configuring network from ssh?

[robert stephenson]

As the result of a mis-configturation, I can no longer access the web-gui of my AC87R, but I have the password and ssh access. I also can't access the web-gui locally through an ssh tunnel; apparently port forwarding is disabled.

Obviously doing a factory reset and then reinstalling asuswrt-merlin and reconfiguring is one solution, but surely with ssh it shouldn't be too difficult to re-enable the web-gui. I have looked in /etc and /www, but haven't found any likely webserver config file. Any suggestions?

Setup: running RT-AC87U_378.56-2 on an RT-AC87R. And very happy with both, so far.

 

[RMerlin]

All configuration are stored in nvram. What exact mis-configuration did you do? We'll need to know to be able to point you at the correct nvram setting to fix it.

 

[CiscoX]

As the result of a mis-configturation, I can no longer access the web-gui of my AC87R, but I have the password and ssh access. I also can't access the web-gui locally through an ssh tunnel; apparently port forwarding is disabled.

Obviously doing a factory reset and then reinstalling asuswrt-merlin and reconfiguring is one solution, but surely with ssh it shouldn't be too difficult to re-enable the web-gui. I have looked in /etc and /www, but haven't found any likely webserver config file. Any suggestions?

Setup: running RT-AC87U_378.56-2 on an RT-AC87R. And very happy with both, so far.

Hi,

I don't know if this is correct, but you can try it from SSH.

nvram set http_enable=2
nvram commit
service restart_httpd

 

[robert stephenson]

All configuration are stored in nvram. What exact mis-configuration did you do? We'll need to know to be able to point you at the correct nvram setting to fix it.

Since I did the configuration 3-months ago I can't say for sure. I suspect when locking down the gui I may have mistakenly enabled ssh thinking https, and turned off all other access. I still have the settings .CFG file, but it's all binary so I have no clue.

 

[robert stephenson]

Hi,

I don't know if this is correct, but you can try it from SSH.

nvram set http_enable=2
nvram commit
service restart_httpd

Thank you, CiscoX, that worked. PROBLEM SOLVED ;-0

 

[CiscoX]

Thank you, CiscoX, that worked. PROBLEM SOLVED ;-0

You're welcome

 

[martinr]

It can be done, but I expect you will spend more time getting it to work than you would resetting the router. I'm away from home and it's a while since I did this, but I just tested it by connecting back home with OpenVPN (simulating being behind the router) and then used Putty to ssh in.

Assumptions:

1. You are conversant with Putty, (and, if you have already set up public-private keys, thses are all in place). Keys aren't necessary -see below.

2. You have retained "admin" as the username when you log in to the router; if you changed it, just substitute.

3. You router address is 192.168.1.1; if not, substitute.

4. You left the ssh port as 22; if not, substitute.

a. Open Putty

b. Go to Sessions page and in "Host Name (or IP address)" put 192.168.1.1, and in port put 22. Don't press any buttons (yet).

c. Go down to category Conection>Data and in Auto-login username put "admin" without quotes. Still don't press any buttons just yet.

d. Now, still in the Connection category, go down to SSH>Tunnels, and in Source port put 1081. In Destination below it, put 192.168.1.1:80, now press the Add button (L1081. 192.168.1.1:80 appears in the box above) and now you can finally press the Open button at the bottom.

In my case, because I have already sey up keys, I'm asked in the Putty terminal, for the passphrase, which I enter and I then see something like: admin-AC68U-2190:/tmp/home/root#. In your case, I think you will see 'using username "admin" '. and I think it will then ask for your password, which is the same as your webgui password.

In the unlikely event that you have got this far, you now open a browser and in the address box type

http://localhost:1081

and the webgui page opens.........


Edit: CiscoX's is a much neater solution!

 

[robert stephenson]

It can be done, but I expect you will spend more time getting it to work than you would resetting the router. I'm away from home and it's a while since I did this, but I just tested it by connecting back home with OpenVPN (simulating being behind the router) and then used Putty to ssh in.

Assumptions:

1. You are conversant with Putty, (and, if you have already set up public-private keys, thses are all in place). Keys aren't necessary -see below.

2. You have retained "admin" as the username when you log in to the router; if you changed it, just substitute.

3. You router address is 192.168.1.1; if not, substitute.

4. You left the ssh port as 22; if not, substitute.

a. Open Putty

b. Go to Sessions page and in "Host Name (or IP address)" put 192.168.1.1, and in port put 22. Don't press any buttons (yet).

c. Go down to category Conection>Data and in Auto-login username put "admin" without quotes. Still don't press any buttons just yet.

d. Now, still in the Connection category, go down to SSH>Tunnels, and in Source port put 1081. In Destination below it, put 192.168.1.1:80, now press the Add button (L1081. 192.168.1.1:80 appears in the box above) and now you can finally press the Open button at the bottom.

In my case, because I have already sey up keys, I'm asked in the Putty terminal, for the passphrase, which I enter and I then see something like: admin-AC68U-2190:/tmp/home/root#. In your case, I think you will see 'using username "admin" '. and I think it will then ask for your password, which is the same as your webgui password.

In the unlikely event that you have got this far, you now open a browser and in the address box type

http://localhost:1081

and the webgui page opens.........


Edit: CiscoX's is a much neater solution!

Thanks, Martinr, for the careful instructions. For some reason still to be determined, that doesn't work for me. Not using the ssh commandline (I'm on ubuntu), nor using putty as you suggested. Port forwarding IS turned on in the administration tab. I thought perhaps it was just something stupid on my part, but after following your instructions to the letter with no greater success, I wonder whether port forwarding is really enabled or not. But, in any case, I am no longer locked out so it's time to move on.
- Rob

 

[martinr]

Thanks, Martinr, for the careful instructions. For some reason still to be determined, that doesn't work for me. Not using the ssh commandline (I'm on ubuntu), nor using putty as you suggested. Port forwarding IS turned on in the administration tab. I thought perhaps it was just something stupid on my part, but after following your instructions to the letter with no greater success, I wonder whether port forwarding is really enabled or not. But, in any case, I am no longer locked out so it's time to move on.
- Rob

Not a problem; the important thing is that you're sorted. And I've refreshed my memory about SSH (and will update my notebook) and I've learned something from CiscoX. So, a good result all round.