1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice

Welcome To SNBForums

SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.

If you'd like to post a question, simply register and have at it!

While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!

Homeassistant SSH stops working with 384.18

Discussion in 'Asuswrt-Merlin' started by truglodite, Jun 30, 2020 at 6:10 PM.

  1. truglodite

    truglodite Regular Contributor

    Joined:
    Jun 24, 2017
    Messages:
    153
    Lots of folks including myself are using the ssl deamon ssh server on our routers to track wifi connections of our phones (this is used for home automations). Nothing new there, and Homeassistant has a nice asuswrt component that in the past has worked reliably. However, with the latest merlin firmware, there have been verified reports that the ssh connection no longer works. It's a problem with HA, since ssl works fine for everyone from other devices.

    Here are some related links on this subject:
    https://community.home-assistant.io/t/asuswrt-ssh-login-failing/208525/4

    https://github.com/home-assistant/core/issues/37269

    Does anyone have any clues as to what may have changed, or what could be looked at by the HA devs to fix this? My best wild guess is dropbear or openssl got an update that deprecated the cryptos being used by HA, but not sure. This issue is fresh and folks are just looking into it. Any help you guys can offer would be greatly appreciated.

    Thanks,
    Kevin
     
    Last edited: Jul 1, 2020 at 1:38 PM
  2. RMerlin

    RMerlin Super Moderator

    Joined:
    Apr 14, 2012
    Messages:
    33,269
    Location:
    Canada
    What's a "ssl daemon"?
     
    truglodite likes this.
  3. truglodite

    truglodite Regular Contributor

    Joined:
    Jun 24, 2017
    Messages:
    153
    I suppose I shouldn't have called dropbear an deamon. :)
     
  4. Jack Yaz

    Jack Yaz Part of the Furniture

    Joined:
    Apr 20, 2017
    Messages:
    3,816
    You mean SSH don't you, not SSL?
     
    truglodite likes this.
  5. RMerlin

    RMerlin Super Moderator

    Joined:
    Apr 14, 2012
    Messages:
    33,269
    Location:
    Canada
    If you are referring to the SSH server, make sure your client supports modern ciphers. Obsolete algos like 3des and cbc were dropped a few months ago.
     
  6. truglodite

    truglodite Regular Contributor

    Joined:
    Jun 24, 2017
    Messages:
    153
    Yes ssh, oh boy I botch that post pretty bad! I went back and changed the title to avoid confusion.

    Thanks for the tip Eric, I am suspicious that is what is going on here. I already mentioned that in the issue report. Hope they get that sorted so I can go back to .18 on my router.
     
    Jack Yaz likes this.
  7. GC70

    GC70 Occasional Visitor

    Joined:
    May 28, 2016
    Messages:
    23
    Location:
    Italy
    Which SSH cifhers are supported by SSH server, after 384.18? Thanks
     
  8. RMerlin

    RMerlin Super Moderator

    Joined:
    Apr 14, 2012
    Messages:
    33,269
    Location:
    Canada
    GCM (like AES-256-GCM), Chacha20 are supported. I don't know the complete list.
     
    L&LD likes this.