ssh/dbclient - DROPBEAR_PASSWORD functionality is broken

Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking
Author Message
roland-dd
DD-WRT Novice


Joined: 12 Feb 2009
Posts: 45

PostPosted: Fri Oct 20, 2017 16:19    Post subject: ssh/dbclient - DROPBEAR_PASSWORD functionality is broken Reply with quote
Can anyone from dd-wrt console open a ssh session to remote host without beeing asked for password as described at ssh-page in dd-wrt wiki?

Code:
DROPBEAR_PASSWORD='remotepassword' ssh -y user@remotehost


https://www.dd-wrt.com/wiki/index.php/SSH#Automatic_Login_.28for_shell_scripts.29

http://www.dd-wrt.com/phpBB2/viewtopic.php?p=1065508

http://www.dd-wrt.com/phpBB2/viewtopic.php?t=311755


Last edited by roland-dd on Mon Oct 23, 2017 19:05; edited 1 time in total
Sponsor
roland-dd
DD-WRT Novice


Joined: 12 Feb 2009
Posts: 45

PostPosted: Mon Oct 23, 2017 13:28    Post subject: Reply with quote
Can anyone please test if ssh with DROPBEAR_PASSWORD works as expected?
Alozaros
DD-WRT Guru


Joined: 16 Nov 2015
Posts: 6407
Location: UK, London, just across the river..

PostPosted: Mon Oct 23, 2017 15:51    Post subject: Reply with quote
first when you ask a question like this let us know which router and firmware version you currently have otherwise the level of help will drop dramatically...

on one of my routers i can connect with putty via ssh on local LAN without been asked for password there is a settings for it in ssh menu under services, but instead i have private key to match Smile
if you meant via web ssh, i don't use this remote ssh tunnel it could be very vulnerable and compromising system stability, especially without asking for password or no private key set its a suicide.... but may be i misunderstood your question... Wink

_________________
Atheros
TP-Link WR740Nv1 ---DD-WRT 55179 WAP
TP-Link WR1043NDv2 -DD-WRT 55303 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55460 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55460 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55363 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
roland-dd
DD-WRT Novice


Joined: 12 Feb 2009
Posts: 45

PostPosted: Mon Oct 23, 2017 16:45    Post subject: Reply with quote
Thanks for the response.

Router is TL-WR841N V9 and DD-WRT is r33492 (10/10/17).

I don't mean connect to router but from dd-wrt router to remote host by ssh.

The remote host, I want to connect to from dd-wrt, is not under my control, thus I can't change the ssh logon method.
roland-dd
DD-WRT Novice


Joined: 12 Feb 2009
Posts: 45

PostPosted: Mon Oct 23, 2017 19:04    Post subject: Reply with quote
DROPBEAR_PASSWORD functionality of dbclient is definitely broken in recent versions of dd-wrt.

In this thread
http://www.dd-wrt.com/phpBB2/viewtopic.php?p=1065508
someone had the same problem and discovered that automatic ssh login by DROPBEAR_PASSWORD is broken since b26839 (2015/05/06).

I downgraded to the version before (V24-sp2 b26653 (04/09/15)) and now it works for me too.
Alozaros
DD-WRT Guru


Joined: 16 Nov 2015
Posts: 6407
Location: UK, London, just across the river..

PostPosted: Mon Oct 23, 2017 19:26    Post subject: Reply with quote
have you selected
Administration>Router Management>Remote Access>Web GUI Management>SSH Management or im on wrong page Smile ??

_________________
Atheros
TP-Link WR740Nv1 ---DD-WRT 55179 WAP
TP-Link WR1043NDv2 -DD-WRT 55303 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55460 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55460 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55363 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
roland-dd
DD-WRT Novice


Joined: 12 Feb 2009
Posts: 45

PostPosted: Mon Oct 23, 2017 19:38    Post subject: Reply with quote
Logon to dd-wrt by ssh an then try to open a ssh connection to a remote host (ie your NAS) with user and password by

Code:
DROPBEAR_PASSWORD='YourPasswordAtNAS' ssh -y user@your.nas


If it works, you shouldn't been asked for password.
Alozaros
DD-WRT Guru


Joined: 16 Nov 2015
Posts: 6407
Location: UK, London, just across the river..

PostPosted: Mon Oct 23, 2017 21:55    Post subject: Reply with quote
roland-dd wrote:
Logon to dd-wrt by ssh an then try to open a ssh connection to a remote host (ie your NAS) with user and password by

Code:
DROPBEAR_PASSWORD='YourPasswordAtNAS' ssh -y user@your.nas


If it works, you shouldn't been asked for password.


well it tries to connect at port 22 witch i already changed to something else

ssh: Connection to root@x.x.x.x.nas:22 exited: Connect failed: Error resolving 'x.x.x.x.nas' port '22'

_________________
Atheros
TP-Link WR740Nv1 ---DD-WRT 55179 WAP
TP-Link WR1043NDv2 -DD-WRT 55303 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55460 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55460 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55363 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
roland-dd
DD-WRT Novice


Joined: 12 Feb 2009
Posts: 45

PostPosted: Tue Oct 24, 2017 8:28    Post subject: Reply with quote
Alozaros wrote:
Error resolving 'x.x.x.x.nas' port '22'


You have to use the address of an existing ssh-server.
roland-dd
DD-WRT Novice


Joined: 12 Feb 2009
Posts: 45

PostPosted: Tue Oct 24, 2017 9:13    Post subject: Reply with quote
I don't know if the mantis bug-tracking-system of dd-wrt is still in use because there are only outdated categories to choose from, but I have created a ticket for this problem.

http://www.dd-wrt.com/dd-wrtv2/bugtracker/view.php?id=4854
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12834
Location: Netherlands

PostPosted: Tue Oct 24, 2017 13:08    Post subject: Reply with quote
Open a ticket at: http://svn.dd-wrt.com/
_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
roland-dd
DD-WRT Novice


Joined: 12 Feb 2009
Posts: 45

PostPosted: Tue Oct 24, 2017 13:27    Post subject: Reply with quote
Thanks.

http://svn.dd-wrt.com/ticket/6022#ticket
roland-dd
DD-WRT Novice


Joined: 12 Feb 2009
Posts: 45

PostPosted: Thu Nov 16, 2017 10:23    Post subject: Please fix DROPBEAR_PASSWORD bug Reply with quote
There are a lot of users in a students hostel, which need their wlan-routers to auto-login to internet access control server via ssh by startup shell script.

https://www.studentenwerk-leipzig.de/sites/default/files/media/files/use_of_wireless_routers_and_mobile_devices_in_studnet.pdf

After the first TL-WR841N works fine with dd-wrt version from april of 2015, there are a lot of requests of other students to modify their routers.

But for most routers there is no dd-wrt version from before april of 2015 because they are to new.

It would be a great help, if the DROPBEAR_PASSWORD bug could be fixed.

Thanks,
Roland

http://svn.dd-wrt.com/ticket/6022#ticket
roland-dd
DD-WRT Novice


Joined: 12 Feb 2009
Posts: 45

PostPosted: Mon Nov 20, 2017 17:18    Post subject: Reply with quote
Am I right, that the DROPBEAR_PASSWORD option was deliberately disabled by brainslayer?

https://github.com/mirror/dd-wrt/commit/067ea1a1efe5621631dde6fdaf2f8ee95b02048e#diff-851da486b641491d761c0295dbe45035
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum