Menu
What's new
By:
Filters Better Search

Impossible access to router via SSH

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

decedion

decedion

Occasional Visitor
Hi,
I have installed today the last Merlin firmware for RT-N66U.
I have activated the SSH access with SSH key:
20140219_18%3A08%3A21_01.png


But I can't access to router via SSH from Ubuntu Linux:
Code: 
$ ssh -vv 192.168.1.1

OpenSSH_6.2p2 Ubuntu-6ubuntu0.1, OpenSSL 1.0.1e 11 Feb 2013
debug1: Reading configuration data /etc/ssh/ssh_config
debug2: ssh_connect: needpriv 0
debug1: Connecting to 192.168.1.1 [192.168.1.1] port 5622.
debug1: Connection established.
debug1: identity file /home/simon/.ssh/id_rsa type 1
debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048
debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048
debug1: identity file /home/simon/.ssh/id_rsa-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.2p2 Ubuntu-6ubuntu0.1
debug1: Remote protocol version 2.0, remote software version dropbear_2013.62
debug1: no match: dropbear_2013.62
debug2: fd 3 setting O_NONBLOCK
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-dss-cert-v00@openssh.com,ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: first_kex_follows 0 
debug2: kex_parse_kexinit: reserved 0 
debug2: kex_parse_kexinit: curve25519-sha256@libssh.org,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,kexguess2@matt.ucc.asn.au
debug2: kex_parse_kexinit: ecdsa-sha2-nistp521,ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,3des-ctr,aes256-ctr,aes128-cbc,3des-cbc,aes256-cbc,twofish256-cbc,twofish-cbc,twofish128-cbc
debug2: kex_parse_kexinit: aes128-ctr,3des-ctr,aes256-ctr,aes128-cbc,3des-cbc,aes256-cbc,twofish256-cbc,twofish-cbc,twofish128-cbc
debug2: kex_parse_kexinit: hmac-sha1-96,hmac-sha1,hmac-md5
debug2: kex_parse_kexinit: hmac-sha1-96,hmac-sha1,hmac-md5
debug2: kex_parse_kexinit: none
debug2: kex_parse_kexinit: none
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: first_kex_follows 0 
debug2: kex_parse_kexinit: reserved 0 
debug2: mac_setup: found hmac-md5
debug1: kex: server->client aes128-ctr hmac-md5 none
debug2: mac_setup: found hmac-md5
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA 1c:40:50:70:e9:4b:33:26:e3:e8:08:7b:c1:4c:7c:df
debug1: Host '[192.168.1.1]:5622' is known and matches the ECDSA host key.
debug1: Found key in /home/simon/.ssh/known_hosts:1
debug1: ssh_ecdsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /home/simon/.ssh/id_rsa (0x7f4e876fe390),
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/simon/.ssh/id_rsa
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey
debug2: we did not send a packet, disable method
debug1: No more authentication methods to try.
Permission denied (publickey).
I've tried with my router user (ssh user@192.168.1.1) with same error.
In router syslog it shows:
Code: 
....
Feb 19 18:23:54 dropbear[725]: Child connection from 192.168.1.2:33939
Feb 19 18:23:55 dropbear[725]: Login attempt for nonexistent user from 192.168.1.2:33939
Feb 19 18:23:55 dropbear[725]: Login attempt for nonexistent user from 192.168.1.2:33939
Feb 19 18:23:55 dropbear[725]: Exit before auth: Exited normally
Why I can't access?
Regards.
 
Last edited:
Hola

Your key could be too large. Look at this thread
 
Ah yes it's in plaintext, have missed that bit:
Login attempt for nonexistent user
You need to create user simon or check the spelling.
 
ssh service port "5622"

why did you change the service port?

default port for ssh is "22"

it is possible to use custom port
but then you specify what port to connect on when you attempt to connect
example
Code: 
ssh admin@192.168.1.1:5922
 
Last edited:
admin doesn't work. I've tested with the "Router Login Name" and it doesn't work.
Click to expand...
That makes sense, it looks for the admin's (root) credentials and/or authorized_keys in the /tmp/home/root/.ssh directory.
Have you created user simon?
Try useradd simon
and set password with passwd simon
 
Hi, thelonelycoder
You mention in this post something I want to confirm: the user «admin» is in fact the root user by default during a ssh session (I'm running Merlin's fw 3.0.0.4.374.36_beta1 on a RT-N16), or, at least, it has root privileges, right or wrong?

I'm asking this because I'm struggling here with a strange issue: every time I try to change permissions to files stored in a formatted in ext2 usb HD (I access it from a Windows machine using WinScp) they revert to 777... I want to excluded as a reason for this the fact that in a session as «admin» user I don't own enough privileges to make that permission change (i.e., from 777 to 644 or 755) permanent...
Thanks
Joao
 
decedion said:
In my case, this isn't so. My root user is the "Router Login Name"
Click to expand...

Just wanted to clarify: The default user name is admin and this is the root user on the device. If you change the "Router Login Name" this new name is your root user.
 
Thanks for your fast answer
P.-S. Stil cannot figure out why I can't change permissions on my MemUp (which is formatted in ext3 and not ext2 as stated earlier)
cheers
João
 
You must log in or register to reply here.

Similar threads

T
R7800 telnet issue... Any ideas?
Replies
4
Views
3K
Tom Brough
T
Similar threads
Thread starter Title Forum Replies Date
E OpenVPN TAP internet access problem Asuswrt-Merlin 0
S Prevent client from connecting to router but allow connection to internet via access point Asuswrt-Merlin 4
G RESOLVED: Lost access to WebUI from LAN, SSH is working Asuswrt-Merlin 1
N Connecting an ax58u to a BT homehub 5, via a lan port, and not getting internet access. Asuswrt-Merlin 3
K Have global ipv6 address but unable to access internet over ipv6 Asuswrt-Merlin 39
M Allow admin web GUI access on another interface (tailscale0) Asuswrt-Merlin 0
M Isolating home security cameras and providing remote access? Asuswrt-Merlin 5
L When I access the System Log --> IPv6 tab the web server crashes Asuswrt-Merlin 0
A Enable Web Access from WAN can't stay enabled Asuswrt-Merlin 2
D Guest network with intranet access v. using the main network Asuswrt-Merlin 4

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 1,018 (members: 32, guests: 986)
Top