DD-WRT :: View topic - R7800 SSH Connection refused

R7800 SSH Connection refused

DD-WRT Forum Index -> Atheros WiSOC based Hardware

Goto page 1, 2 Next

View previous topic :: View next topic

Author

Message

peppo
DD-WRT Novice

Joined: 26 Jul 2015
Posts: 27

Posted: Sun Jun 06, 2021 19:20 Post subject: R7800 SSH Connection refused

Hi All,

after a power loss yesterday (blown fuse) the SSH connection to my R7800 is refuse to accept connections. (Telnet is working and OK)
I was using dd-wrt r46716 then upgraded to r46885. Still NOK

Putty: connection refused
Tera Term: connection refused

via Telnet:

Code:

root@StellarCom:~# ssh 192.168.1.1

ssh: Connection to root@192.168.1.1:22 exited: Connect failed: Connection refused

In syslog getting the Message:

Code:

Jun 6 21:08:51 StellarCom authpriv.info dropbear[10880]: Early exit: String too long

I took a Wireshark Record and the router disconnects with RST flag...

Code:

Frame 146: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface \Device\NPF_{C1C237B4-6CB1-4127-B3A8-51A769CC4FA6}, id 0
Ethernet II, Src: StellarCom.BabCom (9c:c9:eb:15:XX:XX), Dst: babylon-5.BabCom (2c:fd:a1:6d:XX:XX)
Internet Protocol Version 4, Src: StellarCom.BabCom (192.168.1.1), Dst: babylon-5.BabCom (192.168.1.10)
Transmission Control Protocol, Src Port: 22, Dst Port: 52941, Seq: 1, Ack: 1, Len: 0
Source Port: 22
Destination Port: 52941
[Stream index: 10]
[TCP Segment Len: 0]
Sequence Number: 1 (relative sequence number)
Sequence Number (raw): 0
[Next Sequence Number: 1 (relative sequence number)]
Acknowledgment Number: 1 (relative ack number)
Acknowledgment number (raw): 415067722
0101 .... = Header Length: 20 bytes (5)
Flags: 0x014 (RST, ACK)
Window: 0
[Calculated window size: 0]
[Window size scaling factor: -1 (unknown)]
Checksum: 0xd689 [unverified]
[Checksum Status: Unverified]
Urgent Pointer: 0
[SEQ/ACK analysis]
[Timestamps]

It seems, that the dropbear process not properly working anymore.
Have somebody an Idea, how can I fix this?

Thanx
Peppo

Sponsor

Alozaros
DD-WRT Guru

Joined: 16 Nov 2015
Posts: 6434
Location: UK, London, just across the river..

Posted: Sun Jun 06, 2021 19:28 Post subject:

smell s like, you need to reset and reflash + manual rebuild...nothing was changed on dropbear recently..
and my SSh is working...well..not tested on the R7800 router yet, as im away of it...but generally speaking...SSh is fine... check your settings first...!
_________________
Atheros
TP-Link WR740Nv1 ---DD-WRT 55630 WAP
TP-Link WR1043NDv2 -DD-WRT 55723 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55779 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55779 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55779 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913

ian5142
DD-WRT Guru

Joined: 23 Oct 2013
Posts: 2319
Location: Canada

Posted: Sun Jun 06, 2021 19:45 Post subject: Same thing

I had this happen to my R7800 as well. It seems like it may be time to manually input all of my settings again.

Yay, 1-2 hours of my time.
_________________
Before asking a question on the forums, update dd-wrt: Where do I download firmware? I suggest reading it all.
QCA Best WiFi Settings

Some dd-wrt wiki pages are up to date, others are not. PM me if you find an old one.

Atheros:
Netgear R7800 x3 - WDS AP / station, gateway, QoS
TP-Link Archer C7 v2 x2 - WDS Station
TP-Link TL-WDR3600 v1 - WDS Station
TP-Link 841nd v8 - NU
D-Link 615 C1/E3/I1 x 7 - 1 WDS station
D-Link 825 B1 - NU
D-Link 862L A1 x2 - WDS Station
Netgear WNDR3700v2 - NU
UBNT loco M2 x2 - airOS

Broadcom
Linksys EA6400 - Gateway, QoS
Asus N66U - AP
Netgear WNDR3700v3 - not used
MediaTek
UBNT EdgeRouter X - switch

peppo
DD-WRT Novice

Joined: 26 Jul 2015
Posts: 27

Posted: Sun Jun 06, 2021 19:55 Post subject:

I´ve tried a factory reset, then restored a working backup. (same revision).
Still not working...

Old, working, syslog looks like this:

Code:

Jan 1 01:00:53 StellarCom authpriv.info dropbear[989]: Running in background

And now, after boot:

Code:

Jan 1 01:01:05 StellarCom authpriv.info dropbear[993]: Early exit: String too long
Jan 1 01:01:05 StellarCom user.info : dropbear : ssh daemon successfully started

Strange, really strange...

foz111
DD-WRT Guru

Joined: 01 Oct 2017
Posts: 705
Location: Earth

Posted: Mon Jun 07, 2021 14:10 Post subject:

Before restoring did you try SSH? Remember to enable it in services for local SSH and administration if SSH is required from outside your LAN.
Your backup maybe corrupted so to rule this out please test SSH first.

peppo wrote:

I´ve tried a factory reset, then restored a working backup. (same revision).
Still not working...

Old, working, syslog looks like this:

Code:

Jan 1 01:00:53 StellarCom authpriv.info dropbear[989]: Running in background

And now, after boot:

Code:

Jan 1 01:01:05 StellarCom authpriv.info dropbear[993]: Early exit: String too long
Jan 1 01:01:05 StellarCom user.info : dropbear : ssh daemon successfully started

Strange, really strange...

_________________
Netgear R7800 PPPoE Main Router
Network IPV4 - Isolated Vlan's with IoT Devices. Unifi AC-Pro x 3 AP's, Router Wi-Fi Disabled. OVPN Server With Paid Commercial Wireguard Client's. Gateway Mode, DNSMasq, Static Leases & DHCP, Pi-Hole DNS & Running Unbound.

No one can build you the bridge on which you, and only you, must cross the river of life!

peppo
DD-WRT Novice

Joined: 26 Jul 2015
Posts: 27

Posted: Mon Jun 07, 2021 17:31 Post subject:

foz111 wrote:

Yes. I´ve tried it.
Thats why I resetted the router to factory settings, then restored the backup.

I´ve restored backups before without any problems.

Can I start dropbear manually?

@ian5142
Thats bad news mate...
I hope, somehow could get it work, without doing all the work again... Sad

Alozaros
DD-WRT Guru

Joined: 16 Nov 2015
Posts: 6434
Location: UK, London, just across the river..

Posted: Mon Jun 07, 2021 22:07 Post subject:

peppo wrote:

foz111 wrote:

Yes. I´ve tried it.
Thats why I resetted the router to factory settings, then restored the backup.
I´ve restored backups before without any problems.
Can I start dropbear manually?

@ian5142
Thats bad news mate...
I hope, somehow could get it work, without doing all the work again... Sad

in fact, i just saw dropbear[10880]: Early exit: String too long

This means your key is not ok or something like...i had that before, you must ve either changed it to an unsupported encryption or its a different format that doesn't match...

reset and manually reconfigure...and you will, get it to work...check your key, generate a new key with puttygen, not bigger than 2048 or 3072 RSA SSH-2 use putty to connect...place the public key inside the DDWRT box and use the private key to authorise..

restoring a back up that contain the same errors, is like doing the same mistake twice... Laughing

very common error is using back ups from a different builds, or restoring a bad back up and wondering why Razz

_________________
Atheros
TP-Link WR740Nv1 ---DD-WRT 55630 WAP
TP-Link WR1043NDv2 -DD-WRT 55723 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55779 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55779 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55779 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913

kernel-panic69
DD-WRT Guru

Joined: 08 May 2018
Posts: 14207
Location: Texas, USA

Posted: Tue Jun 08, 2021 0:57 Post subject:

It also depends on PuTTY configuration, if you are using password OR key authentication.
_________________
"Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT
Pogo - A minimal level of ability is expected and needed...
DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)
----------------------
Linux User #377467 counter.li.org / linuxcounter.net

foz111
DD-WRT Guru

Joined: 01 Oct 2017
Posts: 705
Location: Earth

Posted: Tue Jun 08, 2021 8:04 Post subject:

Not sure you understood, after factory reset and before you restored did you test SSH? (this will ensure SSH is functioning)
If its working in virgin state and not working after your restored your back up, your back up is corrupt, either a problem with your openSSH-compatible Keys or your not using "root" (NOT admin) and your password.

peppo wrote:

foz111 wrote:

peppo
DD-WRT Novice

Joined: 26 Jul 2015
Posts: 27

Posted: Sat Jun 26, 2021 10:46 Post subject:

foz111 wrote:

SRY, I was really busy lately...
I´ve tried that, and SSH is working with a "fresh" config.

If I try to restore a backup, SSH is not working again.
So... Something is happened with my backups.
I have really no idea...

Nvram contains only that about ssh...

Code:

nvram show | grep ssh

limit_ssh=1
sshd_passwd_auth=1
sshd_wanport=22
sshd_authorized_keys=
remote_mgt_ssh=0
sshd_port=22
sshd_forwarding=0
sshd_enable=1
sshd_rsa_host_key=-----BEGIN RSA PRIVATE KEY-----

It looks like, that I need manually rebuild my config, like ian5142... Sh*t... Sad

Edit:
I found this:

Quote:

https://svn.dd-wrt.com/ticket/3802
SSHd crash on TP-LINK MR3020 with r25527 after hard reset

So... My RSA-Key looks "wrong", especially the end for me.
How can I generate it new?

Code:

root@StellarCom:~/.ssh# cat ssh_host_rsa_key
-----BEGIN RSA PRIVATE KEY-----
[...]
3xg+wBWb4AZlFaMb3BFHvL8i4oAbjSWMJxQ3Mgr7QFt2+7OfiPRwRw5OIrgzVco
yLkHAoG@LeJLub1+9crLW4aX
-qtmpcIkOse5SGLn6bNwCv5/+#9xQE8lb0QLDP8
j517+px+B`FvJgQiqu7Cmohjr6FAkEWv34dzACF9REzIx2+JxOQCH9aP+dKzDB+
PWgla+b.Cx2SLQqhVitnCKko8rCJpoWD+FurPnR5naWuePCXf0-----EN RSA PBIVATE
EY-----

peppo
DD-WRT Novice

Joined: 26 Jul 2015
Posts: 27

Posted: Sat Jun 26, 2021 12:20 Post subject:

I´ve done some further experiment:

Disabled SSH and then enabled it.
=> SSH Key generated in /tmp/root/.ssh/

But it seems to be truncated at the end. (like in my post before)
And therefore not converted to the dropbear format.
Causing this:

Code:

authpriv.info dropbear[15445]: Early exit: String too long

Converting is also not working. Because the keyfile is truncated?

Code:

root@StellarCom:~/.ssh# nvram get sshd_rsa_host_key > /tmp/rsa.txt
root@StellarCom:~/.ssh# dropbearconvert openssh dropbear /tmp/rsa.txt /tmp/root/.ssh/ssh_host_rsa_key
Error: Unexpected end of file
Error reading key from '/tmp/rsa.txt'

SO...
I´ve renamed the the ssh_host_rsa_key from /tmp/root/.ssh to ssh_host_rsa_key_old
Then I´ve generated it new:

Code:

dropbearkey -f /tmp/root/.ssh/ssh_host_rsa_key -t rsa -s 2048

Then manually started dropbear.

Code:

Jun 26 14:15:12 StellarCom authpriv.info dropbear[18032]: Running in background
Jun 26 14:15:18 StellarCom authpriv.info dropbear[18040]: Child connection from 192.168.1.10:58934
Jun 26 14:15:21 StellarCom authpriv.notice dropbear[18040]: Password auth succeeded for 'root' from 192.168.1.10:58934

It´s working ONLY until the next reboot, because in the NVRAM is the truncated SSH-Key is saved!

But why its working with a "naked" boot???
Some idea, how to replace the SSH-Key in NVRAM with a proper one?

Per Yngve Berg
DD-WRT Guru

Joined: 13 Aug 2013
Posts: 6865
Location: Romerike, Norway

Posted: Sat Jun 26, 2021 13:51 Post subject:
Use nvram get sshd_rsa_host_key grep will only show the first line of the key. The shall end with double equal signs. Try to set it with nvram set sshd_rsa_host_key="...key..."

peppo
DD-WRT Novice

Joined: 26 Jul 2015
Posts: 27

Posted: Sat Jun 26, 2021 16:33 Post subject:
I´ve tried that method also. 1: Extracted the SSH key from a "blank" config with "nvram get sshd_rsa_host_key > /opt/tmp/rsa.txt". 2: restored previous config. 3: disabled SSH 4: cleared faulty SSH Key with "nvram unset sshd_rsa_host_key" 5: Inserted key with nvram set sshd_rsa_host_key="....." 6: started SSH 7: works until NEXT reboot...

Per Yngve Berg
DD-WRT Guru

Joined: 13 Aug 2013
Posts: 6865
Location: Romerike, Norway

Posted: Sat Jun 26, 2021 16:36 Post subject:
Did you do nvram commit?

peppo
DD-WRT Novice

Joined: 26 Jul 2015
Posts: 27

Posted: Sat Jun 26, 2021 17:12 Post subject:

Yes... Still... Sad

Now, I´ve tried this:
1: Disabled SSH
2: cleared all SSH Keys, "nvram unset sshd_rsa_host_key" and "root@StellarCom:~/.ssh# rm ssh_host_rsa_key"
3: Enabled SSH (SSH Key automatically generated)
4: Working after reboot IF:
(Before the power loss, my 1st post, SSH was always working...)

=> my R7800 get quickly a WAN IP. (my other attempts ALWAYS failed with/without a WAN IP)

Sometimes is my provider slow, so the R7800 won´t get an WAN IP in time. (WAN IP: 0.0.0.0)
Then SSH won´t work and it looks like this:
(not converted into the dropbear format)

Code:

root@StellarCom:~/.ssh# ll
drwx------ 3 root root 0 Jan 1 1970 ..
-rw------- 1 root root 1.6K Jan 1 1970 ssh_host_rsa_key
drwx------ 2 root root 0 Jan 1 1970 .

If SSH OK then looks like this:
(converted into dropbear format)

Code:

root@StellarCom:~/.ssh# ll
drwx------ 3 root root 0 Jan 1 1970 ..
drwx------ 2 root root 0 Jun 26 18:49 .
-rw------- 1 root root 805 Jun 26 18:49 ssh_host_rsa_key

Goto page 1, 2 Next

Display posts from previous:

Page 1 of 2

DD-WRT Forum Index -> Atheros WiSOC based Hardware

All times are GMT

Navigation

Jump to:

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum

Log in

R7800 SSH Connection refused

Quick Links

Log in