Xiaomi Nano - SSH Connection refused

Hello,
I try to install the Openwrt on the router Xiaomi Nano with the manual on the openwrt site.
https://openwrt.org/toh/xiaomi/nano

I can do it until 5th steps and get a code 0 response.
From the 6th step I can not connect the router with ssh.

ssh root@192.168.31.1

I have always this message:

ssh: connect to host 192.168.31.1 port 22: Connection refused

I have 2 routers. I can install the openwrt on the 1. router without any problems. But by the 2. router I can not connect to router with ssh.

Does anyone have an idea where is the problem?

Thank you.

Post the actual commands you used for step 4 and 5 withing code tags ( ^ < / > )...

1 Like

Sorry for reviving this old thread. I had the same problem but managed to solve it, so I thought I should leave the solution to the problem here:

Source: https://www.right.com.cn/forum/thread-183266-1-1.html (in Chinese only)

Problem: I tried installing openwrt into the three r1cl devices that I have. The first two installs were smooth and uneventful, but third one refused to accept SSH connections after flashing Xiaomi's dev firmware. I tried resetting to defaults and installing different dev firmware versions -- nothing worked.

Solution: Using any firmware, dev or stable (I did it with dev because it was already on the router). execute the following command:

curl "http://192.168.31.1/cgi-bin/luci/;stok=<stok from browser url>/api/xqnetwork/set_wifi_ap?ssid=tianbao&encryption=NONE&enctype=NONE&channel=1%3B%2Fusr%2Fsbin%2Ftelnetd"

It's basically an URL sanitization exploit that starts telnet server. You'll get an error in the response, but just ignore it:

{"msg":"未能连接到指定WiFi(Probe timeout)","code":1616}

Now you just telnet into the device instead of ssh.

It's amazing how these Chinese devices can carry this kind of low level exploits that even grade 10 kids know about avoiding by now.

Just one more reason to switch to an open source firmware.

I was just flashed my old Xiaomi nano routers with OpenWRT.

Here my short summary how to do it / how i did it:
(Use this summary at your own risk)

Make sure your standard Wifi or LAN ist not using 192.168.31.* as IP-range.

Download the Official Developer ROM.

Install the official developer Rom.

Reset the router. (the reset button is located in one of the ventelation holes on the button of the device. Use a SIM-Tool to press it for a few seconds)

Connect device to your PC (white LAN-Port) and the internet (blue WAN Port).
Setup the router using the same Password for Wifi and UI. You will change it in a few minutes anyway.

Find out your <STOK>. You will see it in the adressbar if you log in the routers UI.

http://192.168.31.1/cgi-bin/luci/;stok=<STOK>/web/init...

Modify this command with your <STOK>

http://192.168.31.1/cgi-bin/luci/;stok=<STOK>/api/xqnetwork/set_wifi_ap?ssid=whatever&encryption=NONE&enctype=NONE&channel=1%3B%2Fusr%2Fsbin%2Ftelnetd

Paste it in your browser.

An message will show up

"msg":"未能連線到指定Wi-Fi(Probe timeout)","code":1616

Modify the following URL with your <STOK> and passwords. I used the Wifi/UI Password as <CURRENTPASS> and <NEWPASS>

http://192.168.31.1/cgi-bin/luci/;stok=<STOK>/api/xqsystem/set_name_password?oldPwd=<CURRENTPASS>&newPwd=<NEWPASS>

Paste the modified URL in your Browser.

This message will show up:

{"code":0}

Use Putty to Telnet into your router using ip: 192.168.31.1

User: root
Password: <NEWPASS>

Navigate to /tmp
cd /tmp

Download OpenWRT using curl in insecure mode (the wget-version on the router does not support https). I used the OpenWRT 19.07.07 image.

curl --insecure https://downloads.openwrt.org/releases/19.07.7/targets/ramips/mt76x8/openwrt-19.07.7-ramips-mt76x8-miwifi-nano-squashfs-sysupgrade.bin --output openwrt-19.07.7-ramips-mt76x8-miwifi-nano-squashfs-sysupgrade.bin

Install the firmware:
mtd -r write /tmp/openwrt-19.07.7-ramips-mt76x8-miwifi-nano-squashfs-sysupgrade.bin firmware

Wait some time.
Done