Login configuration
Prev The LinkSys WRT54G revisited (with openWRT) Next

Login configuration

  1. Setting the password on the WRT54G

    user@PC:~$ telnet 192.168.1.1
    telnet 192.168.1.1
    Trying 192.168.1.1...
    Connected to 192.168.1.1.
    Escape character is '^]'.
    === IMPORTANT ============================
    Use 'passwd' to set your login password
    this will disable telnet and enable SSH
    ------------------------------------------


    BusyBox v1.15.3 (2010-04-06 04:08:20 CEST) built-in shell (ash)
    Enter 'help' for a list of built-in commands.

    _______                     ________        __
    |       |.-----.-----.-----.|  |  |  |.----.|  |_
    |   -   ||  _  |  -__|     ||  |  |  ||   _||   _|
    |_______||   __|_____|__|__||________||__|  |____|
    |__| W I R E L E S S   F R E E D O M
    Backfire (10.03, r20728) --------------------------
    * 1/3 shot Kahlua    In a shot glass, layer Kahlua
    * 1/3 shot Bailey's  on the bottom, then Bailey's,
    * 1/3 shot Vodka     then Vodka.
    ---------------------------------------------------
    root@OpenWrt:/# passwd
    Changing password for root
    New password:
    Retype password:
    Password for root changed by root
    root@OpenWrt:/# Connection closed by foreign host.
    user@PC:~$ ssh  root@192.168.1.1
    root@192.168.1.1's password:


    BusyBox v1.15.3 (2010-04-06 04:08:20 CEST) built-in shell (ash)
    Enter 'help' for a list of built-in commands.

    _______                     ________        __
    |       |.-----.-----.-----.|  |  |  |.----.|  |_
    |   -   ||  _  |  -__|     ||  |  |  ||   _||   _|
    |_______||   __|_____|__|__||________||__|  |____|
    |__| W I R E L E S S   F R E E D O M
    Backfire (10.03, r20728) --------------------------
    * 1/3 shot Kahlua    In a shot glass, layer Kahlua
    * 1/3 shot Bailey's  on the bottom, then Bailey's,
    * 1/3 shot Vodka     then Vodka.
    ---------------------------------------------------
    root@OpenWrt:~#                         

  2. Allowing SSH on WAN

    Edit /etc/config/firewall: 

      <snip>
  config rule
  option proto            tcp
  option src              wan
  option dest_port        22
  option target           ACCEPT
  <snip>

  3. Using only keys for SSH

    Create a keypair, and copy it to the router:

    user@PC:~$  ssh-keygen -t dsa -f ~/.ssh/id_dsa_for_router
    Generating public/private dsa key pair.
    Enter passphrase (empty for no passphrase):
    Enter same passphrase again:
    Your identification has been saved in /home/jurjen/.ssh/id_dsa_for_router.
    Your public key has been saved in /home/jurjen/.ssh/id_dsa_for_router.pub.
    The key fingerprint is:
    f2:6d:f6:95:97:74:ef:d8:2c:ff:07:d6:7e:ef:37:55 jurjen@stalin
    The key's randomart image is:
    +--[ DSA 1024]----+
    |                 |
    |                 |
    |                 |
    |                E|
    |      . S      oo|
    |       o .    +.*|
    |        . +  .o++|
    |         o . ..B=|
    |            . .+/|
    +-----------------+
    user@PC:~$ ssh-copy-id -i ~/.ssh/id_dsa_for_router.pub root@10.0.43.44
    root@10.0.43.44's password:
    sh: /usr/X11R6/bin/xauth: not found
    Now try logging into the machine, with "ssh 'root@10.0.34.44'", and check in:

    .ssh/authorized_keys

    to make sure we haven't added extra keys that you weren't expecting.

    ... then on the router, move /root/.ssh/authorized_keys to /etc/dropbear, and disable password authentication in /etc/configure/dropbear:

    root@OpenWrt:~# mv ~/.ssh/authorized_keys /etc/dropbear
    root@OpenWrt:~# rm -rf ~/.ssh
    root@OpenWrt:~# cat /etc/config/dropbear

    config 'dropbear'
    option 'Port' '22'
    option 'PasswordAuth' 'off'

    root@OpenWrt:~#

    ... don't log out yet! and try the connection:

    user@PC:~$ ssh -i ~/.ssh/id_dsa_for_router root@10.0.43.44
    Enter passphrase for key '/home/jurjen/.ssh/id_dsa_for_router':
    sh: /usr/X11R6/bin/xauth: not found


    BusyBox v1.15.3 (2010-04-06 04:08:20 CEST) built-in shell (ash)
    Enter 'help' for a list of built-in commands.

    _______                     ________        __
    |       |.-----.-----.-----.|  |  |  |.----.|  |_
    |   -   ||  _  |  -__|     ||  |  |  ||   _||   _|
    |_______||   __|_____|__|__||________||__|  |____|
    |__| W I R E L E S S   F R E E D O M
    Backfire (10.03, r20728) --------------------------
    * 1/3 shot Kahlua    In a shot glass, layer Kahlua
    * 1/3 shot Bailey's  on the bottom, then Bailey's,
    * 1/3 shot Vodka     then Vodka.
    ---------------------------------------------------

    [Note]Note

    If you did log out, and cannot get back in, you still have the web interface to re-enable password authentication for SSH or reset the password entirely.

Prev Up Next
Upgrading the OpenWRT version on WRT54G nr. 2  Home  Enable TFTP boot from the router