Posted: Sun Jun 06, 2021 19:20 Post subject: R7800 SSH Connection refused
Hi All,
after a power loss yesterday (blown fuse) the SSH connection to my R7800 is refuse to accept connections. (Telnet is working and OK)
I was using dd-wrt r46716 then upgraded to r46885. Still NOK
Joined: 16 Nov 2015 Posts: 6434 Location: UK, London, just across the river..
Posted: Sun Jun 06, 2021 19:28 Post subject:
smell s like, you need to reset and reflash + manual rebuild...nothing was changed on dropbear recently..
and my SSh is working...well..not tested on the R7800 router yet, as im away of it...but generally speaking...SSh is fine... check your settings first...! _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55630 WAP
TP-Link WR1043NDv2 -DD-WRT 55723 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55779 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55779 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55779 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
I´ve tried a factory reset, then restored a working backup. (same revision).
Still not working...
Old, working, syslog looks like this:
Code:
Jan 1 01:00:53 StellarCom authpriv.info dropbear[989]: Running in background
And now, after boot:
Code:
Jan 1 01:01:05 StellarCom authpriv.info dropbear[993]: Early exit: String too long
Jan 1 01:01:05 StellarCom user.info : dropbear : ssh daemon successfully started
Before restoring did you try SSH? Remember to enable it in services for local SSH and administration if SSH is required from outside your LAN.
Your backup maybe corrupted so to rule this out please test SSH first.
peppo wrote:
I´ve tried a factory reset, then restored a working backup. (same revision).
Still not working...
Old, working, syslog looks like this:
Code:
Jan 1 01:00:53 StellarCom authpriv.info dropbear[989]: Running in background
And now, after boot:
Code:
Jan 1 01:01:05 StellarCom authpriv.info dropbear[993]: Early exit: String too long
Jan 1 01:01:05 StellarCom user.info : dropbear : ssh daemon successfully started
Strange, really strange...
_________________ Netgear R7800 PPPoE Main Router
Network IPV4 - Isolated Vlan's with IoT Devices. Unifi AC-Pro x 3 AP's, Router Wi-Fi Disabled. OVPN Server With Paid Commercial Wireguard Client's. Gateway Mode, DNSMasq, Static Leases & DHCP, Pi-Hole DNS & Running Unbound.
No one can build you the bridge on which you, and only you, must cross the river of life!
Before restoring did you try SSH? Remember to enable it in services for local SSH and administration if SSH is required from outside your LAN.
Your backup maybe corrupted so to rule this out please test SSH first.
Yes. I´ve tried it.
Thats why I resetted the router to factory settings, then restored the backup.
I´ve restored backups before without any problems.
Can I start dropbear manually?
@ian5142
Thats bad news mate...
I hope, somehow could get it work, without doing all the work again...
Joined: 16 Nov 2015 Posts: 6434 Location: UK, London, just across the river..
Posted: Mon Jun 07, 2021 22:07 Post subject:
peppo wrote:
foz111 wrote:
Before restoring did you try SSH? Remember to enable it in services for local SSH and administration if SSH is required from outside your LAN.
Your backup maybe corrupted so to rule this out please test SSH first.
Yes. I´ve tried it.
Thats why I resetted the router to factory settings, then restored the backup.
I´ve restored backups before without any problems.
Can I start dropbear manually?
@ian5142
Thats bad news mate...
I hope, somehow could get it work, without doing all the work again...
in fact, i just saw dropbear[10880]: Early exit: String too long
This means your key is not ok or something like...i had that before, you must ve either changed it to an unsupported encryption or its a different format that doesn't match...
reset and manually reconfigure...and you will, get it to work...check your key, generate a new key with puttygen, not bigger than 2048 or 3072 RSA SSH-2 use putty to connect...place the public key inside the DDWRT box and use the private key to authorise..
restoring a back up that contain the same errors, is like doing the same mistake twice...
very common error is using back ups from a different builds, or restoring a bad back up and wondering why _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55630 WAP
TP-Link WR1043NDv2 -DD-WRT 55723 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55779 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55779 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55779 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
Not sure you understood, after factory reset and before you restored did you test SSH? (this will ensure SSH is functioning)
If its working in virgin state and not working after your restored your back up, your back up is corrupt, either a problem with your openSSH-compatible Keys or your not using "root" (NOT admin) and your password.
peppo wrote:
foz111 wrote:
Before restoring did you try SSH? Remember to enable it in services for local SSH and administration if SSH is required from outside your LAN.
Your backup maybe corrupted so to rule this out please test SSH first.
Yes. I´ve tried it.
Thats why I resetted the router to factory settings, then restored the backup.
I´ve restored backups before without any problems.
Can I start dropbear manually?
@ian5142
Thats bad news mate...
I hope, somehow could get it work, without doing all the work again...
_________________ Netgear R7800 PPPoE Main Router
Network IPV4 - Isolated Vlan's with IoT Devices. Unifi AC-Pro x 3 AP's, Router Wi-Fi Disabled. OVPN Server With Paid Commercial Wireguard Client's. Gateway Mode, DNSMasq, Static Leases & DHCP, Pi-Hole DNS & Running Unbound.
No one can build you the bridge on which you, and only you, must cross the river of life!
Not sure you understood, after factory reset and before you restored did you test SSH? (this will ensure SSH is functioning)
If its working in virgin state and not working after your restored your back up, your back up is corrupt, either a problem with your openSSH-compatible Keys or your not using "root" (NOT admin) and your password.
SRY, I was really busy lately...
I´ve tried that, and SSH is working with a "fresh" config.
If I try to restore a backup, SSH is not working again.
So... Something is happened with my backups.
I have really no idea...
Jun 26 14:15:12 StellarCom authpriv.info dropbear[18032]: Running in background
Jun 26 14:15:18 StellarCom authpriv.info dropbear[18040]: Child connection from 192.168.1.10:58934
Jun 26 14:15:21 StellarCom authpriv.notice dropbear[18040]: Password auth succeeded for 'root' from 192.168.1.10:58934
It´s working ONLY until the next reboot, because in the NVRAM is the truncated SSH-Key is saved!
But why its working with a "naked" boot???
Some idea, how to replace the SSH-Key in NVRAM with a proper one?
1: Extracted the SSH key from a "blank" config with "nvram get sshd_rsa_host_key > /opt/tmp/rsa.txt".
2: restored previous config.
3: disabled SSH
4: cleared faulty SSH Key with "nvram unset sshd_rsa_host_key"
5: Inserted key with nvram set sshd_rsa_host_key="....."
6: started SSH
7: works until NEXT reboot...
Now, I´ve tried this:
1: Disabled SSH
2: cleared all SSH Keys, "nvram unset sshd_rsa_host_key" and "root@StellarCom:~/.ssh# rm ssh_host_rsa_key"
3: Enabled SSH (SSH Key automatically generated)
4: Working after reboot IF:
(Before the power loss, my 1st post, SSH was always working...)
=> my R7800 get quickly a WAN IP. (my other attempts ALWAYS failed with/without a WAN IP)
Sometimes is my provider slow, so the R7800 won´t get an WAN IP in time. (WAN IP: 0.0.0.0)
Then SSH won´t work and it looks like this:
(not converted into the dropbear format)
Code:
root@StellarCom:~/.ssh# ll
drwx------ 3 root root 0 Jan 1 1970 ..
-rw------- 1 root root 1.6K Jan 1 1970 ssh_host_rsa_key
drwx------ 2 root root 0 Jan 1 1970 .
If SSH OK then looks like this:
(converted into dropbear format)
Code:
root@StellarCom:~/.ssh# ll
drwx------ 3 root root 0 Jan 1 1970 ..
drwx------ 2 root root 0 Jun 26 18:49 .
-rw------- 1 root root 805 Jun 26 18:49 ssh_host_rsa_key