Dropbear not running on OpenWrt 21.02.1 / AR150

Installing and Using OpenWrt
1

I upgraded a GL-AR150 mini router from 21.02 to 21.02.1. Before the upgrade, I could access it via SSH. After the upgrade, port 22 is closed according to nmap. I can access the LuCI web interface.

In System/Software, dropbear is displayed as Installed.
In System/Startup, dropbear is displayed as Enabled.
In Status/Processes, no dropbear process is listed.
I don't find any hints in the syslog.
Another router of type GL-AR300M is upgraded too and works as expected. Could this be a GL-AR150 issue?

2

Did you try to start/restart the service? Is there any output in the logs?

3

I did some restarts. Looking again, I find this line in the syslog:

daemon.notice procd: /etc/rc.d/S19dropbear: validation failed

4

Could you post here the output of uci export network; uci export dropbear ? Remove and sensitive data, like username, password, macaddress, etc...

5

That I cannot do as SSH is the only way to enter commands in a shell. At the moment, I only can access the box via Port 443. It is also installed at a remote location, so I have no physical access. Maybe I can install telnet to get a shell.

6

Is everything OK in System->Administration->SSH Access? Can you see a dropbear instance created?

7

That looks fine. It offers the Dropbear instance on Port 22.

8 
# uci export dropbear
package dropbear

config dropbear
        option Port '22'
        option MaxAuthTries '6'
        option BannerFile '/etc/issues.ssh'
        option PasswordAuth 'on'

In the meantime I managed to install openssh and I have ssh access to the box again. So the problem is solved for me, while the dropbear problem stayes open.

9

Does it work without the options “banner file” and “max attempts”?

2 Likes
10

It turned out the BannerFile was set to a nonexisting file. I changed that line in /etc/config/dropbear to the existing file /etc/banner and restarted dropbear. Now it works. I had found this already, but thank you anyway!

1 Like
11

Generally for remote connection we recommend a VPN tunnel for security. Dropbear doesn’t really have any serious authentication functions that stand up to a WAN real life environment connection.

And BanIP for stopping brute force attempts (“max attempts” thing in dropbear) on all ports.

12

I have already a VPN tunnel into the device (wireguard). But SSH did not work either over the tunnel, obviously, when no ssh server was running.

1 Like
13

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.