Voxel firmware and ssh

Paul Connolly

New Around Here
Hi Voxel


SSH seems to be causing many issues. The comments in netgear and other forums had a lot of comments too hard I just gave up,

several No longer able to telnet or ssh their routers becuase they made a mistake regarding client keys etc.

Netgear tell them to buy a new router LOL

In my case had a power failure before I could copy the RSA keys to my windows machine,to get terminalaccess for my R9000 I had to install native firmware, then use gui to restore factory settings,

perform 30/30/30 reset

Install latest factory version

This removed ssh and allowed telnet access etc, however the management user name cannot be changed from admin.

I even tried DD-WRT you can put in root or fred at DDWRT intial config, after reboot the user name is admin :) you then have to do a hard reset becuase the password is not recognized with admin user name.

I tried TFTP flash to force install factory,voxel,and dd-wrt still admin user name cannot be changed.

perhaps smarter to leave telnet access running, and have ssh use the same user name and password?

I get why you have gone down the rsa key path but I think overkill for most home users
 

mith_y2k

Regular Contributor
Using the public private keys is only a convenience and added security to avoid typing your password. You should be able to ssh as root just by typing your password (the one you use for admin in the GUI). Is that working? Is Telnet enabled via the debug page?
 

Paul Connolly

New Around Here
To be honest I have not tested this as I am not sure if installing ssh as per the instructions still disables telnet and does not allow user name and password. From the word doc it appears that you must configure the public private keys. What happens is most non technical folk skip this step, to find after reboot telnet disabled, ssh does not accept user name and password so they cannot get terminal access to the router.

so my question is if you follow section 3 in the readme does this still disable telnet and ssh user name and password access? if so what is the process to leave telnet and ssh user name password access in place ?
 

Sizzlechest

Regular Contributor
What do you want to accomplish? I am able to log into my router from PuTTY without entering a login or password. All do is copy my OpenSSH generated public key on my computer to the file /root/.ssh/authorized_keys

If the firmware is upgraded, this file will be deleted. I have a thumbdrive plugged into the router at all times. if the key is missing, it will copy it from the thumbdrive to the router.

Here is the script on the thumbdrive located under autorun/scripts called post-mount.sh:
Code:
#!/bin/sh

if [ ! -f "/root/.ssh/authorized_keys" ]
then
  mkdir -p /root/.ssh
  cp /tmp/mnt/$1/authorized_keys /root/.ssh/authorized_keys
fi
Put your public key on the thumbdrive and rename it to authorized_keys. It will re-install itself automatically if it's missing.
 

kamoj

Very Senior Member
The problems you describe are not with Voxel firmware.

You still have telnet access after "installation of RSA keys".
So you can install your keys and make sure ssh/scp is working before disabling telnet.

It's also possible to make ssh login using user+password, with a small adjustment of the start script.
(It's on my todo-list, such an option)

Hi Voxel


SSH seems to be causing many issues. The comments in netgear and other forums had a lot of comments too hard I just gave up,

several No longer able to telnet or ssh their routers becuase they made a mistake regarding client keys etc.

Netgear tell them to buy a new router LOL

In my case had a power failure before I could copy the RSA keys to my windows machine,to get terminalaccess for my R9000 I had to install native firmware, then use gui to restore factory settings,

perform 30/30/30 reset

Install latest factory version

This removed ssh and allowed telnet access etc, however the management user name cannot be changed from admin.

I even tried DD-WRT you can put in root or fred at DDWRT intial config, after reboot the user name is admin :) you then have to do a hard reset becuase the password is not recognized with admin user name.

I tried TFTP flash to force install factory,voxel,and dd-wrt still admin user name cannot be changed.

perhaps smarter to leave telnet access running, and have ssh use the same user name and password?

I get why you have gone down the rsa key path but I think overkill for most home users
 

kamoj

Very Senior Member
The kamoj add-on beta 5.3+ supports automatic generation and installation of ssh keys.
https://www.snbforums.com/threads/kamoj-add-on-5-1-beta-testing-poll.62315/post-605862
To be honest I have not tested this as I am not sure if installing ssh as per the instructions still disables telnet and does not allow user name and password. From the word doc it appears that you must configure the public private keys. What happens is most non technical folk skip this step, to find after reboot telnet disabled, ssh does not accept user name and password so they cannot get terminal access to the router.

so my question is if you follow section 3 in the readme does this still disable telnet and ssh user name and password access? if so what is the process to leave telnet and ssh user name password access in place ?
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top