Openwrt: I upgrade to latest snapshot, no more ssh

Installing and Using OpenWrt
1

I have upgraded to latest snapshot
No more ssh!

ssh root@router
X11 forwarding request failed on channel 0
Connection to router closed.

I use ssh with pubkey enabled and password disabled
no way to get connection?
Router is Fritz Box 7490

2

Openwrt doesn't include an X11 server, try without X11 forwarding requested.

1 Like
3

I have tried \ssh which mean use no alias
and nothing.

4

Then you're going to need to connect to the serial console and see why the ssh auth is failing

Or via the LUCI log if you're including the webinterface in your snapshot builds

1 Like
5

Thanks but for serial I have to open router and is too risky
For luci I don't have luci,
I have found another "solution" which is recover firmware from 0
:expressionless:
And reinstall and reconfigure all :expressionless:
Next time I will make a backup

p.s=usually on other machines I use telnet-ssl which is secure and is "rompipalle-less" than ssh, why openwrt don' t include this package?

6

Stable OpenWrt from the official channels include the LuCI web GUI.

Interesting.

rompipalle-less?

Likely because SSH is a standard protocol.

1 Like
7

rompipalle is a "bad word" in italian language it mean something/someone very annoying or diffcult to "substain" :smiley: in english is translated as "pain in the **s"

8

The X11 error appear also in a fresh restore system.

root@192.168.0.1's password: 
X11 forwarding request failed on channel 0

but works, probably after the upgrade the system became "problematic" another way to login is necessary

luci (now installed)

or better

telnetd-ssl (package for openwrt missing, Debian has it in their official repository, in next days I will try to make a package for openwrt, I use it in my server when ssh became unavaiable)

9

Please try connecting from another host. My guess is that this X11 forwarding issue is related to the computer from which you are connecting, not the router.

2 Likes
10

No problem.
I have solved reinstalling from 0, total time spent circa 30 minutes.
BTW I have also tried from another host, same problem.

11

Something seems very odd.

What is the output of ubus call system board?

1 Like
12

The old system is lost, because I have reinstalled it from 0 (recover using eva_ramboot.py, installing kernel on router at first boot, then download the kernel, then upload to router, then sysupgrade..)
Btw this is the ubus call system board

{
	"kernel": "6.6.74",
	"hostname": "OpenWrt",
	"system": "xRX200 rev 1.2",
	"model": "AVM FRITZ!Box 7490 (Micron NAND)",
	"board_name": "avm,fritz7490-micron",
	"rootfs_type": "squashfs",
	"release": {
		"distribution": "OpenWrt",
		"version": "SNAPSHOT",
		"firmware_url": "https://downloads.openwrt.org/",
		"revision": "r28797-302c717aa3",
		"target": "lantiq/xrx200",
		"description": "OpenWrt SNAPSHOT r28797-302c717aa3",
		"builddate": "1739138496"
	}
}

Imho this happened

I had disabled the password auth (using the pubkey auth only)
then at upgrade a problem of permissions kickout my user from router
which works fine but no login accepted! (and I had no luci installed)

On my Linux machines I usually install ssh and telnetd-ssl (a very great project is also possible to configure it to allow tls only)

telnet -z nossl slack64
Trying 192.168.0.2...
Connected to slack64.blu.priv.
Escape character is '^]'.
telnetd: SSL required - connection rejected.
Connection closed by foreign host.

but on openwrt this package is not avaialble
next days i will try to build a package, is essential
to access to machine if sshd crash or became misconfigured
and no serial login is possible

13

What steps did you use to do this?

You often misconfigure ssh and need telnet?

Root?

What works?

1 Like
14

for ssh pubkey


uci set dropbear.@dropbear[0].PasswordAuth="0"
uci set dropbear.@dropbear[0].RootPasswordAuth="0"
uci commit dropbear
service dropbear restart

Was root user

Works all but no ssh access (now I have solved reinstall from 0)

1 Like
15

Ok, glad you got pubkey working!

I was gonna ask how you installed the key.

1 Like
16

In my opinion in the previous upgrade something make mistake with permission.
When ssh allow connection but kick you out immediately probably something mistake with permissions.

17

How did you install the key?

18

I have create the file and give the correct permissions

/etc/dropbear/know_hosts
chmod 0400 /etc/dropbear/know_hosts

in the file I have write the pubkey
works fine until a sysupgrade
then reinstalling all from 0 return to works

19

My path reads:

/etc/dropbear/authorized_keys

Known hosts is not for key auth.

My permissions read 600

Mine is the private key.

20

Yes for "known_hosts" I said a bull***t Is mine also authorized_keys
But I insert pubkey and works fine, private key must remain private in your host

1 Like