* [Cerowrt-devel] Router ssh access unavailable on custom build
@ 2014-07-06 17:32 Ranga Krishnan
2014-07-06 18:00 ` Dave Taht
2014-07-06 21:34 ` Michael Richardson
0 siblings, 2 replies; 6+ messages in thread
From: Ranga Krishnan @ 2014-07-06 17:32 UTC (permalink / raw)
To: cerowrt-devel
[-- Attachment #1: Type: text/plain, Size: 1703 bytes --]
Dave,
Appreciate any suggestions debugging the problem below.
I finally flashed a build I made onto the router and it seems to boot fine and
is broadcasting the two SSIDs I programed into it but I cant ssh into the router,
neither through wireless nor an ethernet cable.
----------------xxxxxxxxx--------------------
$:OpenWireless ranga$ ssh root@172.30.42.1
ssh: connect to host 172.30.42.1 port 22: Connection refused
----------------xxxxxxxxxx-------------------
All ports except 53 seem to be blocked. Even the webserver
we have running on 80/443 is not responding.
-----------------------xxxxxxxxxxxx-----------------------
$:OpenWireless ranga$ nmap 172.30.42.1
Starting Nmap 6.46 ( http://nmap.org ) at 2014-07-06 07:23 PDT
Nmap scan report for 172.30.42.1
Host is up (0.0010s latency).
Not shown: 999 closed ports
PORT STATE SERVICE
53/tcp open domain
Nmap done: 1 IP address (1 host up) scanned in 2.59 seconds
----------------------xxxxxxxxxxxxx-----------------------
I started with the etc directory in 3.10.40-6 and removed a few things
and made some changes in /etc/config. I kept the /etc/config/firewall
file unchanged. So I am not sure if it is the firewall blocking the ports.
Here is a link to the /etc I placed in cerowrt/files directory to have it
compiled into the build.
https://github.com/TWEFF/OpenWireless/tree/master/etc
Could it be that when building, the permissions with which
the files are being created in the firmware image are not what
they need to be, and this is causing the problems I am seeing ?
Is there any way to analyze the firmware image without flashing
it onto a router ?
Thanks,
Ranga
[-- Attachment #2: Type: text/html, Size: 2209 bytes --]
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [Cerowrt-devel] Router ssh access unavailable on custom build
2014-07-06 17:32 [Cerowrt-devel] Router ssh access unavailable on custom build Ranga Krishnan
@ 2014-07-06 18:00 ` Dave Taht
2014-07-07 12:46 ` Ranga Krishnan
2014-07-06 21:34 ` Michael Richardson
1 sibling, 1 reply; 6+ messages in thread
From: Dave Taht @ 2014-07-06 18:00 UTC (permalink / raw)
To: Ranga Krishnan; +Cc: cerowrt-devel
[-- Attachment #1: Type: text/plain, Size: 2332 bytes --]
I would check for the presence of the dropbear-xinetd package and
/etc/xinetd.conf and xinetd.d/ssh
Openwrt uses dropbear (a lightweight ssh clone) directly. Cero uses xinetd
for extra security.
As for your other issues, a 3.3v serial cable is invaluable in
circumstances like this, I typically use a bus pirate to get onto the 4
header pins in the router.
On Jul 6, 2014 10:33 AM, "Ranga Krishnan" <ranga@eff.org> wrote:
>
> Dave,
>
> Appreciate any suggestions debugging the problem below.
>
> I finally flashed a build I made onto the router and it seems to boot
fine and
> is broadcasting the two SSIDs I programed into it but I cant ssh into the
router,
> neither through wireless nor an ethernet cable.
>
> ----------------xxxxxxxxx--------------------
> $:OpenWireless ranga$ ssh root@172.30.42.1
> ssh: connect to host 172.30.42.1 port 22: Connection refused
> ----------------xxxxxxxxxx-------------------
>
> All ports except 53 seem to be blocked. Even the webserver
> we have running on 80/443 is not responding.
>
> -----------------------xxxxxxxxxxxx-----------------------
> $:OpenWireless ranga$ nmap 172.30.42.1
>
> Starting Nmap 6.46 ( http://nmap.org ) at 2014-07-06 07:23 PDT
> Nmap scan report for 172.30.42.1
> Host is up (0.0010s latency).
> Not shown: 999 closed ports
> PORT STATE SERVICE
> 53/tcp open domain
>
> Nmap done: 1 IP address (1 host up) scanned in 2.59 seconds
> ----------------------xxxxxxxxxxxxx-----------------------
>
> I started with the etc directory in 3.10.40-6 and removed a few things
> and made some changes in /etc/config. I kept the /etc/config/firewall
> file unchanged. So I am not sure if it is the firewall blocking the ports.
> Here is a link to the /etc I placed in cerowrt/files directory to have it
> compiled into the build.
>
> https://github.com/TWEFF/OpenWireless/tree/master/etc
>
> Could it be that when building, the permissions with which
> the files are being created in the firmware image are not what
> they need to be, and this is causing the problems I am seeing ?
> Is there any way to analyze the firmware image without flashing
> it onto a router ?
>
> Thanks,
> Ranga
>
>
>
> _______________________________________________
> Cerowrt-devel mailing list
> Cerowrt-devel@lists.bufferbloat.net
> https://lists.bufferbloat.net/listinfo/cerowrt-devel
>
[-- Attachment #2: Type: text/html, Size: 3176 bytes --]
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [Cerowrt-devel] Router ssh access unavailable on custom build
2014-07-06 17:32 [Cerowrt-devel] Router ssh access unavailable on custom build Ranga Krishnan
2014-07-06 18:00 ` Dave Taht
@ 2014-07-06 21:34 ` Michael Richardson
1 sibling, 0 replies; 6+ messages in thread
From: Michael Richardson @ 2014-07-06 21:34 UTC (permalink / raw)
To: Ranga Krishnan; +Cc: cerowrt-devel
Ranga Krishnan <ranga@eff.org> wrote:
> Appreciate any suggestions debugging the problem below.
> I finally flashed a build I made onto the router and it seems to boot fine and
> is broadcasting the two SSIDs I programed into it but I cant ssh into the
> router,
> neither through wireless nor an ethernet cable.
So I had this problem for along time and I finally figured out that it was
because I had two routes to my cerowrt, and my desktop usually picked the one
where it's origin address was not in 172.30.42.1/27, but that IP was in fact
still reachable...
> ----------------xxxxxxxxx--------------------
> $:OpenWireless ranga$ ssh root@172.30.42.1
> ssh: connect to host 172.30.42.1 port 22: Connection refused
> ----------------xxxxxxxxxx-------------------
> All ports except 53 seem to be blocked. Even the webserver
> we have running on 80/443 is not responding.
Well, I had web access to the device.
You'll have to get the 3.3V USB connector, I think.
I ordered 10 from AliExpress a few weeks ago... I haven't a clue if they are
easy to add or no.
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works | network architect [
] mcr@sandelman.ca http://www.sandelman.ca/ | ruby on rails [
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [Cerowrt-devel] Router ssh access unavailable on custom build
2014-07-06 18:00 ` Dave Taht
@ 2014-07-07 12:46 ` Ranga Krishnan
2014-07-09 22:14 ` Dave Taht
0 siblings, 1 reply; 6+ messages in thread
From: Ranga Krishnan @ 2014-07-07 12:46 UTC (permalink / raw)
To: Dave Taht; +Cc: cerowrt-devel
[-- Attachment #1: Type: text/plain, Size: 1404 bytes --]
On Jul 6, 2014, at 11:00 AM, Dave Taht <dave.taht@gmail.com> wrote:
> I would check for the presence of the dropbear-xinetd package and /etc/xinetd.conf and xinetd.d/ssh
>
>
The dropbear-xinetd package was absent while the other items
above were present. I created a new build with dropbear-xinetd but
the behavior is the same.
I used the failsafe mechanism to get telnet access into the boxes and
tried to pull in a good firmware image into /tmp as described here:
https://archive.org/details/EnterOpenwrtFailsafeModeAndReflashAFirmware
However when dropbear refused to start even manually I discovered
there is no dropbear executable on the router.
I compiled this build with :
CONFIG_DEFAULT_dropbear=y
# CONFIG_PACKAGE_dropbear is not set
CONFIG_PACKAGE_dropbear-xinetd=y
# CONFIG_PACKAGE_dropbearconvert is not set
# CONFIG_PACKAGE_dropbearconvert-xinetd is not set
which was the config for 3.10.44-6 release, as described in
cerofiles-3.10 github repo, and which has a working ssh.
Do I need CONFIG_PACKAGE_dropbear even though 3.10.44-6
seems to get dropbear without including this config ?
In the absence of dropbear is there a good way to transfer files.
I couldn't find any file transfer options available in failsafe mode
other than a wget built into busybox. To use this I would
have to setup my mac as a webserver.
Ranga
[-- Attachment #2: Type: text/html, Size: 2357 bytes --]
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [Cerowrt-devel] Router ssh access unavailable on custom build
2014-07-07 12:46 ` Ranga Krishnan
@ 2014-07-09 22:14 ` Dave Taht
2014-07-09 22:25 ` Dave Taht
0 siblings, 1 reply; 6+ messages in thread
From: Dave Taht @ 2014-07-09 22:14 UTC (permalink / raw)
To: Ranga Krishnan; +Cc: cerowrt-devel
it appears the xinetd package was mucked with around may 15th, and
perhaps that has some influence on your problem.
On Mon, Jul 7, 2014 at 5:46 AM, Ranga Krishnan <ranga@eff.org> wrote:
>
> On Jul 6, 2014, at 11:00 AM, Dave Taht <dave.taht@gmail.com> wrote:
>
> I would check for the presence of the dropbear-xinetd package and
> /etc/xinetd.conf and xinetd.d/ssh
>
>
>
> The dropbear-xinetd package was absent while the other items
> above were present. I created a new build with dropbear-xinetd but
> the behavior is the same.
is the xinetd binary present?
> I used the failsafe mechanism to get telnet access into the boxes and
> tried to pull in a good firmware image into /tmp as described here:
>
> https://archive.org/details/EnterOpenwrtFailsafeModeAndReflashAFirmware
>
> However when dropbear refused to start even manually I discovered
> there is no dropbear executable on the router.
>
> I compiled this build with :
>
> CONFIG_DEFAULT_dropbear=y
> # CONFIG_PACKAGE_dropbear is not set
> CONFIG_PACKAGE_dropbear-xinetd=y
> # CONFIG_PACKAGE_dropbearconvert is not set
> # CONFIG_PACKAGE_dropbearconvert-xinetd is not set
>
> which was the config for 3.10.44-6 release, as described in
> cerofiles-3.10 github repo, and which has a working ssh.
>
> Do I need CONFIG_PACKAGE_dropbear even though 3.10.44-6
> seems to get dropbear without including this config ?
No, if you do that, you get dropbear starting at boot without xinetd.
You CAN try it, but then you have to do some firewalling.
>
> In the absence of dropbear is there a good way to transfer files.
> I couldn't find any file transfer options available in failsafe mode
> other than a wget built into busybox. To use this I would
> have to setup my mac as a webserver.
I maintain a local fileserver, always, anyway, so it's a good idea.
>
> Ranga
>
--
Dave Täht
NSFW: https://w2.eff.org/Censorship/Internet_censorship_bills/russell_0296_indecent.article
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [Cerowrt-devel] Router ssh access unavailable on custom build
2014-07-09 22:14 ` Dave Taht
@ 2014-07-09 22:25 ` Dave Taht
0 siblings, 0 replies; 6+ messages in thread
From: Dave Taht @ 2014-07-09 22:25 UTC (permalink / raw)
To: Ranga Krishnan; +Cc: cerowrt-devel
other fallout of the shifting around of everything pre-barrier-breaker
freeze is my automagic update script (pullhead) wasn't doing updates
of the oldpackages repo.
On Wed, Jul 9, 2014 at 3:14 PM, Dave Taht <dave.taht@gmail.com> wrote:
> it appears the xinetd package was mucked with around may 15th, and
> perhaps that has some influence on your problem.
>
> On Mon, Jul 7, 2014 at 5:46 AM, Ranga Krishnan <ranga@eff.org> wrote:
>>
>> On Jul 6, 2014, at 11:00 AM, Dave Taht <dave.taht@gmail.com> wrote:
>>
>> I would check for the presence of the dropbear-xinetd package and
>> /etc/xinetd.conf and xinetd.d/ssh
>>
>>
>>
>> The dropbear-xinetd package was absent while the other items
>> above were present. I created a new build with dropbear-xinetd but
>> the behavior is the same.
>
> is the xinetd binary present?
>
>> I used the failsafe mechanism to get telnet access into the boxes and
>> tried to pull in a good firmware image into /tmp as described here:
>>
>> https://archive.org/details/EnterOpenwrtFailsafeModeAndReflashAFirmware
>>
>> However when dropbear refused to start even manually I discovered
>> there is no dropbear executable on the router.
>>
>> I compiled this build with :
>>
>> CONFIG_DEFAULT_dropbear=y
>> # CONFIG_PACKAGE_dropbear is not set
>> CONFIG_PACKAGE_dropbear-xinetd=y
>> # CONFIG_PACKAGE_dropbearconvert is not set
>> # CONFIG_PACKAGE_dropbearconvert-xinetd is not set
>>
>> which was the config for 3.10.44-6 release, as described in
>> cerofiles-3.10 github repo, and which has a working ssh.
>>
>> Do I need CONFIG_PACKAGE_dropbear even though 3.10.44-6
>> seems to get dropbear without including this config ?
>
> No, if you do that, you get dropbear starting at boot without xinetd.
> You CAN try it, but then you have to do some firewalling.
>
>>
>> In the absence of dropbear is there a good way to transfer files.
>> I couldn't find any file transfer options available in failsafe mode
>> other than a wget built into busybox. To use this I would
>> have to setup my mac as a webserver.
>
> I maintain a local fileserver, always, anyway, so it's a good idea.
>
>
>>
>> Ranga
>>
>
>
>
> --
> Dave Täht
>
> NSFW: https://w2.eff.org/Censorship/Internet_censorship_bills/russell_0296_indecent.article
--
Dave Täht
NSFW: https://w2.eff.org/Censorship/Internet_censorship_bills/russell_0296_indecent.article
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2014-07-09 22:25 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2014-07-06 17:32 [Cerowrt-devel] Router ssh access unavailable on custom build Ranga Krishnan
2014-07-06 18:00 ` Dave Taht
2014-07-07 12:46 ` Ranga Krishnan
2014-07-09 22:14 ` Dave Taht
2014-07-09 22:25 ` Dave Taht
2014-07-06 21:34 ` Michael Richardson
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox