1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice

Welcome To SNBForums

SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.

If you'd like to post a question, simply register and have at it!

While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!

AX56U 384.17 SSH LAN+WAN reverts to LAN only

Discussion in 'Asuswrt-Merlin' started by Torson, Jun 2, 2020.

  1. Torson

    Torson Regular Contributor

    Joined:
    Aug 3, 2018
    Messages:
    142
    I created a dropbear key (private & public) to be able to SSH into a remote router.
    On the remote AX56 under Administration -> System I changed the Enable SSH field to LAN + WAN pasted the public key in the respective field and applied the changes. The SSH login works one time only and then the LAN + WAN setting reverts back to LAN only.

    Basically, if you change SSH to LAN + WAN, save setting and navigate away from that page upon coming back the setting is back to LAN only.

    Anything that I may have missed in the process?
     
  2. Jack Yaz

    Jack Yaz Part of the Furniture

    Joined:
    Apr 20, 2017
    Messages:
    3,836
    If you're using Skynet this is by design - see Secure Mode in Skynet
     
    Torson likes this.
  3. Torson

    Torson Regular Contributor

    Joined:
    Aug 3, 2018
    Messages:
    142
    Thank you for the pointer.
    Code:
    firewall settings securemode  disable
    did the trick.
    I wasn't able to find though what else is being affected by the command in the WewbUI.
     
  4. Jack Yaz

    Jack Yaz Part of the Furniture

    Joined:
    Apr 20, 2017
    Messages:
    3,836
    Not advisable to allow SSH and WAN access. General recommendation is to set up OpenVPN Server and connect to that, then use SSH over the tunnel.
     
  5. Torson

    Torson Regular Contributor

    Joined:
    Aug 3, 2018
    Messages:
    142
    That's what I have now - a VPN Client connected to the OpenVPN Server on the AX56. I can manage the router, ssh into it etc.
    What I need is to be able to ssh and scp into the AX56 from the local ssh (through Putty) - all command line. It works well if I expose the WAN ssh on a different port.
    Any suggestion?
     
  6. ColinTaylor

    ColinTaylor Part of the Furniture

    Joined:
    Mar 31, 2014
    Messages:
    12,114
    Location:
    UK
    You don't need (or want) to set ssh to LAN + WAN if you are connecting through the router's VPN server. LAN should be sufficient.
     
    Torson likes this.
  7. Torson

    Torson Regular Contributor

    Joined:
    Aug 3, 2018
    Messages:
    142
    Any pointers on how to configure 2 way ssh through the OpenVPN tunnel between 2 asus merlin routers? From the command line that is...
     
  8. L&LD

    L&LD Part of the Furniture

    Joined:
    Dec 9, 2013
    Messages:
    13,026
    There is nothing to configure. Once the OpenVPN tunnel is established, simply ssh in as if you were physically at that remote location.
     
    Torson likes this.
  9. Torson

    Torson Regular Contributor

    Joined:
    Aug 3, 2018
    Messages:
    142
    Yes, and no - I use Putty to ssh directly into the remote router through OpenVPN - that works very well for quite a while now.

    What I'm looking for is to be able to ssh into the local router and from that ssh session to the remote one
     
  10. dave14305

    dave14305 Part of the Furniture

    Joined:
    May 19, 2018
    Messages:
    3,415
    Location:
    USA
    Is it necessary? Or is it because you want to scp between routers?
     
    L&LD likes this.
  11. L&LD

    L&LD Part of the Furniture

    Joined:
    Dec 9, 2013
    Messages:
    13,026
    Open two ssh sessions and, done? :)
     
  12. Torson

    Torson Regular Contributor

    Joined:
    Aug 3, 2018
    Messages:
    142
    SCP between the routers, yes. It doesn't work for me with 2 independent ssh sessions.
    I can ssh from the local ssh session into the remote one on the WAN interface with the generated key. Y'all saying it's not safe, so I'm trying to do that on the LAN interface.
     
  13. L&LD

    L&LD Part of the Furniture

    Joined:
    Dec 9, 2013
    Messages:
    13,026
    What doesn't work exactly?

    Are you using WinSCP?
     
  14. Torson

    Torson Regular Contributor

    Joined:
    Aug 3, 2018
    Messages:
    142
    WinSCP works well. However, I want to create a couple of cron jobs to transfer some files back-and-forth between the routers while maintaining their permissions.
     
  15. L&LD

    L&LD Part of the Furniture

    Joined:
    Dec 9, 2013
    Messages:
    13,026
    And why can't you do that with WinSCP by itself then? I've done that in the past when I wanted to copy the same file to two routers (mine and a remote).
     
  16. Torson

    Torson Regular Contributor

    Joined:
    Aug 3, 2018
    Messages:
    142
    I do that all the time - copy the same file here and there.
    What I'm trying to do is to copy some files from here to there and back based on scheduled jobs.

    EDIT:
    this works:
    Code:
    rsync -avzz -e 'ssh -p 22XXX -i /jffs/dropbear/msg2drb_db' [email protected]:/mnt/asus/conf /mnt/asus/transf
    
    This doesn't work:
    Code:
    rsync -avzz -e 'ssh -p 22XXX -i /jffs/dropbear/msg2drb_db' [email protected]:/mnt/asus/conf /mnt/asus/transf
    Error:
    Code:
    ssh: Connection to [email protected]:22XXX exited: Connect failed: Connection timed out
    rsync: connection unexpectedly closed (0 bytes received so far) [Receiver]
    rsync error: error in rsync protocol data stream (code 12) at io.c(226) [Receiver=3.1.3]
    
    Each router has OpenVPN server and a client pointing to the other one.
     
    Last edited: Jun 3, 2020