Openwrt Ssh Server

| Posted on by



One of the methods to manage OpenWrt is using command-line interface over SSH.OpenWrt listens for incoming SSH connections on port 22/tcp by default.To “ssh into your router”, you can enter the following command in a terminal emulator using you router's LANIP address that is typically 192.168.1.1:

Open a terminal emulator and write ssh root@192.168.1.1 (“ssh” is the command, “root” is the OpenWrt user you are connecting to, and “192.168.1.1” is OpenWrt default IP) there will be a message about accepting a new key from the OpenWrt device, write “yes” and press Enter key.

I am proud owner of TP-Link TL-WDR3500 router flashed with OpenWRT, which is really good custom firmware offering countless possibilities. Recently I’ve installed FTP server on it so I can access the attached external HDD drive remotely. This how-to is simple guide showing you to configure Pure-FTPd with TLS support on your OpenWRT enabled router, too. 这次我们的目标是来打造一台带有自动翻墙功能的路由器! 当然,天上是不会掉馅饼的,为了打造这么一台自动翻墙路由器,还是需要一些条件的。 首先就是一台支持 OpenWrt 的路由器。淘宝上有卖的,刷好 OpenWrt 的带 USB 接口的无线路由,最便宜的也就 100 元左右。 其次就是要有一台 SSH 主机,不.

The first time you ssh into your router, you will probably see a warning about the RSA key fingerprint.If you are certain this is the address of your OpenWrt device, simply type yes and press Return.Then enter the password you have given to your router, or press Return if this is the initial setup.Here is an example session:

Package Installation. To set up and configure an OpenVPN server so we can connect to our home’s. I've got a OpenWRT router that I'm trying to make a persistent reverse ssh tunnel to an Amazon AWS server. The issue is my ISP changes my public IP so in order to ssh to it, I have to use port knocking to prevent every IP from seeing the ssh port. I've written a bash script to make a connection.

To end your ssh session to your router, type exit and press Return.

The remainder of this page describes several terminal emulators that Windows, Linux, or macOS can use to access your OpenWrt device.

Windows terminal emulators

Openwrt

Windows Terminal for Windows 10 or the legacy ConHost (both giving access to Windows PowerShell, Windows Command Prompt, WSL Bash), PuTTY, MinGW (installed together with Git), Cmder, SmarTTY, and WinSCP are terminal emulators that allow you to SSH into an OpenWrt router.

Windows 10 built-in terminals

Both Windows PowerShell and Command Prompt allows using the default Windows 10 SSH client.That SSH client is an optional windows feature and has to be enabled.

If you have installed a WSL distribution, the SSH client is usually preinstalled in there.

If you directly launch cmd.exe, powershell.exe or wsl.exe the legacy ConHost terminal will open.Otherwise, you can install the modern Windows Terminal from the store and select any of these shells from there.

  1. Open any of the above terminal emulators and write ssh root@192.168.1.1 (“ssh” is the command, “root” is the OpenWrt user you are connecting to, and “192.168.1.1” is OpenWrt default IP)
  2. there will be a message about accepting a new key from the OpenWrt device, write “yes” and press Enter key.
    1. If for some reason you have reinstalled OpenWrt the device will have a different key and you get an error about key mismatch. The error will state what is the command line to copy-paste in your terminal to delete the old key and proceed. Do it and retry.

The Windows 10 optional SSH feature also includes SCP client (to open/edit/download/upload files in OpenWrt via SSH).Try google for some SCP tutorials to learn how to use it.Otherwise, use WinSCP which is way easier for SCP purposes.

PowerShell

Powershell provides SSH access.

Windows Subsystem for Linux (WSL)

The Windows Subsystem for Linux is a convenient way to run a Linux environment of your choice including most,command-line tools, utilities, and applications directly on Windows. For detailed steps of how to install WSL on Windows 10, refer to Microsoft's documentation: https://docs.microsoft.com/en-us/windows/wsl/install-win10

PuTTY

PuTTY gives you command-line access to OpenWrt.

  1. Download PuTTY, get the 32bit putty.exe from the Alternative binary files section.
  2. Start putty.exe on your Windows client → PuTTY's login window pops up.
  3. go to the Session category of PuTTY's login window, look for the field Host Name (or IP address) and simply enter the IP-address (e.g. 192.168.1.1) of your OpenWrt device, keep the default provided port 22.
  4. Click the Open button at the Bottom to open a connection. This will pop up a shell windows, asking to login as. Login as root with the OpenWrt password you have defined some time before. If you have not yet set a password yet on “root”, you will not be asked for the password.
  5. Done, you are logged into the OpenWrt command line.

Setting up key-based authentication.

  1. Generate a key pair using puttygen.exe. Save the private key to the PC and add the public key to /etc/dropbear/authorized_keys on your OpenWrt device.
  2. Connection → SSH → Auth: In the box “Authentication Parameters” under “Private key file for Authentication” state the path to your private key file for this connection (e.g. the openwrt.ppk file you created before). Best is to click “Browse…” and select the file via the file dialog.

Automating connections.

  1. Connection → Data: In the box “Login details” enter the “Auto-login username” which is root.
  2. Load, save or delete a stored session, enter openwrt.lan in Saved Sessions and click the Save button.
  3. To make a PuTTY shortcut with an automatic login, create one and append the saved session with an @ sign, for example call PuTTY with: putty.exe @openwrt.lan

WinSCP

WinSCP allows you to browse the OpenWrt file system in Windows Exlorer like GUI-style.

  1. Download WinSCP, get the non-beta Installation package or portable executables and install or unzip them on your Windows client
  2. Start WinSCP.exe on your Windows client, WinSCP's login window will pop up
  3. Click on New Site on the left, then enter your OpenWrt device IP address (192.168.1.1) on the right side into Host name, keep the default port 22. In User name enter root, in Password, enter your root password (or leave blank, if you have not set a password yet)
  4. Done. You now have an Exlorer-like view of your OpenWrt file system.

Editing OpenWrt config files with WinSCP's integrated GUI editor.

  1. To edit an OpenWrt config file with WinSCP's GUI-based editor, just right-click the file in WinSCP and select Edit from the context menu.

Cmder

Cmder for Windows is an open-source terminal emulator that runs on Windows.It is free to use and provides an easy “command line shell” that allows you to ssh into OpenWrt.Its attractive fonts and color scheme are easy on the eyes.The Full distribution is preferred (over the mini distribution), since it provides a bash emulation, with a Unix-y suite of commands.

  1. Unzip the cmder.zip file.
  2. Open the Cmder folder, and double-click the Cmder icon. You'll see a Cmder window open similar to the image below.
  3. To ssh into the OpenWrt router at 192.168.1.1, type ssh root@192.168.1.1 then press Return.

SmarTTY

SmarTTY gives you command line access to OpenWrt and allows you to open/edit/download/upload files in OpenWrt, and is overall more modern and user-friendly than PuTTY (another tool detailed below).

  1. Download SmarTTY, choose “download” for the installer, or “portable version” if you want it as a standalone program that works without installation.
  2. after installation or after unzipping the archive, doubleclick on SmarTTY executable file.
  3. You will be greeted by a window with two choices, doubleclick on “setup a new SSH connection” (the other option is for serial connections, for usb-TTL dongles and somesuch you connect to the device's debug serial pins on the board, we won't use that now).
  4. The window changes into the SSH setup, write the following info:
    1. Host name: OpenWrt device IP address (default is 192.168.1.1 )
    2. User Name:root (this is the “administrator” and only user in default OpenWrt)
    3. Password: leave this blank for your first connection, then write the password you set up (either in Luci GUI or after your first SSH access)
  5. Click “Connect” button at the bottom, and you will now see a big terminal screen coming up
  6. A default OpenWrt firmware lacks the server component to allow you to open/edit/view/upoad/download files in SmarTTY, so after you have connected to the internet write opkg update && opkg install openssh-sftp-server to install it. If the next step fails, it might be necessary to reboot the OpenWrt device for this new service to start up properly.
  7. Now you can click on File → Open a Remote File to open a popup that shows the file system of the OpenWrt device, and you can navigate in it and open text files for example as normal (they will open in a SmarTTY text editor window)
  8. If you want to upload or download files to/from a specific folder in the device, you can click on SCP menu and choose the most appropriate action from there.

After the first time you connected to a device, SmarTTY saved a profile, so you can connect again to the same device (at that IP address with that password) by just doubleclicking its icon on the first window you see when starting SmarTTY.You can right-click on this profile icon to edit it again, if needed.

Linux terminal emulators

All Linux distributions provide a command-line ssh client as part of the default installation.

  1. Open a terminal emulator and write ssh root@192.168.1.1 (“ssh” is the command, “root” is the OpenWrt user you are connecting to, and “192.168.1.1” is OpenWrt default IP)
  2. there will be a message about accepting a new key from the OpenWrt device, write “yes” and press Enter key.
    1. If for some reason you have reinstalled OpenWrt the device will have a different key and you get an error about key mismatch. The error will state what is the command line to copy-paste in your terminal to delete the old key and proceed.

Linux also usually has SCP/SFTP clients (to open/edit/download/upload files in OpenWrt), which may or may not be installed by default.You need to look up your distro's documentation or search with your package management interface for “scp” and “sftp” to find where it is and its current installation status.Read scp manual for the command line SCP client or google some tutorials to learn how to use it.

Midnight Commander

Midnight Commander is Norton Commander like file manager that works on Linux and macOS.You can access remote files on OpenWrt via mc:

  1. Select 'Left' panel config
  2. Input 'root@192.168.1.1/' and press OK
  3. Now you'll see list of files and directories in root of OpenWrt

Internally it works over scp like protocol FISH so it not needs for installed SFTP server.

macOS terminal emulators

On macOS (formerly Mac OSX) any terminal emulator will allow you to ssh.

  1. Terminal - The macOS built-in terminal program, find it in /Applications/Utilities.
  2. iTerm2 a much-enhanced terminal program, donation-ware - it's worth it.

To ssh into your OpenWrt router at 192.168.1.1, type ssh root@192.168.1.1, then press Return.

Chrome OS terminal emulator

On Chrome OS, Secure Shell App will allow you to ssh.

This website uses cookies. By using the website, you agree with storing cookies on your computer. Also you acknowledge that you have read and understand our Privacy Policy. If you do not agree leave the website.More information about cookies

Opened 7 years ago

Closed 4 years ago

Last modified 3 years ago

#9138closedenhancement (fixed)

Reported by:Owned by:tripolar
Priority: normal Milestone: Barrier Breaker 14.07
Component: packages Version: Trunk
Keywords: Cc:

Attachments (5)

google-authenticator_qrencode.patch​ (5.1 KB) - added by DkSoul5 years ago.
Patch to add both Google Authenticator and QR Encode
sshd_pam.patch​ (12.0 KB) - added by DkSoul5 years ago.
Enhanced/Hacked versions of openssh-server and libpam to use with Google Authenticator
sshd_config.patch​ (1.2 KB) - added by DkSoul5 years ago.
Patch to modify openssh-server configuration to enable Google Authentication
openssh-pam.patch​ (10.3 KB) - added by DkSoul5 years ago.
OpenSSH with PAM
libpam-basefiles.patch​ (8.8 KB) - added by DkSoul5 years ago.
libpam base files (common to/used by most services)

Download all attachments as: .zip

Change History (25)

comment:2 Changed 6 years ago by nbd

  • Resolution set to wontfix
  • Status changed from new to closed

comment:4 Changed 5 years ago by jow

Changed 5 years ago by DkSoul

  • Attachmentgoogle-authenticator_qrencode.patch​ added
Openwrt

Changed 5 years ago by DkSoul

  • Attachmentsshd_pam.patch​ added

Changed 5 years ago by DkSoul

  • Attachmentsshd_config.patch​ added

comment:5 Changed 5 years ago by anonymous

  • Resolutionwontfix deleted
  • Status changed from closed to reopened

comment:7 Changed 5 years ago by tripolar

comment:9 Changed 5 years ago by tripolar

Openwrt Ssh Server

  • Owner changed from developers to tripolar
  • Status changed from reopened to assigned

Changed 5 years ago by DkSoul

  • Attachmentopenssh-pam.patch​ added

Changed 5 years ago by DkSoul

Openwrt Openssh Server

  • Attachmentlibpam-basefiles.patch​ added

comment:11 Changed 5 years ago by tripolar

comment:13 Changed 5 years ago by tripolar

comment:14follow-up:↓ 15 Changed 5 years ago by DkSoul

comment:15 in reply to: ↑ 14 Changed 5 years ago by Richard Gerrits <openwrt@…>

comment:17 Changed 4 years ago by anonymous

comment:18 Changed 4 years ago by tripolar

Enable Ssh Openwrt

  • Resolution set to fixed
  • Status changed from assigned to closed

comment:19 Changed 4 years ago by jow

  • Milestone changed from Attitude Adjustment 12.09 to Barrier Breaker 14.07

Openwrt Ssh Server Refused Our Key

Note: See TracTickets for help on using tickets.