Help with SSH Access

[8443]

Usernames and passwords are the same for local account on Mac and router login. I tried changing username on router but access still denied and same publickey error when using key.

 

[Jack Yaz]

Usernames and passwords are the same for local account on Mac and router login. I tried changing username on router but access still denied and same publickey error when using key.

OK, my thinking was maybe the mac wasn't using the right username for password auth, since the password for the WebUI login is the same as the SSH.

 

[8443]

Good thinking, I tried username/password different than Mac but permission still denied, unfortunately.

 

[martinr]

Usernames and passwords are the same for local account on Mac and router login. I tried changing username on router but access still denied and same publickey error when using key.

When I enable "Allow SSH password login" (even though I normally use public kwy infrastructure), I go to my SSH app or Putty, type in the local IP address of the router, and the SSH port (normally 22, but an obscure one in my case); when I'm asked for the Username and Password, I use those I use for normal access to the router GUI, and, bingo, I'm in. That should work for you.

 

[8443]

When I enable "Allow SSH password login" (even though I normally use public kwy infrastructure), I go to my SSH app or Putty, type in the local IP address of the router, and the SSH port (normally 22, but an obscure one in my case); when I'm asked for the Username and Password, I use those I use for normal access to the router GUI, and, bingo, I'm in. That should work for you.

Unfortunately this doesn't work for me. Permission denied. Argghh... maybe I should factory reset at this point. It shouldn't matter that my ASUS 'router' is actually in access point mode and my actual router is an Ubiquiti ERX, right? Especially because this is all happening on my LAN. Nmap detects port 22/ssh is open on the ASUS AP's local IP.

 

[martinr]

So, even though you are not relying on public key infrastructure to gain access (just username and password), you, STILL can't get in. Believe it or not, I thin knowing that is very helpful!

Actually, I really don't don't know if being in access-point mode would make a difference. But if, in the Admin page, you can see, or have access to, the SSH options, I would have thought you still should be able to connect, but I don't know for sure.

Nmap would detect Porr 22 open because I guess you are Nmapping from the LAN. But what if you Nmap on your public IP addreess from the WAN (eg by public wifi or 3G)? Is Port 22 still open? I bet not. Don't you need to forward Port 22 from the Ubiquiti to the Asus? (I think you do!)

 

[8443]

I just mentioned the Nmap bit to reassure myself that port 22 was open on the AP, really. Scanning my public IP it is closed as expected, and I don't want WAN access. You're right though, if I did want external access I'd probably need to configure that with the router.

 

[martinr]

Understood. I have a Linksys router acting as an Access Point and I (finally) managed to SSH in. So,, being an access point shouldn't matter at all, which is no surprise!

I really can't understand it: by enabling password access, you should be able to SSH in with
your router username and password. You are going to kick yourself when you find where the glitch is! I expect it will be something silly.

 

[jpclarke]

Maybe this will help. https://cucumberwifi.io/community/tutorials/setting-up-dropbear-public-key-authentication.html

When I setup ssh keys the dropbear setup was a bit different to how a unix server would be setup.

 

[martinr]

Are you using any strange/special characters in your Username or Password access to the router?

If so, can you temporarily reset the router's Username and Password to something that won't cause problems eg admin/test, and then retry to SSH in using those safe credentials on password login?

Looks like the whole community is mobilising to get to the bottom of this. We soon shoukd have it cracked!

 

[8443]

I'm not even sure what changed or caused this still, but it works now.

I used the first command in the article jpclarke linked which seemed to do something but I still couldn't SSH in after that. I pasted the new key into the web config authentication key box for the millionth time and now it just works. Formatting is the same as all the other times.

So, it works now, but I don't really know why. It seems like the key was added to /root on the ASUS router with that command, but then I also had to paste the same key into the auth box, but that doesn't seem like the process intended by Merlin or needed by other users, so I'm still confused...but it works.

 

[martinr]

Perseverence seems to be the best troubleshooting tool!

If you do eventually figure out where the problem was, please do let is know.

In the meantime, thanks for the good news: we can all sleep easy tonight.

 

[jpclarke]

To make the ssh keys persistent I need to copy from Jffs a duplicate of the folder /root/.ssh I made via post-mount script.

I assume the entries in the web interface make things persistent, I don't use this.

I access other devices from the router so it's slightly different but should use the same files and method for the opposite way I.e. Inbound.

If you don't copy the files every time in my setup a reboot removes any ssh keys setup as well as authorised hosts etc.

 

[martinr]

....,I assume the entries in the web interface make things persistent, I don't use this. ...,

Yes, indeed. I set mine up a few years ago on the router and it has not required any "maintenance" in all that time and still works perfectly.