[SOLVED] SSH portforwarding troubles

Hello, I would like to tunnel luci over ssh via this guide

https://openwrt.org/docs/guide-user/luci/luci.secure#:~:text=then%20click%20Open.-,Accessing%20LuCI%20via%20SSH-tunnel,level%20of%20SSH%20traffic%20encryption.

I'v spent a good few hours on this so far...

I thought it was my client device, but I tried from two different laptops with no luck.
I found in the documentation that the GatewayPorts 1 needed to be set
"Set to 1 to allow remote hosts to connect to forwarded ports"
https://openwrt.org/docs/guide-user/base-system/dropbear

I edited my /etc/config/dropbear file exactly as needed with GatewayPorts 1
Now I cannot access the SSH dropbear tab in luci with the errors it shows when config file syntax is wrong.
I can't access via openssh, it is not accepting my password after many attempts.
I have a backup but would really prefer not resetting.

thanks,

I used luci-app-commands to rescue dropbear.

1 Like

Tested with Windows native ssh client, without GatewayPorts configured on the router:

  • run ssh -L 8888:192.168.1.1:80 root@{router wan ip}
  • open http://localhost:8888 in the browser
1 Like

are you sure you follow the guide? you just need to set tunnel on client side, nothing to be altered on server (i.e. openwrt dropbear) side.

If the dropbear config is invalid, perhaps it isn't starting ?

1 Like

sure. but following the guide with a default dropbear config it is just working. if OP messed the config that's another kind of problem, and not due to the guide.

I just tried this on two devices, unable to connect condition on both.
Both are linux running openSSH client, I have no windows devices.

I followed your instructions perfectly :confused:

I have returned dropbear to default configs

ok, so you are back on default dropbear config. what about uhttpd?
are you listening on 192.168.1.1:80? or already modified as per guide to limit access to 127.0.0.1:80?
can you show output of uci show uhttpd.main.listen_http please?

I am attempting to connect from inside my LAN, on the same subnet.

Same thing. Work like a charm for me.

uhttpd.main.listen_http='0.0.0.0:80' '[::]:80'

let me ask differently: did you change anything on uhttpd side?

for example, but not limited to:

  • is redirection on? output of uci show uhttpd.main.redirect_https please.
  • is uhttpd running? service uhttpd status please.

and the exact command you run on client side.

I am trying from both chrome and firefox(different devices), could it be my ssh client? When I try to configure openssh it says invalid password and I can never get in to config...

i am confused: different devices but "my ssh client", implying one ssh client??

this guide requires an ssh tunnel on each client device, then you can redirect your local traffic to local port (e.g. AndrewZ example 8888) over ssh to openwrt's port 80 where luci normally listen.

so if you have two linux clients, one with firefox the other with chrome browsers, on each machine you should start an ssh tunnel using the ssh -L localport:remoteip:remoteport command, then point your browser to http://localhost:localport.

uhttpd.main.redirect_https='1'

--I just tested with this off, same thing

service uhttpd status

running

I tried ssh -L 8888:192.168.1.1:80 username@ip -> navigate to localhost:8888, also tried 192.168.1.1:8888, http and https prefix

and per the guide ssh -L127.0.0.1:8000:127.0.0.1:80 username@ip

This has been my process.

Both linux machines are running openSSH
the browser thing was just a whim

NO IDEA WHAT CHANGED, it's working now on both devices...

edit: it may have been disabling HTTPS redirect per mentioned by @grrr2

That's the only config that changed from not working to working, also firefox showed secure connection errors instead of unable to connect errors(chrome)

great. if you have working setup you can also mark this thread as closed :wink:

1 Like

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.