Unable to login to SSH

Looker · September 22, 2018, 10:58pm

I'm using latest OpenWRT on NEXX WT3020F and tried Windows 10 build-in OpenSSH client and recommended on OpenWRT Wiki Cmder Full package and in both I get:

Unable to negotiate with 192.168.8.1 port 22: no matching host key type found. Their offer: ssh-rsa

when try to log into SSH.

What is going on?

anon69880279 · September 23, 2018, 12:18am

WIth OpenWRT the IP address is 192.168.1.1

https://wiki.openwrt.org/toh/nexx/wt3020
...
Writing from breed-mt7620-reset1.bin to mtd0 … [w]
Flash firmware
Use the factory.bin image for initial install via stock firmware web-UI.

Download firmware (see above)
Connect to the WLAN "NEXX_…", no password is needed or connect via LAN cable (preferred)
Go to http://192.168.8.1 → Username: admin, Password: admin, System Setting → Upgrade Firmware
Select the downloaded firmware file and press "Upgrade"
After a while, you will get "Rebooting… System reboot takes a few moment, you might need to reconnect to the Router after rebooting."
After the system comes up, you should be able to log-in via LuCI at http://192.168.1.1/

Looker · September 23, 2018, 12:27am

I changed address to 8.1 via web interface to avoid interference with my 192.168.1.1 other subnet. And router is reachable by 192.168.8.1. So this is not the cause.

There is problem with logging to SSH. And seems to be problem with something like "ssh-rsa".

anon69880279 · September 23, 2018, 12:40am

…
i have installed OpenSSH official for Windows 10 and i can connect

C:\Windows\system32>ssh 192.168.1.231  **-l root**
The authenticity of host '192.168.1.231 (192.168.1.231)' can't be established.
RSA key fingerprint is SHA256:LXFZuMk+mVCbImztoUVx9bwbqlB5EthGx7k9JkZw4TQ.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.1.231' (RSA) to the list of known hosts.
root@192.168.1.231's password:



BusyBox v1.29.2 () built-in shell (ash)

  _______                     ________        __
 |       |.-----.-----.-----.|  |  |  |.----.|  |_
 |   -   ||  _  |  -__|     ||  |  |  ||   _||   _|
 |_______||   __|_____|__|__||________||__|  |____|
          |__| W I R E L E S S   F R E E D O M
 -----------------------------------------------------
 OpenWrt SNAPSHOT, r7986-dc9388ac55
 -----------------------------------------------------
**root@WT3020-231:~#**

---------------------------------------------------------

I use also Putty without problems

mbo2o · September 23, 2018, 12:46am

Are you sure you want to continue connecting (yes/no)?

ssh sees the new IP as an unkown host, if you trust that you are connected to ypur router then just type yes and continue.

The list of know hosts is in a text file
.\.ssh\known_hosts

=== alternative to -l option is use this ===
> ssh root@192.168.8.1

Looker · September 23, 2018, 1:13am

no go.

openwrt

I will try putty.

Per · September 23, 2018, 9:11am

Seems to be a problem with the Windows client: https://www.google.com/search?q="unable+to+negotiate"+"their+offer%3A+ssh-rsa"

vgaetera · September 23, 2018, 8:26pm

Try to regenerate dropbear host key:

rm -f /etc/dropbear/*
service dropbear restart

Result should be like this:

# ls -l /etc/dropbear/dropbear_rsa_host_key
-rw-------    1 root     root           805 Sep 23 23:21 /etc/dropbear/dropbear_rsa_host_key

# dropbearkey -y -f /etc/dropbear/dropbear_rsa_host_key
Public key portion is:
ssh-rsa <...> root@OpenWrt
Fingerprint: sha1!! <...>

Also try this:

ssh -oHostKeyAlgorithms=+ssh-rsa root@192.168.8.1