Upgrading snapshot build - SSH key not recognized

I flashed the snapshot build on a Netgear WAX206. http://192.168.1.1/ wasn't loading and I noticed that the login guide states "If you have installed a 'tiny' build or a 'snapshot' build, LuCI web interface will likely not be present and you will need to use ssh to log in as root@192.168.1.1." I'm running Linux Fedora Silverblue.

I am not very familiar with the terminal. Is there any way to use LuCI or any other GUI to manage my new router besides just terminal commands? If not, where can I find the commands to set up the router? I need to set it up in AP mode to run with a custom internal IP address behind a firewall, I hope this won't be too complicated with this model...

This, but you need to change the device from WHW03 to WAX206.

I just came across this. Apparently snapshots are completely untested and experimental... I was looking for a secure OpenWrt router. Seeing that these builds are untested and not mature, would I be more secure changing my router for another model that has official stable releases?

Your running it as an AP, your internet security is handled elsewhere.

Yes, it's a beta fw, but there's a release candidate out, if it makes you feel safer. Those images come with the webUI preinstalled.

https://downloads.openwrt.org/releases/23.05.0-rc2/targets/mediatek/mt7622/

My guess is the stable release will be out in Q3 or Q4, depending on how many RCs they release.

2 Likes

I'm assuming the relevant file in that list is "netgear_wax206-squashfs-sysupgrade.bin", correct? And would you advise upgrading to this instead of keeping the current snapshot? I would assume this build is tailored to my router.

That's the file, yes.

Don't know if the RC2 is better in any way, than the most recent snapshot, trial and error. But if you're going to install additional packages on the 206 (or any other device, esp packages having kernel dependencies), these won't expire within a day, like the snapshots do.

All builds are device specific, except to x86.

I see. So to upgrade to this build you linked to, how do I do that? I saw that you mentioned in the other post

"transfer the sysupgrade image using (win)scp to the routers /tmp folder.
From cli run sysupgrade /tmp/sysupgrade.file.ext"

But I don't quite get it. Would it be simpler to use some command(s) through a Linux machine?

On win it's winscp, in Linux scp, to transfer it.
Sysupgrade is the OpenWrt command for flashing.

If your AP got internet access, you could just wget the file directly from it.

Hi

suppose you flashed snapshot
and you don't touched anything yet
in default condition, OWRT will have DHCP clien on WAN port, so, if you are lucky, and plug your WAN port in some source for internet, your OWRT device will have internet access
so far, so good

ssh into OWRT
ssh root@192.168.1.1

and from there

wget https://downloads.openwrt.org/releases/23.05.0-rc2/targets/mediatek/mt7622/openwrt-23.05.0-rc2-mediatek-mt7622-netgear_wax206-squashfs-sysupgrade.bin -O /tmp/fw.bin

this command will download sysupgrade file to /tmp folder

and then
sysupgrade -n /tmp/fw.bin

this way your OWRT will be flashed with 23.05 rc2

3 Likes

The first time I tried to SSH into it I was successful. I only changed the password and nothing else. Now when I try to SSH, nothing happens. I've rebooted the router but it didn't change anything. What am I doing wrong? I'll try resetting the router.

maybe best solution is to factory reset the device
hold the reset button for 10-15 sec, until all leds light up for a moment
then wait 5 min for a full boot
ant try again

1 Like

If the router is connected to the Internet, you can run sysupgrade <url> and it will download and flash in one command.
If the router is not connected to the Internet, download the new firmware to your PC then connect the router back to the PC (disconnect the PC from any other wireless or wired networks) and use scp on the PC to push it to the router:
scp <filename> root@192.168.1.1:/tmp
Then ssh to the router and execute sysupgrade /tmp/<filename>

Windows 10 and higher includes CLI versions of ssh and scp which can be run in a Command Prompt window without installing additional software.

1 Like

I reset the router and it's connected to the internet and running again but SSH is still timing out. Could it be that I need to delete the old RSA key fingerprint?

Nevermind, I had forgotten that my laptops's VPN had turned back on. After disabling it SSH is working again.

Since I reset the router, I'm getting a fingerprint mismatch error. How do I fix this? I can't find this referenced SSH folder.

[user@device ~]$ ssh root@192.168.1.1
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ED25519 key sent by the remote host is
SHA256: XXX.
Please contact your system administrator.
Add correct host key in /var/home/user/.ssh/known_hosts to get rid of this message.
Offending ED key in /var/home/user/.ssh/known_hosts:1
Host key for 192.168.1.1 has changed and you have requested strict checking.
Host key verification failed.
[user@device ~]$

For anyone wondering, someone on the Silverblue Matrix channel advised that the command is
ssh-keygen -r [hostname]

Then locate the correct command to clear the old key from your distro's manual.

In Ubuntu it's:

ssh-keygen -f "/home/user/.ssh/known_hosts" -R "192.168.1.1"

Also see: https://www.man7.org/linux/man-pages/man1/ssh-keygen.1.html

1 Like

I just tried this from Windows 11 PowerShell. I think it worked! Thank you, everyone for your help! :heart:

Windows PowerShell
Copyright (C) Microsoft Corporation. All rights reserved.

Install the latest PowerShell for new features and improvements! https://aka.ms/PSWindows

PS C:\Users\Admin>  ssh root@192.168.1.1
The authenticity of host '192.168.1.1 (192.168.1.1)' can't be established.
ED25519 key fingerprint is SHA256:XXX.
This key is not known by any other names
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '192.168.1.1' (XXX) to the list of known hosts.


BusyBox v1.36.1 (2023-06-30 17:24:52 UTC) built-in shell (ash)

  _______                     ________        __
 |       |.-----.-----.-----.|  |  |  |.----.|  |_
 |   -   ||  _  |  -__|     ||  |  |  ||   _||   _|
 |_______||   __|_____|__|__||________||__|  |____|
          |__| W I R E L E S S   F R E E D O M
 -----------------------------------------------------
 OpenWrt SNAPSHOT, r23459-a0ae7a50e0
 -----------------------------------------------------
=== WARNING! =====================================
There is no root password defined on this device!
Use the "passwd" command to set up a new password
in order to prevent unauthorized SSH logins.
--------------------------------------------------
root@OpenWrt:~# wget https://downloads.openwrt.org/releases/23.05.0-rc2/targets/mediatek/mt7622/openwrt-23.05.0-rc2-medi
atek-mt7622-netgear_wax206-squashfs-sysupgrade.bin -O /tmp/fw.bin
Downloading 'https://downloads.openwrt.org/releases/23.05.0-rc2/targets/mediatek/mt7622/openwrt-23.05.0-rc2-mediatek-mt7622-netgear_wax206-squashfs-sysupgrade.bin'
Connecting to 168.119.138.211:443
Writing to '/tmp/fw.bin'
/tmp/fw.bin          100% |*******************************|  8050k  0:00:00 ETA
Download completed (8243505 bytes)
root@OpenWrt:~#  sysupgrade -n /tmp/fw.bin
verifying sysupgrade tar file integrity
Tue Jul 11 14:07:40 UTC 2023 upgrade: Commencing upgrade. Closing all shell sessions.
Command failed: Connection failed
root@OpenWrt:~# Connection to 192.168.1.1 closed by remote host.
Connection to 192.168.1.1 closed.
PS C:\Users\Admin>
2 Likes

Hi @mk24
tnx for this. it is new to me that you could feed URL direct to sysupgrade command

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.