Luci can't use or set password if openssh is used

I have replaced dropbear with openssh because I need features that dropbear doesn't offer -- the features that, in openssh, are configurable in /etc/ssh/sshd_config. This created at least two problems, one of which I have resolved, and one of which I haven't figured out a way to resolve.
RESOLVED: The problem I resolved was that failsafe mode doesn't work if dropbear isn't installed at all. The answer was easy: install dropbear, but disable it in /etc/config/dropbear. In failsafe mode, /etc/config/dropbear, along with all other configuration information, is ignored, and evidently the dropbear ssh client program gives access to the router. Good.
UNRESOLVED: The problem I haven't resolved is that luci is no longer accessible via password at all, perhaps because luci doesn't understand the (openssh) password hash in /etc/shadow. The only workaround I have found is to change /etc/shadow so root has no password at all. Then, with that security hole in place, luci works ok, but it still can't be used to set the root password in /etc/shadow to a value that luci can understand. It fails with a red bar at the top of the browser window.

I am using both dropbear and openssh-server, without any issues in luci.
I am pretty sure that /etc/shadow is not connected to openssh. Maybe if you traced back the steps you followed you'll be able to identify the problem, but just to be sure I'd suggest to backup, reset to defaults, and start from scratch. Install openssh-server/client/sftp, verify you can login to the port of openssh, and then disable dropbear. Verify that password in Lucy still works.

First guess is that you have installed shadow utile, and are trying to store password in too complex hash, which is not understood by busybox or rpcd.

See e.g. this post and the links there

1 Like

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.