GL-AR150 issue?

Did you try to start/restart the service? Is there any output in the logs?

I did some restarts. Looking again, I find this line in the syslog:

daemon.notice procd: /etc/rc.d/S19dropbear: validation failed

Could you post here the output of uci export network; uci export dropbear ? Remove and sensitive data, like username, password, macaddress, etc...

That I cannot do as SSH is the only way to enter commands in a shell. At the moment, I only can access the box via Port 443. It is also installed at a remote location, so I have no physical access. Maybe I can install telnet to get a shell.

Is everything OK in System->Administration->SSH Access? Can you see a dropbear instance created?

That looks fine. It offers the Dropbear instance on Port 22.

# uci export dropbear
package dropbear

config dropbear
        option Port '22'
        option MaxAuthTries '6'
        option BannerFile '/etc/issues.ssh'
        option PasswordAuth 'on'

In the meantime I managed to install openssh and I have ssh access to the box again. So the problem is solved for me, while the dropbear problem stayes open.

Does it work without the options “banner file” and “max attempts”?


It turned out the BannerFile was set to a nonexisting file. I changed that line in /etc/config/dropbear to the existing file /etc/banner and restarted dropbear. Now it works. I had found this already, but thank you anyway!

1 Like

Generally for remote connection we recommend a VPN tunnel for security. Dropbear doesn’t really have any serious authentication functions that stand up to a WAN real life environment connection.

And BanIP for stopping brute force attempts (“max attempts” thing in dropbear) on all ports.

I have already a VPN tunnel into the device (wireguard). But SSH did not work either over the tunnel, obviously, when no ssh server was running.

1 Like

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.