RT-AC3200 Unable to connect with ssh

[CypherDragon]

Hi all,

I apologize if this has been posted before; I've tried a few different searches, but apparently either can't hit on the right terms, or my search-fu just sucks (if there is a thread).

I have an RT-AC3200 running Merlin 384.10 in wireless router mode. I'm troubleshooting throughput issues with Spectrum (my ISP), and would like to perform some tests at my router, to try and keep from having to rewire from my PC direct to the modem (not impossible, but very inconvenient with how I have everything wired).

I've attempted to allow ssh access to try some of the tools and scripts I've found here, but I just cannot get ssh to connect. I'm using a directly wired connection to my router, and have tried with both Windows (using putty, and the new built-in ssh utility) and a couple Linux VMs, one on my main box, and the other on my ESXi host. All my attempts result in "Connection refused" errors.

I have enabled ssh in the Administration --> System page, and have tried with both LAN only and LAN+WAN settings, enabling and disabling Brute Force protection, and adding in a key created through puttygen for the Windows box. I am using the default port 22, and I use 172.16.1.1 as my LAN IP space. I have tried with connecting to 172.16.1.1 and with router.asus.com with the same results. I have changed both the username and password on the router a couple different times to see if that has something to do with it (my normal username is not the standard admin/root/administrator, but something quite different, and I use a long password saved in LastPass). I am using the "ssh user@172.16.1.1" format, and I've tried with the putty "autologin" box populated as well.

I do not see any errors in the system log relating to SSH, nor do I have any VPN servers or clients active. I've also disabled QoS, and tried with AiProtection off. I'm at wit's end of what else to try....which usually means I've overlooked something easy. Anyone with suggestions please?

Model RT-AC3200
Firmware Version 384.10
Firmware Build Sun Mar 24 21:35:56 UTC 2019 merlin@897df50
Bootloader (CFE) 1.0.1.7
Driver version wl1: May 27 2018 14:08:52 version 7.10.274.33 (r527132) FWID 01-d37e286
Features 2.4G 5G 5G-2 HTTPS PARENTAL2 WIFI_LOGO app appnet bcmwifi bwdpi cloudcheck cloudsync dblog diskutility dnsfilter dnssec dualwan email eula hdspindown ipv6 ipv6pt letsencrypt manual_stb media meoVoda modem movistarTriple mssid nandflash nfsd no_finiwl openvpnd optimize_xbox pptpd printer psta pwrctrl realip reboot_schedule rog rrsut smart_connect snmp ssh stainfo switchctrl tcode timemachine tor update usbX2 user_low_rssi usericon utf8_ssid vpnc webdav wifi_tog_btn wl6
Uptime 0 days 18 hours 47 minute(s) 33 seconds
Temperatures

 

[L&LD]

Is it simply that your password is longer than 16 characters? Is there some symbols or other special characters that are not allowed by the firmware?

When was the last time you did a full reset to factory defaults on your router, after flashing the newest firmware you want to use? Then, followed by a minimal and manual configuration to secure the router and connect to your ISP (no saved config files used)?

 

[martinr]

Hi all,

I apologize if this has been posted before; I've tried a few different searches, but apparently either can't hit on the right terms, or my search-fu just sucks (if there is a thread).

I have an RT-AC3200 running Merlin 384.10 in wireless router mode. I'm troubleshooting throughput issues with Spectrum (my ISP), and would like to perform some tests at my router, to try and keep from having to rewire from my PC direct to the modem (not impossible, but very inconvenient with how I have everything wired).

I've attempted to allow ssh access to try some of the tools and scripts I've found here, but I just cannot get ssh to connect. I'm using a directly wired connection to my router, and have tried with both Windows (using putty, and the new built-in ssh utility) and a couple Linux VMs, one on my main box, and the other on my ESXi host. All my attempts result in "Connection refused" errors.

I have enabled ssh in the Administration --> System page, and have tried with both LAN only and LAN+WAN settings, enabling and disabling Brute Force protection, and adding in a key created through puttygen for the Windows box. I am using the default port 22, and I use 172.16.1.1 as my LAN IP space. I have tried with connecting to 172.16.1.1 and with router.asus.com with the same results. I have changed both the username and password on the router a couple different times to see if that has something to do with it (my normal username is not the standard admin/root/administrator, but something quite different, and I use a long password saved in LastPass). I am using the "ssh user@172.16.1.1" format, and I've tried with the putty "autologin" box populated as well.

I do not see any errors in the system log relating to SSH, nor do I have any VPN servers or clients active. I've also disabled QoS, and tried with AiProtection off. I'm at wit's end of what else to try....which usually means I've overlooked something easy. Anyone with suggestions please?

Model RT-AC3200
Firmware Version 384.10
Firmware Build Sun Mar 24 21:35:56 UTC 2019 merlin@897df50
Bootloader (CFE) 1.0.1.7
Driver version wl1: May 27 2018 14:08:52 version 7.10.274.33 (r527132) FWID 01-d37e286
Features 2.4G 5G 5G-2 HTTPS PARENTAL2 WIFI_LOGO app appnet bcmwifi bwdpi cloudcheck cloudsync dblog diskutility dnsfilter dnssec dualwan email eula hdspindown ipv6 ipv6pt letsencrypt manual_stb media meoVoda modem movistarTriple mssid nandflash nfsd no_finiwl openvpnd optimize_xbox pptpd printer psta pwrctrl realip reboot_schedule rog rrsut smart_connect snmp ssh stainfo switchctrl tcode timemachine tor update usbX2 user_low_rssi usericon utf8_ssid vpnc webdav wifi_tog_btn wl6
Uptime 0 days 18 hours 47 minute(s) 33 seconds
Temperatures

Welcome to our forum.

Following from L&LD’s 2 main points, if unsure (special characters etc), reset temporarily the router username and password to something simple to eliminate glitches of the kind L&LD is thinking of.

Have you used Putty before; ard are you familiar with it or is this the first time?

You allowed Password login on the rouer Admin page? (Set it to Yes). Make it simple so forget public keys for now.

Set to LAN Only - setting to both won’t make a difference (as long as you’re inside the LAN!) and it’s safer.

You won’t see anything in syslog: you need to enable logging in Putty. As well or instead, you can also right click top left (IP address area) of the Putty terminal and select Event log

 

[CypherDragon]

Is it simply that your password is longer than 16 characters? Is there some symbols or other special characters that are not allowed by the firmware?

When was the last time you did a full reset to factory defaults on your router, after flashing the newest firmware you want to use? Then, followed by a minimal and manual configuration to secure the router and connect to your ISP (no saved config files used)?

It's exactly 16 characters, but does have a couple specials. I would think if they weren't allowed by firmware, they wouldn't be allowed by the web console, right? I'll try resetting to a simple alphanumeric and see what happens.

It has been awhile since I've done a full factory reset - probably around a year. I've thought of this as well, but wanted to see if there were any other options/opinions prior to doing a nuke and pave.

Have you used Putty before; ard are you familiar with it or is this the first time?

You allowed Password login on the rouer Admin page? (Set it to Yes). Make it simple so forget public keys for now.

You won’t see anything in syslog: you need to enable logging in Putty. As well or instead, you can also right click top left (IP address area) of the Putty terminal and select Event log

Yeah, I use putty and ssh on a near-daily basis since I'm software support for a company that produces Linux virtual appliances (Bitdefender). I'm no expert, but I'm relatively familiar with SSH and putty.

Password login has been set to 'Yes' for all tests.

I'll check for the putty logs - I didn't know there was such a thing

Thanks for the responses so far!

 

[CypherDragon]

Ok, so changed username to a 12-character all-lowercase, and password to a 13-character alphanumeric...still not able to connect.

Here's the putty event log:
2019-04-04 10:59:10 Looking up host "172.16.1.1" for SSH connection
2019-04-04 10:59:10 Connecting to 172.16.1.1 port 22
2019-04-04 10:59:10 We claim version: SSH-2.0-PuTTY_Release_0.71
2019-04-04 10:59:11 Failed to connect to 172.16.1.1: Network error: Connection refused
2019-04-04 10:59:11 Network error: Network error: Connection refused

 

[L&LD]

Ok, so changed username to a 12-character all-lowercase, and password to a 13-character alphanumeric...still not able to connect.

Here's the putty event log:
2019-04-04 10:59:10 Looking up host "172.16.1.1" for SSH connection
2019-04-04 10:59:10 Connecting to 172.16.1.1 port 22
2019-04-04 10:59:10 We claim version: SSH-2.0-PuTTY_Release_0.71
2019-04-04 10:59:11 Failed to connect to 172.16.1.1: Network error: Connection refused
2019-04-04 10:59:11 Network error: Network error: Connection refused

Unless someone has any more options for you to try, I believe that to minimize further tail-chasing you do a full M&M Config on your router.

Including doing a WPS erase and a 'format jffs on next boot' steps followed by reflashing the latest firmware (currently 384.10_2).

 

[RMerlin]

Post a screenshot of your SSH settings on the System page of your router.

 

[CypherDragon]

Unless someone has any more options for you to try, I believe that to minimize further tail-chasing you do a full M&M Config on your router.

Including doing a WPS erase and a 'format jffs on next boot' steps followed by reflashing the latest firmware (currently 384.10_2).

*sigh* Ok, that'll have to wait until tonight then...

Post a screenshot of your SSH settings on the System page of your router.

 

[L&LD]

*sigh* Ok, that'll have to wait until tonight then...

It will go fast, just make sure each step is done in the right order.

Who knows? It may even fix your ISP issues too.

 

[RMerlin]

Looks good to me.

Are the router and the client on the same subnet, and is it a /24? Asuswrt can be quirky if used with a wider subnet.

You can also check the router's System Log to see if it contains more info. Make sure it does confirm that the dropbear service is running.

Also check at the bottom, there's an option to restrict connection to web/ssh by IP. Make sure it's not blocking you.

 

[CypherDragon]

It will go fast, just make sure each step is done in the right order.

Who knows? It may even fix your ISP issues too.

Nah, those are signal issues with the line. I can occasionally get it to run at the 200Mbps I'm paying for, but within 10 min it's back down to single-digit downstream speeds. At least I'm not a T1 speeds like I was yesterday (<1.5Mbps)

Looks good to me.

Are the router and the client on the same subnet, and is it a /24? Asuswrt can be quirky if used with a wider subnet.

You can also check the router's System Log to see if it contains more info. Make sure it does confirm that the dropbear service is running.

Also check at the bottom, there's an option to restrict connection to web/ssh by IP. Make sure it's not blocking you.

They are, both are in the 172.16.1.x subnet, /24 netmask.

Ethernet adapter Ethernet:

   Connection-specific DNS Suffix  . : test
   Link-local IPv6 Address . . . . . : fe80::6de1:c45:dd76:546c%9
   IPv4 Address. . . . . . . . . . . : 172.16.1.178
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 172.16.1.1

I've attached the syslog - I'm not seeing dropbear listed on a quick search. I do have the router set to reboot every day at 0600am (to reset the VPN connection when I have it enabled - it is currently disabled). Any other way to check for the service or to restart it?

Remote Access Config is set to:
Enable Web Access from WAN: No
Allow only specified IP addresses: No

 

[martinr]

Nah, those are signal issues with the line. I can occasionally get it to run at the 200Mbps I'm paying for, but within 10 min it's back down to single-digit downstream speeds. At least I'm not a T1 speeds like I was yesterday (<1.5Mbps)


They are, both are in the 172.16.1.x subnet, /24 netmask.

Ethernet adapter Ethernet:

   Connection-specific DNS Suffix  . : test
   Link-local IPv6 Address . . . . . : fe80::6de1:c45:dd76:546c%9
   IPv4 Address. . . . . . . . . . . : 172.16.1.178
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 172.16.1.1

I've attached the syslog - I'm not seeing dropbear listed on a quick search. I do have the router set to reboot every day at 0600am (to reset the VPN connection when I have it enabled - it is currently disabled). Any other way to check for the service or to restart it?

Remote Access Config is set to:
Enable Web Access from WAN: No
Allow only specified IP addresses: No

Yes, nothing in syslog. What about Network Tools in the GUI > Netstat > Display all sockets. I see dropbear in mine. If it’s not there, looks like Merlin’s right and L&LD’s guide is your next step, as L&LD originally surmised. Follow it to the letter and you’ll be right as rain!

 

[CypherDragon]

Didn't think to check netstat...dur. Yeah, nothing listening on port 22, and no dropbear listed.
I'll give a M&M with the latest firmware a go tonight after work, and report back....and then reconfigure everything that's connected wirelessly *weeps quietly*

 

[RMerlin]

See what happens in the system log if you do the following:

1) Disable SSH
2) Apply
3) Enable SSH on LAN
4) Apply

 

[CypherDragon]

Not really much of anything...

Apr  4 16:20:40 rc_service: httpds 271:notify_rc restart_time;restart_upnp;restart_bhblock;
Apr  4 16:20:40 kernel: klogd started: BusyBox v1.25.1 (2019-03-24 17:35:55 EDT)
Apr  4 16:20:41 dnsmasq[3808]: Insecure DS reply received for glb.nist.gov, could be bad domain configuration or lack of DNSSEC support from upstream DNS servers
Apr  4 16:20:41 nat: apply nat rules (/tmp/nat_rules_eth0_eth0)
Apr  4 16:20:58 rc_service: httpds 271:notify_rc restart_time;restart_upnp;restart_bhblock;
Apr  4 16:20:58 kernel: klogd started: BusyBox v1.25.1 (2019-03-24 17:35:55 EDT)
Apr  4 16:20:59 nat: apply nat rules (/tmp/nat_rules_eth0_eth0)
Apr  4 16:21:00 hour_monitor: daemon is starting

 

[CypherDragon]

Probably going to be a day or two before I can get to the full reset - had tonight to work on this, but getting pulled away on something else. Yay!

 

[RMerlin]

Probably going to be a day or two before I can get to the full reset - had tonight to work on this, but getting pulled away on something else. Yay!

Something is weird in the code... Can you try just rebooting your router (while ssh is enabled)?

 

[CypherDragon]

Something is weird in the code... Can you try just rebooting your router (while ssh is enabled)?

Gave that a try, but still no dropbear listed in syslog, and nothing listening on 22.

Syslog attached.

 

[CypherDragon]

Thought I would get to this over the weekend, but no such luck. I'll be giving the M&M a shot tonight.

 

[CypherDragon]

Ok, so to close the loop - finally got around to doing an M&M config, and dropbear is running now with the latest firmware. Not sure why the old config was jacked up, but I'm able to SSH now.

So....is there anyway to decrypt and read the backed up cfg file, short of backing up current config and reapplying? I had a few static assignments and some other network tweaks/settings I'd like to put back without relying on memory.