Edgerouter-x install issues

Hi, i've been through the tutorials and i'm aware that the er-x is a bit nonstandard in initial install. i installed the stman 19.07.02 version using the ubnt web install, openwrt-19.07.2-ramips-mt7621-ubnt-erx-initramfs-factory.tar from https://github.com/stman/OpenWRT-19.07.2-factory-tar-file-for-Ubiquiti-EdgeRouter-x

the device rebooted, but now how do i complete the openwrt install with the sysupgrade? i.e. from the above page. 'sysupgrade it with the "Official OpenWRT stock" openwrt-19.07.2-ramips-mt7621-ubnt-erx-squashfs-sysupgrade.bin'

the plan was to go through the 19.07.2 install, then upgrade to the latest stable.

when connected to eth0 of the device, assuming the er-x ip address is 192.168.1.1, i get no response via https, ping or ssh. i don't think it's bricked as eth0 is occassionally blinking. i'm on a macbook pro.
thanks,
jeff

The eth0 port on Edgerouter X is the WAN port when running default OpenWrt. Plug your PC into some other port and 192.168.1.1 should work.

2 Likes

thank you. i'm connected to eth1 and i get a ping response. but http or https do not give a reply. how do i complete the upgrade? thanks

Are you following this procedure on the OpenWrt wiki? I believe you're expected to SSH into the device and do a sysupgrade that way. Does ssh root@192.168.1.1 work?

2 Likes

Hi, yes i'm nominally following that procedure. i used the initial upload file (since it meets the size expected) and uploaded it via the ubnt firmware update file. access via an version of ssh doesn't work. the error is unable to negotiate with 192.168.1.1 port 20, no matching key found.

so i'm sort of stuck rn.
jeff

That's actually a pretty good sign, that means there is an SSH server running and listening on the Edgerouter X. The error means your SSH client can connect, but it can't agree with the server on what cryptographic algorithms to use.

Your SSH client might be too old to use. Can you do ssh -v root@192.168.1.1 and give us the entire output? You should get a bunch of debug messages, like 1 or 2 screenfuls worth of text.

1 Like

ok. here's the output. i think it's sanitary:

Jeffreys-MacBook-Pro:_openwrt number1coach$ ssh -v root@192.168.1.1

OpenSSH_9.0p1, LibreSSL 3.3.6
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 21: include /etc/ssh/ssh_config.d/* matched no files
debug1: /etc/ssh/ssh_config line 54: Applying options for *
debug1: Authenticator provider $SSH_SK_PROVIDER did not resolve; disabling
debug1: Connecting to 192.168.1.1 [192.168.1.1] port 22.
debug1: Connection established.
debug1: identity file /Users/number1coach/.ssh/id_rsa type -1
debug1: identity file /Users/number1coach/.ssh/id_rsa-cert type -1
debug1: identity file /Users/number1coach/.ssh/id_ecdsa type -1
debug1: identity file /Users/number1coach/.ssh/id_ecdsa-cert type -1
debug1: identity file /Users/number1coach/.ssh/id_ecdsa_sk type -1
debug1: identity file /Users/number1coach/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /Users/number1coach/.ssh/id_ed25519 type -1
debug1: identity file /Users/number1coach/.ssh/id_ed25519-cert type -1
debug1: identity file /Users/number1coach/.ssh/id_ed25519_sk type -1
debug1: identity file /Users/number1coach/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /Users/number1coach/.ssh/id_xmss type -1
debug1: identity file /Users/number1coach/.ssh/id_xmss-cert type -1
debug1: identity file /Users/number1coach/.ssh/id_dsa type -1
debug1: identity file /Users/number1coach/.ssh/id_dsa-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_9.0
debug1: Remote protocol version 2.0, remote software version dropbear
debug1: compat_banner: no match: dropbear
debug1: Authenticating to 192.168.1.1:22 as 'root'
debug1: load_hostkeys: fopen /Users/number1coach/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: (no match)
Unable to negotiate with 192.168.1.1 port 22: no matching host key type found. Their offer: ssh-rsa

Looks like you actually have the opposite problem: your SSH client is too new and won't negotiate ssh-rsa by default. Try ssh -oHostKeyAlgorithms=+ssh-rsa root@192.168.1.1 and see if you can connect and do the sysupgrade.

Once you update OpenWrt to the newest version, make sure you delete the old OpenWrt host key from your known_hosts file before connecting to new OpenWrt. You should be able to connect without needing the HostKeyAlgorithms option.

2 Likes

ok. i'm in! thank you. to complete it i'm still not clear what to do now. from the procedure: 'sysupgrade it with the "Official OpenWRT stock" openwrt-19.07.2-ramips-mt7621-ubnt-erx-squashfs-sysupgrade.bin '.
do i copy the sysupgrade file to the erx? what's the command to complete the upgrade? thank you so much!

Yes, this is covered in step 4 of the install procedure I've linked to you earlier. But I'll spell this out in more detail:

  1. Download the sysupgrade image from the firmware selector for Edgerouter X. Save this file on your PC with a shorter name openwrt.bin

  2. Copy the file to Edgerouter X with SCP on your PC:

     scp -oHostKeyAlgorithms=+ssh-rsa openwrt.bin root@192.168.1.1:/tmp/
    
  3. SSH into Edgerouter X on your PC:

     ssh -oHostKeyAlgorithms=+ssh-rsa root@192.168.1.1
    
  4. Finally, in the SSH session do the sysupgrade:

     sysupgrade -n /tmp/openwrt.bin
    

great thank you!
can i just to the lastest sysupgrade now, openwrt-23.05.0-ramips-mt7621-ubnt_edgerouter-x-squashfs-sysupgrade, or do i have to stick with the 19.07 sysupgrade file?
thanks again, jeff

Go ahead and do the latest sysupgrade, you're not keeping any prior settings so it should basically be a fresh install.

ugh, one more issue:
My-MacBook-Pro:_openwrt number1coach$ scp -oHostKeyAlgorithms=+ssh-rsa openwrt.bin root@192.168.1.1:/tmp/
ash: /usr/libexec/sftp-server: not found
scp: Connection closed

the file did not get transfer either... i have /usr/libexec/sftp-server on the laptop.

Oops, I keep forgetting your SSH client is too new for OpenWrt 19.07 :person_facepalming: Use this instead:

scp -O -oHostKeyAlgorithms=+ssh-rsa openwrt.bin root@192.168.1.1:/tmp/

Note the extra capital letter O option. This will tell scp to use the old SCP protocol. Newest OpenWrt will not need any of these extra SSH options.

ok, i think its done and working. i couldn't have done it in a few hours without your help! best, jeff