OpenSSH problems Netgear R7000

Post new topic   Reply to topic    DD-WRT Forum Index -> Broadcom SoC based Hardware
View previous topic :: View next topic  
Author Message
jrussell88
DD-WRT User


Joined: 01 May 2009
Posts: 64
PostPosted: Thu May 13, 2021 23:59    Post subject: OpenSSH problems Netgear R7000 Reply with quote
I've installed opkg and openssh, but I'm having problems getting openssh to run.

The Wiki instructions https://wiki.dd-wrt.com/wiki/index.php/OpenSSH_on_R7000#Installing_OpenSSH say to replace the library path for dropbear with that for openssh and run it with:
Code:
LD_LIBRARY_PATH=/opt/usr/lib /opt/sbin/sshd -f /opt/etc/ssh/sshd_config

after adding the line:
Quote:
UsePrivilegeSeparation no

to /opt/etc/ssh/sshd_config

That generates an error when I try to update LD_LIBRARY_PATH:
Quote:
/opt/etc/ssh/sshd_config line 107: Deprecated option UsePrivilegeSeparation
Privilege separation user sshd does not exist


I added user sshd to /etc/passwd:
Code:
echo "sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin" >> /etc/passwd

and groups:
Code:
echo "sshd:x:74:" >> /etc/group


With these changes the update to LD_LIBRARY_PATH doesn't return an error and runs openssh.

Without it, the LD_LIBRARY_PATH returns an error:
Quote:
Privilege separation user sshd does not exist


When I put these commands in the startup section of the web interface, or run from the Command interface, the LD_LIBRARY_PATH command doesn't run, and must be run manually from SSH.
Code:
sleep 20
dropbearconvert dropbear openssh /tmp/root/.ssh/ssh_host_rsa_key /tmp/root/.ssh/openssh_host_rsa_key
echo "sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin" >> /etc/passwd
echo "sshd:x:74:" >> /etc/group
# Start OpenSSH
LD_LIBRARY_PATH=/opt/usr/lib /opt/sbin/sshd -f /opt/etc/ssh/sshd_config


I'd like to start openssh automatically, and stop dropbear from running.

Can anyone suggest how to get this working?
Back to top View user's profile Send private message
Sponsor
kernel-panic69
DD-WRT Guru


Joined: 08 May 2018
Posts: 14217
Location: Texas, USA
PostPosted: Fri May 14, 2021 0:21    Post subject: Reply with quote
Considering that wiki hasn't been updated in nearly 4 years, there is no telling what changes may affect it's usefulness.
Quote:
This page was last modified 18:18, 19 November 2017

_________________
"Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT
Pogo - A minimal level of ability is expected and needed...
DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)
----------------------
Linux User #377467 counter.li.org / linuxcounter.net
Back to top View user's profile Send private message Visit poster's website
jrussell88
DD-WRT User


Joined: 01 May 2009
Posts: 64
PostPosted: Sat May 15, 2021 15:10    Post subject: Reply with quote
Quote:
Considering that wiki hasn't been updated in nearly 4 years, there is no telling what changes may affect it's usefulness.
Quote:
This page was last modified 18:18, 19 November 2017


Yes, however afaik it's the last detailed advice I could find. After many attempts I got OpenSSH working and as I don't have an account to edit the Wiki I'll post my resolution here in the hope that it helps the next person who has problems getting OpenSSH to work. Or me in a future life.

I'm running Firmware: DD-WRT v3.0-r44719 std (11/04/20) on a Linksys EA8500. StrictChecking is enabled for OpenSSH on my Ubuntu 20.04 client.

I wanted to specify a different port to 22 for Dropbear and OpenSSH, say 31883, and replace Dropbear with OpenSSH, which requires stopping Dropbear then starting OpenSSH. This has to be done by the Startup file in the Commands section of Administration.

My working Startup file is:
Code:
dropbearconvert dropbear openssh /tmp/root/.ssh/ssh_host_rsa_key /tmp/root/.ssh/openssh_host_rsa_key
# dropbearconvert dropbear openssh /tmp/root/.ssh/ssh_host_dss_key /tmp/root/.ssh/openssh_host_dsa_key
echo "sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin" >> /etc/passwd
echo "sshd:x:74:" >> /etc/group
killall dropbear
sleep 20
#LD_LIBRARY_PATH=/opt/usr/lib /opt/sbin/sshd -f /opt/etc/ssh/sshd_config
/opt/sbin/sshd -f /opt/etc/ssh/sshd_config


The dropbearconvert lines copy Dropbear's keys to OpenSSH. I use RSA keys so I commented out DSA.

The 'echo' lines set up an sshd account to avoid the error:
Quote:
Privilege separation user sshd does not exist


Dropbear is stopped, a delay, then OpenSSH is started.
Quote:
LD_LIBRARY_PATH=/opt/usr/lib
is commented out because that is already in my PATH variable.

As per the Wiki article, my /opt/etc/ssh/sshd_config is:
Code:
#   $OpenBSD: sshd_config,v 1.103 2018/04/09 20:41:22 tj Exp $
Port 31883
HostKey /tmp/root/.ssh/openssh_host_rsa_key
AuthorizedKeysFile   .ssh/authorized_keys
ClientAliveInterval 60
ClientAliveCountMax 3
PermitTunnel yes
# To fix FileZilla 'FATAL ERROR: Received unexpected end-of-file from SFTP server'
Subsystem      sftp    internal-sftp


FileZilla requires the change to the sftp subsytem setting.

The commands - which I'm quoting as the order of parameters is important at least for sftp - are:

Code:
~$ ssh root@192.168.1.1 -p 31883 -o TCPKeepAlive=yes -C
~$ sftp -P 31883 root@192.168.1.1


So all is now working.
Back to top View user's profile Send private message
kernel-panic69
DD-WRT Guru


Joined: 08 May 2018
Posts: 14217
Location: Texas, USA
PostPosted: Sat May 15, 2021 19:37    Post subject: Reply with quote
So exactly what was the purpose of all of this, if I may ask?
_________________
"Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT
Pogo - A minimal level of ability is expected and needed...
DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)
----------------------
Linux User #377467 counter.li.org / linuxcounter.net
Back to top View user's profile Send private message Visit poster's website
jrussell88
DD-WRT User


Joined: 01 May 2009
Posts: 64
PostPosted: Sat May 15, 2021 20:02    Post subject: Reply with quote
To solve a problem and help other users.

Why do you ask?
Back to top View user's profile Send private message
kernel-panic69
DD-WRT Guru


Joined: 08 May 2018
Posts: 14217
Location: Texas, USA
PostPosted: Sun May 16, 2021 3:39    Post subject: Reply with quote
What problem were you trying to solve? Secure file transfers to the router? I was thinking larger picture as to why you'd want openssh on the router vs. dropbear.
_________________
"Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT
Pogo - A minimal level of ability is expected and needed...
DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)
----------------------
Linux User #377467 counter.li.org / linuxcounter.net
Back to top View user's profile Send private message Visit poster's website
puremind
DD-WRT Novice


Joined: 03 Jul 2019
Posts: 14
PostPosted: Sat Jun 26, 2021 10:46    Post subject: Reply with quote
jrussell88 wrote:
Quote:
Considering that wiki hasn't been updated in nearly 4 years, there is no telling what changes may affect it's usefulness.
Quote:
This page was last modified 18:18, 19 November 2017


Yes, however afaik it's the last detailed advice I could find. After many attempts I got OpenSSH working and as I don't have an account to edit the Wiki I'll post my resolution here in the hope that it helps the next person who has problems getting OpenSSH to work. Or me in a future life.

I'm running Firmware: DD-WRT v3.0-r44719 std (11/04/20) on a Linksys EA8500. StrictChecking is enabled for OpenSSH on my Ubuntu 20.04 client.

I wanted to specify a different port to 22 for Dropbear and OpenSSH, say 31883, and replace Dropbear with OpenSSH, which requires stopping Dropbear then starting OpenSSH. This has to be done by the Startup file in the Commands section of Administration.

My working Startup file is:
Code:
dropbearconvert dropbear openssh /tmp/root/.ssh/ssh_host_rsa_key /tmp/root/.ssh/openssh_host_rsa_key
# dropbearconvert dropbear openssh /tmp/root/.ssh/ssh_host_dss_key /tmp/root/.ssh/openssh_host_dsa_key
echo "sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin" >> /etc/passwd
echo "sshd:x:74:" >> /etc/group
killall dropbear
sleep 20
#LD_LIBRARY_PATH=/opt/usr/lib /opt/sbin/sshd -f /opt/etc/ssh/sshd_config
/opt/sbin/sshd -f /opt/etc/ssh/sshd_config


The dropbearconvert lines copy Dropbear's keys to OpenSSH. I use RSA keys so I commented out DSA.

The 'echo' lines set up an sshd account to avoid the error:
Quote:
Privilege separation user sshd does not exist


Dropbear is stopped, a delay, then OpenSSH is started.
Quote:
LD_LIBRARY_PATH=/opt/usr/lib
is commented out because that is already in my PATH variable.

As per the Wiki article, my /opt/etc/ssh/sshd_config is:
Code:
#   $OpenBSD: sshd_config,v 1.103 2018/04/09 20:41:22 tj Exp $
Port 31883
HostKey /tmp/root/.ssh/openssh_host_rsa_key
AuthorizedKeysFile   .ssh/authorized_keys
ClientAliveInterval 60
ClientAliveCountMax 3
PermitTunnel yes
# To fix FileZilla 'FATAL ERROR: Received unexpected end-of-file from SFTP server'
Subsystem      sftp    internal-sftp


FileZilla requires the change to the sftp subsytem setting.

The commands - which I'm quoting as the order of parameters is important at least for sftp - are:

Code:
~$ ssh root@192.168.1.1 -p 31883 -o TCPKeepAlive=yes -C
~$ sftp -P 31883 root@192.168.1.1


So all is now working.


Thanks man, this worked in Jun 2021 with my Firmware: DD-WRT v3.0-r45928 std (03/06/21) on a R8500

Used to have sftp working under dropbear and a different port but not working for some reason, your method working fine here, saved me time.
_________________
Netgear R8500
Back to top View user's profile Send private message
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Broadcom SoC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum