Posted: Tue Nov 30, 2010 21:22 Post subject: Dropbear SFTP Access - SOLVED
Apologies if this post is not well laid out, this is the first time I have posted an answer rather than a response.
I have been trying to get sftp to work in DD-Wrt/Optware for the last week using the tutorials on this site. My goal was to have SFTP access without installing OpenSSH (which eats up more resources than necessary if you can get Dropbear to work). Here is the process I finally came up with that actually enables SFTP under Dropbear.
Enabling SFTP in Dropbear
(This tutuorial assumes you have optware installed and mount at /opt)
Step 1 - Install Packages
#Dropbear
ipkg install dropbear
#SFTP Server
ipkg install openssh-sftp-server
Step 2 - Copy DD-Wrt Original Dropbear (Optional Step)
#I think the dropbear ipkg install is somehow incomplete, so I copied the existing dropbear in dd-wrt to be sure.
Doesn't this assume you have perl installed onto your router?
Second question: Will the steps laid out stay active over every reboot? _________________ E3000 22200M KongVPN K26
WRT600n v1.1 refirb mega 18767 BS K24 NEWD2 [not used]
WRT54G v2 16214 BS K24 [access point]
Try Dropbox for syncing files - get 2.5gb online for free by signing up.
Read! Peacock thread
*PLEASE* upgrade PAST v24SP1 or no support.
Yes, you must have perl installed but I believe that it is automatic if you use frater's optware script. If you don't have perl, then you could try the "sed" method in the SFTP wiki.
And, yes, the changes are persistent. On reboot, the defined port will still accept SFTP connections.
I should point out that none of this would be necessary if the dd-wrt developers simu included the SFTP in /usr/libexec rather than forcing us to use this optware workaround.
And voila, that should allow you to SFTP in to whatever port you set in Step 3
Hi morockin
Thank you very much for your directions. I followed the instructions but have a problem that after all this done I got 2 versions of dropbear running on the router, one is old, from /usr/sbin/ with all the default arguments and another one from /opt/sbin/ with correct arguments. The old one seems starting earlier than the new one and thus occupying the port. Tried to disable the SSHd in web-gui but then it also closes the port, so now need to mess with iptables. Did you have any of such problems on your router?
Posted: Thu Dec 09, 2010 2:57 Post subject: Two Dropbear(s)
For wholly unrelated reasons, I actually have both Dropbear versions running (I don't want certain users with SSH rights to have SFTP access) on different ports. To solve your problem, I would simply use a script to kill the "original" Dropbear process before loading the "fixed" version. The easiest thing to do would be to edit the S80dropbear script to kill first and load second. Are you comfortable with scripting?
Posted: Thu Dec 09, 2010 18:26 Post subject: Re: Two Dropbear(s)
morockin wrote:
For wholly unrelated reasons, I actually have both Dropbear versions running (I don't want certain users with SSH rights to have SFTP access) on different ports. To solve your problem, I would simply use a script to kill the "original" Dropbear process before loading the "fixed" version. The easiest thing to do would be to edit the S80dropbear script to kill first and load second. Are you comfortable with scripting?
Ah, ok, I see. Yes, I can do the scripting (not too familiar with Linux scripting but this sounds not too tricky.
Also, I tried the optware dropbear and for some reasons it doesn't work with WAN connections (ssh port opened with iptables). If I kill it and start the built in dropbear - everything is fine (with both WAN and LAN connections), if I kill the built-in one and start the optware one - it doesn't work with WAN, while working with LAN connections. Very strange, will try to update with perl the built-in dropbear, may be optware one got a bug or something.
Joined: 24 Feb 2009 Posts: 2026 Location: Sol System > Earth > USA > Arkansas
Posted: Thu Dec 09, 2010 22:37 Post subject: Re: Two Dropbear(s)
juso wrote:
Ah, ok, I see. Yes, I can do the scripting (not too familiar with Linux scripting but this sounds not too tricky.
Also, I tried the optware dropbear and for some reasons it doesn't work with WAN connections (ssh port opened with iptables). If I kill it and start the built in dropbear - everything is fine (with both WAN and LAN connections), if I kill the built-in one and start the optware one - it doesn't work with WAN, while working with LAN connections. Very strange, will try to update with perl the built-in dropbear, may be optware one got a bug or something.
Thank you anyway!
It is likely there is an additional port used for data transfers on SFTP (not entirely sure). If that is the case, then that would account for it not working on the WAN. _________________ E3000 22200M KongVPN K26
WRT600n v1.1 refirb mega 18767 BS K24 NEWD2 [not used]
WRT54G v2 16214 BS K24 [access point]
Try Dropbox for syncing files - get 2.5gb online for free by signing up.
Read! Peacock thread
*PLEASE* upgrade PAST v24SP1 or no support.
Posted: Sun Dec 12, 2010 11:17 Post subject: Re: Two Dropbear(s)
juso wrote:
Ah, ok, I see. Yes, I can do the scripting (not too familiar with Linux scripting but this sounds not too tricky.
Also, I tried the optware dropbear and for some reasons it doesn't work with WAN connections (ssh port opened with iptables). If I kill it and start the built in dropbear - everything is fine (with both WAN and LAN connections), if I kill the built-in one and start the optware one - it doesn't work with WAN, while working with LAN connections. Very strange, will try to update with perl the built-in dropbear, may be optware one got a bug or something.
Thank you anyway!
Just as an update for anyone who may face same issue - the problem was with iptables, appending PREROUTING statement (-A), which adds the rule at the end of the tables, once I inserted the statement at the beginning of table (with -I) everything seems to work. So, if you want to run opt-ware dropbear on WAN port, then do all the above, as in the first post of the thread by morockin, then disable the default dropbear (SSHd) in the web-interface, which will remove all routing rules from the iptables and then add following rules:
Joined: 14 Jan 2010 Posts: 73 Location: Flint, Michigan
Posted: Sun Mar 27, 2011 5:43 Post subject: SFTP Not Working Again?
I attempted to get SFTP to work following these steps here. Does anyone know if the newer builds are different? Also, does running Samba offer the same file-transfer capability as would SFTP? Sorry if that's a n00b question _________________ Netgear R7800
DD-WRT v3.0-r54545 std
Release: 12/18/2023 (SVN revision: 54545)
Posted: Sat May 28, 2011 22:41 Post subject: Re: Two Dropbear(s)
juso wrote:
juso wrote:
Ah, ok, I see. Yes, I can do the scripting (not too familiar with Linux scripting but this sounds not too tricky.
Also, I tried the optware dropbear and for some reasons it doesn't work with WAN connections (ssh port opened with iptables). If I kill it and start the built in dropbear - everything is fine (with both WAN and LAN connections), if I kill the built-in one and start the optware one - it doesn't work with WAN, while working with LAN connections. Very strange, will try to update with perl the built-in dropbear, may be optware one got a bug or something.
Thank you anyway!
Just as an update for anyone who may face same issue - the problem was with iptables, appending PREROUTING statement (-A), which adds the rule at the end of the tables, once I inserted the statement at the beginning of table (with -I) everything seems to work. So, if you want to run opt-ware dropbear on WAN port, then do all the above, as in the first post of the thread by morockin, then disable the default dropbear (SSHd) in the web-interface, which will remove all routing rules from the iptables and then add following rules: