I just bought an Openwrt One, excited to upgrade my ancient Actiontec router running openwrt 12. New router powers up fine, I can configure it, but can't scp. No problem, try to install openssh. Uh-oh. downloads server completely missing. "normal" program for installing software broken, to be replaced by "apk", but this isn't installed on Openwrt 24.10.0-rc2 that is installed on my router. Fine, I'll just upgrade to a new Openwrt - except UH-OH, no downloads machine. Oh, and NO documentation that I can find on "apk". So, is this new hardware a boat-anchor? Should I return it to China?
From a machine attached directly to the LAN port. I'm an experienced unix admin, and I've been using openwrt since v12.
I turns out, it HALF supports scp. I can ssh from the router, but scp TO THE ROUTER fails with the message about "sftp-server" not installed. A google search finds instructions on the Openwrt web site that explains how to replace dropbear with openssh, because of this very problem.
So, yes, experimentation reveals that I can scp from openwrt to another machine, but not vice-versa. Inconvenient, but not a show stopper.
That turns out to be less than useful since it just gives a link to the non-existant downloads machine.
I'm not over enthused about the downloads machine being off line for several days, with no banner announcements on the web site about when it will return. Is the openwrt project failing?
Ok... so from a machine connected to the lan port to the OpenWrt One?
That seems odd... how are you trying to scp to the router? What app or methods are you using. They are two different protocols, so you shouldn't be seeing messages about sftp-server dependencies.
I don't use Windows, but on every linux and MacOS system I've used since I started using OpenWrt (15.05 in my case), I've never once needed to install openssh.
Seems like something in the commands or client that are the problem.
I was able to download the files... literally every file on the page downloaded without issue.
They are working now. I just tested. This was the first time I can recall that had a significant outage of the main OpenWrt site and downloads page. It's really quite reliable (but obviously not going to have true 100% reliability).
This would have been a good thing. I'm sorry I didn't think to do something here. Although I only administer the forum, so I didn't have direct visibility into the other sites/servers for an ETA. But I'll at least put a banner up about a known issue with the site if it happens again.
Servers can fail. That is in no way an indication of the project as a whole. This is something you should know well if you've been a unix admin at scale... systems wil sometimes go down even when the organization it is part of are healthy. The OpenWrt project, being a volunteer endeavor, doesn't have funds to have tons of failover servers, but the project is certainly quite healthy, IMO.
[EDIT: see my reply lower down; turns out this is OS dependent and the OP's observations and @eduperez 's solution were spot on.]
Thanks for pointing it out but next time @wfdudley could do himself a favor too and actually read what's written on the screen. Sometimes the verbose flag alone does do wonders.
I'm happy that downloads is back up, and also that openwrt project is not in trouble.
Now I can fix the incoming scp problem.
Believe me whan I say that the default dropbear installation does NOT accept incoming scp connections. This can be fixed by either installing sftp-server, or replacing dropbear with openssh.
Yes running the PC's scp client with the -O option is the answer. Note that is a capital "O", standing for "use Old transfer method instead of sftp." Dropbear does not have sftp functionality.
I'm not sure what screen writing which you are referring to, but I read all error messages etc. and I've probably been doing this longer than you have been alive.
Thank you for this hugely informative reply. I can only hope that Mr. Sherman sees this.
To restate, the "problem" is apparently that recent scp on modern debian linux defaults to the "new" method, and one has to explicitly ask for the "old" method that does not need sftp-server.
Openssh deactivated the default accept of weak host key cipher and must explicit allowed. And for SCP you need to enable the legacy protocol for ssh file transfer. And this is written in the error message you must have gotten which is explained in to man page of SCP.
So I stand corrected, and you are absolutely right. I just did some tests with 2 Macs (one running Monterey, the other Seqoia) and an Ubuntu 24.04 machine. The Monterey machine could use scp as is, whereas the more recent OSs gave that error. I guess I haven't used scp since I upgraded these machines and I failed to notice the change. the -O parameter does indeed fix the issue.
It's important to distinguish between scp, the command-line tool, and SCP, the protocol. It shouldn't be, but it unfortunately is.
OpenSSL's scp command-line tool is able to use both the SCP and the SFTP protocols, and due to security concerns it deprecated the former in favor of the latter, essentially making scp an SFTP client wrapper by default.
dropbear as used by OpenWrt only speaks the SCP protocol. By using a recent scp without any legacy flags you tried to connect to a SCP server using an SFTP client. Which is, naturally, bound to fail.
If anyone is at fault here, it's Red Hat forcing the protocol switcheroo on OpenSSL with no regard of the confusion caused by yanking the protocol the command-line tool is named for out from under its feet.
A discussion I had on a Github issue gives more detail. It seems it is a Debian driven problem.
"-O" is to specify the protocol to use for file transfer. In many Linux distros the default is scp protocol and the syntax is -O SFTP to use sftp protocol or -O SCP, with other protocol options.
Some distros do not accept -O at all (eg OpenWrt) and some will not accept a protocol, requiring just -O to change the default protcol to "Old", whatever that means eg Debian.
Whereas OpenSuse Tumbleweed says "-O ctl_cmd" where ctl_cmd is a list of control commands including SCP and SFTP, but it errors if ctl_cmd is omitted.
All in all the situation with scp is a bit of a mess right now.