I download file OpenWrt-ImageBuilder-15.05-ar71xx-generic.Linux-x86_64.tar.bz2 following link https://downloads.openwrt.org/chaos_cal … 64.tar.bz2
to make my own firmware.
when I flash to my router i can not telnet ssh or winscp, ping 192.168.1.1 only respone about 5 times and not respone but wifi and wire lan connected to router OK
i found this file only 134Mb and BB,DD version about 500MB, something wrong with this file?
Now i only connect to router by failsafe, Please tell me how to tranfer firmware file to /tmp/ on router!
Topic: something wrong on 15.5 now
The content of this topic has been archived between 30 Mar 2018 and 23 Apr 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.
Now i only connect to router by failsafe, Please tell me how to tranfer firmware file to /tmp/ on router!
Netcat probably. Last time I had a similar problem I found enough information on the wiki to lead me out of it.
I read NETCAT but i can not send file from windows to router.
on window I change to directory that have NC.exe and flash.bin firmware then I run command:
nc -lvp 2222 > flash.bin
it showed listening on [any] 2222....
i used putty connect router(failsafe)
nc 192.168.1.1 2222 < flash.bin
but it show
"BusyBox v1.24.1 (2015-12-07 17:07:21 CET) multi-call binary.
Usage: nc [IPADDR PORT]
Open a pipe to IP:PORT"
so i can not tranfer firmware file to /tmp/ router directory.
please tell me more!
(Last edited by dktn on 3 Mar 2016, 16:54)
Hi,
Based on instructions under "netcat Indirect method" on this page:
https://wiki.openwrt.org/doc/howto/generic.sysupgrade
you should run on your Windows laptop:
nc -l -p 2222 < flash.bin
and on your OpenWRT box run:
nc 192.168.1.1 2222 > /tmp/flash.bin
This is slightly modified to remove the pv command which I'm assuming will not be installed on your Windows box. My 2 cents, YMMV....
Clemmitt
sorry My router IP: 192.168.1.1, My PC IP: 192.168.1.2
On PC I tyre:
nc -l -p 2222 < flash.bin
but nothing happpen, no word appear.
on router
nc 192.168.1.2 2222 > /tmp/flash.bin
and nothing happen.
i known router may work as server and listening from client but on router only acept Usage: nc [IPADDR PORT] Open a pipe to IP:PORT on bysy box?
Sorry, I'm not very experienced with Windows command prompt usage, except with Cygwin (UNIX environment for Windows). If Windows doesn't use "<" for stdin redirection you may need to pipe it in this way:
cat flash.bin | nc -l -p 2222
On the router I think you're right:
nc 192.168.1.2 2222 > /tmp/flash.bin
Please try reading the webpage I sent in my last post. It knows more than I do Again, HTH.
Clemmitt
(Last edited by cmsigler on 4 Mar 2016, 02:50)
i try on unbuntu but I do not known the way to connect in linux as putty on windows i connect. I use
telnet 192.168.1.1
it say refuse to connect.
I use
ssh 192.168.1.1 but it show printfinger, dropbear. I do not know what to do.
thank you so much
how to tranfer firmware file to /tmp/ on router?
set a mini web server on pc(ie. 192.168.1.100) hosts a firmware file
then you can :
wget http://192.168.1.100/firmware.bin
hoping this helps
This help but why netcat not work router as server by openwrt
Thanks
Hi,
i try on unbuntu
Good, at least I am conversant with Linux
I use telnet 192.168.1.1 it say refuse to connect.
The latest versions of OpenWRT have the telnet daemon disabled by default for security.
I use ssh 192.168.1.1 but it show printfinger, dropbear.
I think you need to do this:
ssh root@192.168.1.1
so you connect as the root user. If you haven't set a password you'll be logged in without one. HTH.
Clemmitt
I run command ssh root@192.168.1.1 and it show:
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
SHA256:AAyXTygEdmdP4/rj0ZWH5diHfAdh+rg70Y39bet5rTk.
Please contact your system administrator.
Add correct host key in /home/huy/.ssh/known_hosts to get rid of this message.
Offending RSA key in /home/huy/.ssh/known_hosts:1
remove with:
ssh-keygen -f "/home/huy/.ssh/known_hosts" -R 192.168.1.1
RSA host key for 192.168.1.1 has changed and you have requested strict checking.
Host key verification failed."
can you show how to disable it for me or the way i can follow(i could follow the command)
thanks
Hi,
Offending RSA key in /home/huy/.ssh/known_hosts:1
remove with:
ssh-keygen -f "/home/huy/.ssh/known_hosts" -R 192.168.1.1
can you show how to disable it for me or the way i can follow(i could follow the command)
Did you try that ssh-keygen command it gave you?
The other way is brute force. Use vim to edit /home/huy/.ssh/known_hosts and remove the line containing the address 192.168.1.1 (I think it's the first line in that file?). HTH.
Clemmitt
I did ssh-keygen, but i do not know how to tranfer Rsa_pulic to router, can you type the command i can do it. I check in /home/huy/.ssh/known_hosts and do not have "192.168.1.1".
I did ssh-keygen, but i do not know how to tranfer Rsa_pulic to router, can you type the command i can do it. I check in /home/huy/.ssh/known_hosts and do not have "192.168.1.1".
You shouldn't have to transfer a public key to the router. It should just allow you to log in by running:
ssh root@192.168.1.1
This always works for me with both OpenWRT and dd-wrt. If you get the error message:
"WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!"
then there is still an entry for IP address 192.168.1.1 left over in /home/huy/.ssh/known_hosts. Simple solution:
rm -i /home/huy/.ssh/known_hosts
and answer "y" to remove the file. Then the next time you use ssh it will ask you if you want to connect. Say "yes" and Bob's your uncle
Clemmitt
You shouldn't have to transfer a public key to the router. It should just allow you to log in by running:
ssh root@192.168.1.1
This always works for me...
Then it must be true... unless (Reading The Fine Web) -
StrictHostKeyChecking
If this flag is set to ''yes'', ssh(1) will never automatically add host keys to the ~/.ssh/known_hosts file, and refuses to connect to hosts whose host key has changed. This provides maximum protection against trojan horse attacks, though it can be annoying when the /etc/ssh/ssh_known_hosts file is poorly maintained or when connections to new hosts are frequently made. This option forces the user to manually add all new hosts. If this flag is set to ''no'', ssh will automatically add new host keys to the user known hosts files. If this flag is set to ''ask'', new host keys will be added to the user known host files only after the user has confirmed that is what they really want to do, and ssh will refuse to connect to hosts whose host key has changed. The host keys of known hosts will be verified automatically in all cases. The argument must be ''yes'', ''no'', or ''ask''. The default is ''ask''.
ssh 192.168.1.1 -o StrictHostKeyChecking=no
I try many times to ssh to router not ok. finaly i use command
"ssh-keygen -f "/root/.ssh/known_hosts" -R 192.168.1.1"
then I connected now.
I try many times to ssh to router not ok. finaly i use command
"ssh-keygen -f "/root/.ssh/known_hosts" -R 192.168.1.1"
then I connected now.
Glad it's working
Hi,
Based on instructions under "netcat Indirect method" on this page:
https://wiki.openwrt.org/doc/howto/generic.sysupgrade
you should run on your Windows laptop:
nc -l -p 2222 < flash.bin
and on your OpenWRT box run:
nc 192.168.1.1 2222 > /tmp/flash.bin
This is slightly modified to remove the pv command which I'm assuming will not be installed on your Windows box. My 2 cents, YMMV....
Clemmitt
Shouldn't the '192.168.1.1' be replaced with the IP of his Windows computer in the command 'nc 192.168.1.1 2222 > /tmp/flash.bin'?
dktn wrote:I try many times to ssh to router not ok. finaly i use command
"ssh-keygen -f "/root/.ssh/known_hosts" -R 192.168.1.1"
then I connected now.Glad it's working
thank you so much. after that i flash firmware now.
I try to know about dropbear, please help me:
i copy id_rsa.pub to /tmp on router
scp /home/huy/.ssh/id_rsa.pub root@192.168.1.1:/tmp
then
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
SHA256:Z1xYwyeV8xC9EOwUPrirhw/kJ4BCC2Y+wx3MLLKXuc8.
Please contact your system administrator.
Add correct host key in /root/.ssh/known_hosts to get rid of this message.
Offending RSA key in /root/.ssh/known_hosts:1
remove with:
ssh-keygen -f "/root/.ssh/known_hosts" -R 192.168.1.1
RSA host key for 192.168.1.1 has changed and you have requested strict checking.
Host key verification failed.
lost connection
it means there is finggerprint:
SHA256:Z1xYwyeV8xC9EOwUPrirhw/kJ4BCC2Y+wx3MLLKXuc8
please tell me what can i do now?
Hi,
This is the same error you had earlier, right? How did you solve it before? (Another solution is:
sudo rm /root/.ssh/known_hosts )
I'm also wondering why you want to copy your public key file id_rsa.pub to the router. I'm sure I'm backwards, but I just log in with my password. Are you following instructions from a webpage on this website, or on another website? I'm confused as to why you want to log in using public key authentication.
Once you fix this problem a second time, can you copy the flash.bin file to /tmp on the router using scp on Linux?
scp flash.bin root@192.168.1.1:/tmp
HTH.
Clemmitt
Hi,
Shouldn't the '192.168.1.1' be replaced with the IP of his Windows computer in the command 'nc 192.168.1.1 2222 > /tmp/flash.bin'?
Thank you for picking up on that dktn figured that out -- please see post 5.
Clemmitt
It work now.
* In windows PC do:
- I have NC directory with Netcat program and flash.bin in path C:\NC
run cmd.exe go to C;\NC :
C:\NC\nc -l -p 2222 < flash.bin # sign " < " for copy from PC to router or ">" for reverse
In router:
-connect to router by putty run command
nc 192.168.1.2 > /tmp/flash.bin #192.168.1.2 IP of PC
but I do not know when It finish tranfer firmware file, info do not apaer on screen.
* In linux:
- copy file to directory that run command "terminal here" run command
cat ~/path to ../flash.bin | pv -b | nc -L -p 2222
- connect to router and run:
ssh root@192.168.1.1
nc 192.168.1.2 > /tmp/flash.bin
I do it for someone have problem like me.
this topic help me to know about dropber
* without id-rsa keygen, connect to router:
- delete id-rsa, id-rsa.pub, known_hosts...
and run
ssh-keygen -f "/root/.ssh/known_hosts" -R 192.168.1.1
* with id-rsa, keygen
ssh-keygen
scp ~/.shh/id-rsa.pub root@192.168.1.1:/tmp # copy id-rsa to /tmp directory of router, 192.168.1.1 IP f router
ssh root@192.169.1.1 #logon router
cat /tmp/id-rsa.pub >> /etc/dropbear/authorized.keys # copy contend id-rsa.pub to authorized.keys.
chmod 700 /etc/dropbear
chmod 600 /etc/dropbear/authorized.keys.
thank you for help me.
You know in stock firmware modem to setting portforwad and DMZ very simple, itry to setting openwrt router many times but not success.
for example i 'd like openrt port 3389 for VNC in firewall file i type:
config 'redirect'
option 'name' 'VNC'
option 'src' 'wan'
option 'proto' 'tcpudp'
option 'src_dport' '3389'
option 'dest_ip' '192.168.1.2'
option 'dest_port' '3389'
option 'target' 'DNAT'
option 'dest' 'lan'
so port 3389 not open, I check on www.canyouseeme.org
please tell me how i can do?
(Last edited by dktn on 5 Mar 2016, 09:28)
Hi,
It work now. thank you for help me.
You're very welcome
* In linux:
- copy file to directory that run command "terminal here" run command
cat ~/path to ../flash.bin | pv -b | nc -L -p 2222
- connect to router and run:
ssh root@192.168.1.1
nc 192.168.1.2 > /tmp/flash.bin
I do it for someone have problem like me.
I need to correct your commands. What you typed won't work right. In Linux:
cat ~/path/to/flash.bin | pv -b | nc -l -p 2222
The lower case "-l" is important. "-L" is not a valid switch. On the router:
nc 192.168.1.2 2222 > /tmp/flash.bin
because you forgot to give the port to connect to!
You know in stock firmware modem to setting portforwad and DMZ very simple, itry to setting openwrt router many times but not success.
for example i 'd like openrt port 3389 for VNC in firewall
This is a more complicated topic than copying your firmware flash.bin file to your router for flashing/recovery. Please read OpenWRT firewall docs here:
https://wiki.openwrt.org/doc/uci/firewall
There are many simple examples which do what you want to do at the bottom of that page. If you are able (enough ROM on your router), you can also install LuCI for easy configuration in a web browser.
At this point, please see this post and read the documentation. You're now on your way to learning all about OpenWRT
Clemmitt
This is a more complicated topic than copying your firmware flash.bin file to your router for flashing/recovery. Please read OpenWRT firewall docs here:
i had read beore so it diffical to understand so well.
in firewall file have some example like this
# port redirect port coming in on wan to lan
#config redirect
# option src wan
# option src_dport 80
# option dest lan
# option dest_ip 192.168.16.235
# option dest_port 80
# option proto tcp
#config rule
# option src lan
# option src_ip 192.168.45.2
# option src_mac 00:11:22:33:44:55
# option src_port 80
# option dest wan
# option dest_ip 194.25.2.129
# option dest_port 120
# option proto tcp
# option target REJECT
#config redirect
# option src lan
# option src_ip 192.168.45.2
# option src_mac 00:11:22:33:44:55
# option src_port 1024
# option src_dport 80
# option dest_ip 194.25.2.129
# option dest_port 120
# option proto tcp
I try following these example but not success
option src wan
option src_dport 3389
option dest lan
option dest_ip 192.168.1.2
option dest_port 3389
option proto tcp
that means portforward on 3389 port to 192.168.1.2 IP on Lan
but i check canyouseeme.org not success.
or in luci i go: network/firewall/porforwards
Name cell:RDP
protocol cell:tcp+udp
external zone:Wan
internal zone:Lan
internal port:3389
click" add "button then "save an apply." button
that add some lines in firewall file:
config redirect
option enabled '1'
option target 'DNAT'
option src 'wan'
option dest 'lan'
option proto 'tcpudp'
option src_dport '3389'
option dest_ip '192.168.1.2'
option dest_port '3389'
option name 'RPD
My Internal address: 192.168.1.2 IP of PC on Lan
check port not success?
(Last edited by dktn on 5 Mar 2016, 15:21)
I add to firewall some lines so it not work
config redirect
option target 'DNAT'
option src 'wan'
option dest 'lan'
option proto 'tcp'
option src_dport '3389'
option dest_port '3389'
option name 'RPD'
option dest_ip '192.168.1.134'
config rule
option enabled '1'
option target 'ACCEPT'
option src 'wan'
option name 'RPD'
option family 'ipv4'
option src_port '3389'
option dest_port '3389'
option dest_ip '192.168.1.134'
option dest '*'
plaese help me for right way.
(Last edited by dktn on 5 Mar 2016, 16:05)