[Solved] Cannot connect to the router via SSH remote access

sppmaster · July 22, 2020, 9:51pm

I have OpenWRT 19.07.3 and just want to temporary use remote SSH access to the router. I've added firewall traffic rule to allow it. But I cannot connect and only receive connection refused. I can login via LAN.
This is the uci show firewall

firewall.@rule[11].name='sshwan-allow'
firewall.@rule[11].proto='tcp'
firewall.@rule[11].src='wan'
firewall.@rule[11].src_port='22'
firewall.@rule[11].dest_port='22'
firewall.@rule[11].target='ACCEPT'
firewall.@rule[11].dest='lan'

I've added a rule to allow connection to Luci on port 80 just to try if it works. I cannot connect to web interface either. If I stop the firewall I can connect to router via SSH remotely.
Can you help me.

mikma · July 22, 2020, 10:03pm

Since SSH uses TCP it means the source port will be ephemeral. For this reason you usually shouldn't specify "src_port" in TCP rules.
And if you want to configure an input rule, i.e. it allows traffic to the device itself, then you don't specify "dest" either.

sppmaster · July 22, 2020, 10:21pm

If I want to use different port 5555 for example (not 22) then should I put it (5555) in source port field.
I've added the rule trough Luci interface and destination was set by default as 'lan'. I didn't choose it.
Actually I've tried to set it to Device Input but that didn't work either.

Obviously I was doing anything wrong because now I have this and it works.

firewall.@rule[11]=rule
firewall.@rule[11].name='sshwan-allow'
firewall.@rule[11].proto='tcp'
firewall.@rule[11].src='wan'
firewall.@rule[11].dest_port='22'
firewall.@rule[11].target='ACCEPT'

But I want to make SSH connection to a different port. What should I change. Just tried source port but it doesn't work.

mk24 · July 22, 2020, 10:38pm

You have to set up the SSH server (dropbear) to listen on the different port. That is in /etc/config/dropbear.

By default there is only one instance of dropbear, so making the change will require the new port to be used on the lan as well.

This is also on the System-->Administration:SSH Access page in LuCI.

sppmaster · July 22, 2020, 10:50pm

Thank you both @mikma and @mk24. Now everything is OK.

vgaetera · July 23, 2020, 5:05pm

See also: https://openwrt.org/docs/guide-user/base-system/dropbear

system · August 2, 2020, 5:05pm

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.