What about compiling dropbear by yourself, enabling the missing option?
1 Like
Perhaps compiling is the easiest way.
Should I only rebuild dropbear or the whole firmware?
I would not recompile the whole firmware, you just need to create a new .ipk file for dropbear and install it (be careful, however, as dropbear is the executable for most binaries in LEDE; if you install a wrong version, you will most likely brick your device).
Probably this 2 files
https://downloads.lede-project.org/releases/packages-17.01/mips_24kc/base/dropbear_2017.75-2_mips_24kc.ipk
https://downloads.lede-project.org/releases/packages-17.01/mips_24kc/base/dropbearconvert_2017.75-2_mips_24kc.ipk
I have to recompile for TL-WR710N with LEDE 17.01.4 firmware.
Right?
dropbear is just the ssh server and client, maybe you're thinking about busybox? It's still a good idea to make sure you have a backup solution, though, for instance by installing openssh-server on a different port.
You mean I have to recompile busybox too?
No, you don't. My comment was regarding eduperez's answer.
dropbear_convert is a small utility to convert private key files from OpenSSH format to Dropbear format. It doesn't have anything to do with password auth. You only need to modify the main dropbear binary.
Set up a build system and look in $BUILDROOT/package/network/services/dropbear/patches/120-openwrt_options.patch. One of the patches in there comments out the DROPBEAR_PASSWORD option. Remove this patch so that the default (DROPBEAR_PASSWORD will be allowed) remains in the code. Then recompile.
Find the resulting .ipk in $BUILDROOT/bin/packages/mips24_kc/base and transfer to your router. Use opkg --force-reinstall to replace Dropbear with the custom one.
1 Like
Yes, thanks for the clarification.
After some hours of compiling there is a dropbear_2017.75-2_mips_24kc.ipk file in $BUILDROOT/bin/packages/mips24_kc/base at my build system (ubuntu 14.04 64bit).
I think, I have to move it by scp to /tmp of the router an then from /tmp
opkg install --force-reinstall dropbear_2017.75-2_mips_24kc.ipk
Right?
Yes, that's what I would do.
It worked
root@LEDE:/tmp# opkg install --force-reinstall dropbear_2017.75-4_mips_24kc.ipk
Removing package dropbear from root...
Not deleting modified conffile /etc/dropbear/dropbear_rsa_host_key.
Not deleting modified conffile /etc/config/dropbear.
Installing dropbear (2017.75-4) to root...
Configuring dropbear.
Collected errors:
resolve_conffiles: Existing conffile /etc/dropbear/dropbear_rsa_host_key is different from the conffile in the new package. The new conffile will be placed at /etc/dropbear/dropbear_rsa_host_key-opkg.
resolve_conffiles: Existing conffile /etc/config/dropbear is different from the conffile in the new package. The new conffile will be placed at /etc/config/dropbear-opkg.
root@LEDE:/tmp#
.
root@LEDE:~# DROPBEAR_PASSWORD='mypwd' ssh -y root@192.168.1.21
ssh:
Host '192.168.1.21' key accepted unconditionally.
(ssh-rsa fingerprint md5 17:83:d5:f7:0e:b6:d2:40:5a:db:25:a5:53:2a:3e:6d)
Linux omv1 3.2.0-4-amd64 #1 SMP Debian 3.2.82-1 x86_64
The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Wed Nov 22 17:24:16 2017 from 192.168.1.65
root@omv1:~#Should I take care of the opkg errors?
SSH login from routers commandline with DROPBEAR_PASSWORD works now with the rebuilt dropbear package.
From startup script it doesn't work yet. But I think this is because I have to learn how custom startup scripts work in LEDE.
I tried to copy the script from my first post (it worked in old dd-wrt as nvram/rc_startup) to the startup section in Luci. But this resulted in flashing router led and failures in syslog:
ssh: Failed reading termmodes
exited: Failed to set raw TTY mode
And the router didn't act on "reboot" anymore.
Those "errors" are just opkg telling you that it is not going to clobber your config files from the previous install. Instead it placed the default config files with .opkg extension so they are inactive. You can just delete those files.
OpenWrt startup uses service scripts in /etc/init.d (which are executed through links in /etc/rc.d) as well as an /etc/rc.local file. This file is what you see and edit in LuCI. The whole system is basically identical to most older desktop Linux from before the "systemctl" setup was introduced.
Thanks,
I'll open a new topic for the custom startup script.