[Cerowrt-devel] dropbear stops working

[Cerowrt-devel] dropbear stops working

[Michael Richardson]

[-- Attachment #1: Type: text/plain, Size: 2923 bytes --]


Hi, I was running 3.8 until two weeks ago.  I had a problem that had
developed where by dropbear (ssh daemon) simply stopped being willing to
accept logins.  I still had access through the web ui, but it's hard to
investigate problems that way...

I flashed a new 3800 with 3.10 back on Dec. 25th, and all was well.
I could ssh in, no problem.  I went to ssh today, and I get the same
problem as before... My experience from before was that a reboot did *not*
solve the problem.

ssh -v gives me:

obiwan-[~/galaxy/orlando/r6743] mcr 10015 %ssh -v root@budmgmt
OpenSSH_6.0p1 Debian-4, OpenSSL 1.0.1e 11 Feb 2013
debug1: Reading configuration data /home/mcr/.ssh/config
debug1: /home/mcr/.ssh/config line 170: Applying options for *
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to budmgmt [172.30.42.1] port 22.
debug1: Connection established.
debug1: identity file /home/mcr/.ssh/id_rsa type 1
debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048
debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048
debug1: identity file /home/mcr/.ssh/id_rsa-cert type -1
debug1: identity file /home/mcr/.ssh/id_dsa type 2
debug1: Checking blacklist file /usr/share/ssh/blacklist.DSA-2048
debug1: Checking blacklist file /etc/ssh/blacklist.DSA-2048
debug1: identity file /home/mcr/.ssh/id_dsa-cert type -1
debug1: identity file /home/mcr/.ssh/id_ecdsa type -1
debug1: identity file /home/mcr/.ssh/id_ecdsa-cert type -1
ssh_exchange_identification: Connection closed by remote host
[2]    17811 exit 255   ssh -v root@budmgmt

I typically operate with about 6 private keys loaded into ssh-agent on my
desktop.  On a whim I tried unset SSH_AUTH_SOCK in a fresh shell, but
that didn't change things, nor did combinations after that of things like:

%ssh -i ~/.ssh/id_dsa -v root@budmgmt

on the "budmgmt" IP (the 172.30.42.1 untagged on 3800), I should even be able
to login with a password, but it never gets to that point.  I'm thinking that
either something has filled up in a way that survives reboots.

When I had this problem before, I tried starting a new copy of dropbear
From the Network/Fireall/Custom Rules file, since that is a shell
script I can hack:
       dropbear -p 2221 &

but that didn't work (nothing listening on port 2221).
I can see nothing in the logs (which also come via UDP/syslog to my desktop).

I'm looking for any advice on how to:
  a) restore my ssh access.
  b) get better diagnostics from dropbear.

Failing this, I'll upgrade the other unit, restore my settings, and test
things daily.

--
]               Never tell me the odds!                 | ipv6 mesh networks [
]   Michael Richardson, Sandelman Software Works        | network architect  [
]     mcr@sandelman.ca  http://www.sandelman.ca/        |   ruby on rails    [



[-- Attachment #2: Type: application/pgp-signature, Size: 307 bytes --]

Re: [Cerowrt-devel] dropbear stops working

[Michael Richardson]

[-- Attachment #1.1: Type: text/plain, Size: 578 bytes --]


Michael Richardson <mcr@sandelman.ca> wrote:
    > When I had this problem before, I tried starting a new copy of dropbear
    > From the Network/Fireall/Custom Rules file, since that is a shell
    > script I can hack: dropbear -p 2221 &

    > but that didn't work (nothing listening on port 2221).  I can see
    > nothing in the logs (which also come via UDP/syslog to my desktop).

Perhaps I could configure a dropbear to login to a USB stick, and then
remove the USB stick so that I could see what it's doing.

(I was also thinking about soldering on a serial console )


[-- Attachment #1.2: Signature --]
[-- Type: text/plain, Size: 244 bytes --]

--
]               Never tell me the odds!                 | ipv6 mesh networks [
]   Michael Richardson, Sandelman Software Works        | network architect  [
]     mcr@sandelman.ca  http://www.sandelman.ca/        |   ruby on rails    [





[-- Attachment #2: Type: application/pgp-signature, Size: 307 bytes --]

Re: [Cerowrt-devel] dropbear stops working

[Fred Stratton]

[-- Attachment #1: Type: text/plain, Size: 1179 bytes --]

Serial header should be in place on the 3800
http://wiki.openwrt.org/toh/netgear/wndr3800



On 13/01/14 00:23, Michael Richardson wrote:
> Michael Richardson <mcr@sandelman.ca> wrote:
>      > When I had this problem before, I tried starting a new copy of dropbear
>      > From the Network/Fireall/Custom Rules file, since that is a shell
>      > script I can hack: dropbear -p 2221 &
>
>      > but that didn't work (nothing listening on port 2221).  I can see
>      > nothing in the logs (which also come via UDP/syslog to my desktop).
>
> Perhaps I could configure a dropbear to login to a USB stick, and then
> remove the USB stick so that I could see what it's doing.
>
> (I was also thinking about soldering on a serial console )
>
>
>
> --
> ]               Never tell me the odds!                 | ipv6 mesh networks [
> ]   Michael Richardson, Sandelman Software Works        | network architect  [
> ]     mcr@sandelman.ca  http://www.sandelman.ca/        |   ruby on rails    [
>
>
>
>
>
>
> _______________________________________________
> Cerowrt-devel mailing list
> Cerowrt-devel@lists.bufferbloat.net
> https://lists.bufferbloat.net/listinfo/cerowrt-devel


[-- Attachment #2: Type: text/html, Size: 2282 bytes --]

Re: [Cerowrt-devel] dropbear stops working

[Michael Richardson]

This is just a followup for google/archives to an email in Jan2014.
My problems with dropbear not working were because I was connecting from
"offnet" to it.  My configuration has the untagged traffic out of cerowrt
(the default 172.30.42 network) retagged as VLAN3800 and connected to my
desktop.   My desktop would lose it's VLAN3800 IP for unexplained reasons,
and so when I was connecting to 172.30.42.1, I was doing so via a
non-172.30.42.0/27 IP, and dropbear was dropping the connection.  Since I
could ping that IP just fine, it wasn't obvious what the problem was for a
LONG time.

--
]               Never tell me the odds!                 | ipv6 mesh networks [
]   Michael Richardson, Sandelman Software Works        | network architect  [
]     mcr@sandelman.ca  http://www.sandelman.ca/        |   ruby on rails    [

Re: [Cerowrt-devel] dropbear stops working

[Dave Taht]

It is highly likely you ran out of flash space. As best as I recall,
babel then was logging to flash, which we fixed somewhere around
feburary.

You might be able to get somewhere by deleting that log file.

On Mon, Jan 13, 2014 at 2:20 AM, Michael Richardson <mcr@sandelman.ca> wrote:
>
> Hi, I was running 3.8 until two weeks ago.  I had a problem that had
> developed where by dropbear (ssh daemon) simply stopped being willing to
> accept logins.  I still had access through the web ui, but it's hard to
> investigate problems that way...
>
> I flashed a new 3800 with 3.10 back on Dec. 25th, and all was well.
> I could ssh in, no problem.  I went to ssh today, and I get the same
> problem as before... My experience from before was that a reboot did *not*
> solve the problem.
>
> ssh -v gives me:
>
> obiwan-[~/galaxy/orlando/r6743] mcr 10015 %ssh -v root@budmgmt
> OpenSSH_6.0p1 Debian-4, OpenSSL 1.0.1e 11 Feb 2013
> debug1: Reading configuration data /home/mcr/.ssh/config
> debug1: /home/mcr/.ssh/config line 170: Applying options for *
> debug1: Reading configuration data /etc/ssh/ssh_config
> debug1: /etc/ssh/ssh_config line 19: Applying options for *
> debug1: Connecting to budmgmt [172.30.42.1] port 22.
> debug1: Connection established.
> debug1: identity file /home/mcr/.ssh/id_rsa type 1
> debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048
> debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048
> debug1: identity file /home/mcr/.ssh/id_rsa-cert type -1
> debug1: identity file /home/mcr/.ssh/id_dsa type 2
> debug1: Checking blacklist file /usr/share/ssh/blacklist.DSA-2048
> debug1: Checking blacklist file /etc/ssh/blacklist.DSA-2048
> debug1: identity file /home/mcr/.ssh/id_dsa-cert type -1
> debug1: identity file /home/mcr/.ssh/id_ecdsa type -1
> debug1: identity file /home/mcr/.ssh/id_ecdsa-cert type -1
> ssh_exchange_identification: Connection closed by remote host
> [2]    17811 exit 255   ssh -v root@budmgmt
>
> I typically operate with about 6 private keys loaded into ssh-agent on my
> desktop.  On a whim I tried unset SSH_AUTH_SOCK in a fresh shell, but
> that didn't change things, nor did combinations after that of things like:
>
> %ssh -i ~/.ssh/id_dsa -v root@budmgmt
>
> on the "budmgmt" IP (the 172.30.42.1 untagged on 3800), I should even be able
> to login with a password, but it never gets to that point.  I'm thinking that
> either something has filled up in a way that survives reboots.
>
> When I had this problem before, I tried starting a new copy of dropbear
> From the Network/Fireall/Custom Rules file, since that is a shell
> script I can hack:
>        dropbear -p 2221 &
>
> but that didn't work (nothing listening on port 2221).
> I can see nothing in the logs (which also come via UDP/syslog to my desktop).
>
> I'm looking for any advice on how to:
>   a) restore my ssh access.
>   b) get better diagnostics from dropbear.
>
> Failing this, I'll upgrade the other unit, restore my settings, and test
> things daily.
>
> --
> ]               Never tell me the odds!                 | ipv6 mesh networks [
> ]   Michael Richardson, Sandelman Software Works        | network architect  [
> ]     mcr@sandelman.ca  http://www.sandelman.ca/        |   ruby on rails    [
>
>
>
> _______________________________________________
> Cerowrt-devel mailing list
> Cerowrt-devel@lists.bufferbloat.net
> https://lists.bufferbloat.net/listinfo/cerowrt-devel
>



-- 
Dave Täht

https://www.bufferbloat.net/projects/make-wifi-fast

Re: [Cerowrt-devel] dropbear stops working

[Dave Taht]

On Tue, Sep 16, 2014 at 3:15 PM, Michael Richardson <mcr@sandelman.ca> wrote:
>
> This is just a followup for google/archives to an email in Jan2014.
> My problems with dropbear not working were because I was connecting from
> "offnet" to it.  My configuration has the untagged traffic out of cerowrt
> (the default 172.30.42 network) retagged as VLAN3800 and connected to my
> desktop.   My desktop would lose it's VLAN3800 IP for unexplained reasons,
> and so when I was connecting to 172.30.42.1, I was doing so via a
> non-172.30.42.0/27 IP, and dropbear was dropping the connection.  Since I
> could ping that IP just fine, it wasn't obvious what the problem was for a
> LONG time.

Oh, hah. Wow. We've been at this a long time, haven't we? :)

> --
> ]               Never tell me the odds!                 | ipv6 mesh networks [
> ]   Michael Richardson, Sandelman Software Works        | network architect  [
> ]     mcr@sandelman.ca  http://www.sandelman.ca/        |   ruby on rails    [
>
>
> _______________________________________________
> Cerowrt-devel mailing list
> Cerowrt-devel@lists.bufferbloat.net
> https://lists.bufferbloat.net/listinfo/cerowrt-devel



-- 
Dave Täht

https://www.bufferbloat.net/projects/make-wifi-fast