From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-ob0-x234.google.com (mail-ob0-x234.google.com [IPv6:2607:f8b0:4003:c01::234]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by huchra.bufferbloat.net (Postfix) with ESMTPS id 394C721F201 for ; Sun, 6 Jul 2014 11:00:26 -0700 (PDT) Received: by mail-ob0-f180.google.com with SMTP id vb8so3583426obc.39 for ; Sun, 06 Jul 2014 11:00:25 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=PJN593aPMg45wE3H3PfMCIjQVy4FrKZNA2zUpUdkEbY=; b=kxRknPGTusrHhLZttpS35i6sFKavSuAPpcAFxp5diRVsg1V8+xtpWfwi9wWRuf8l+0 RU2Yg4LCEVuhb21X5JrdfeXKJPG6n47y6KCWg6GNj3Asnz4+4DT2PSg9YEGz+Rvnc9WP z5uh0FbEy9qNqzum2GeX8lJsh/xUijLmMVJRA63yno3V+qbDlN1BBwaGTHIABBJcTBRn Rbnr8LvNP8jPe1/FiJ5+kehh9vrRN6D1pUnIxirYUrdSYtgZAuVmOQBt0u+raJLJWc6g FBIJc9x4eimFaJr9VDiI87e8iwzStmQip7yHvLqe7W5WmZqIGYPShjaAvmgm+10P0gd0 0IlQ== MIME-Version: 1.0 X-Received: by 10.60.16.72 with SMTP id e8mr25547859oed.11.1404669624903; Sun, 06 Jul 2014 11:00:24 -0700 (PDT) Received: by 10.202.129.70 with HTTP; Sun, 6 Jul 2014 11:00:24 -0700 (PDT) Received: by 10.202.129.70 with HTTP; Sun, 6 Jul 2014 11:00:24 -0700 (PDT) In-Reply-To: References: Date: Sun, 6 Jul 2014 11:00:24 -0700 Message-ID: From: Dave Taht To: Ranga Krishnan Content-Type: multipart/alternative; boundary=089e0149be2204ece904fd8a22f3 Cc: cerowrt-devel@lists.bufferbloat.net Subject: Re: [Cerowrt-devel] Router ssh access unavailable on custom build X-BeenThere: cerowrt-devel@lists.bufferbloat.net X-Mailman-Version: 2.1.13 Precedence: list List-Id: Development issues regarding the cerowrt test router project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 06 Jul 2014 18:00:27 -0000 --089e0149be2204ece904fd8a22f3 Content-Type: text/plain; charset=UTF-8 I would check for the presence of the dropbear-xinetd package and /etc/xinetd.conf and xinetd.d/ssh Openwrt uses dropbear (a lightweight ssh clone) directly. Cero uses xinetd for extra security. As for your other issues, a 3.3v serial cable is invaluable in circumstances like this, I typically use a bus pirate to get onto the 4 header pins in the router. On Jul 6, 2014 10:33 AM, "Ranga Krishnan" wrote: > > Dave, > > Appreciate any suggestions debugging the problem below. > > I finally flashed a build I made onto the router and it seems to boot fine and > is broadcasting the two SSIDs I programed into it but I cant ssh into the router, > neither through wireless nor an ethernet cable. > > ----------------xxxxxxxxx-------------------- > $:OpenWireless ranga$ ssh root@172.30.42.1 > ssh: connect to host 172.30.42.1 port 22: Connection refused > ----------------xxxxxxxxxx------------------- > > All ports except 53 seem to be blocked. Even the webserver > we have running on 80/443 is not responding. > > -----------------------xxxxxxxxxxxx----------------------- > $:OpenWireless ranga$ nmap 172.30.42.1 > > Starting Nmap 6.46 ( http://nmap.org ) at 2014-07-06 07:23 PDT > Nmap scan report for 172.30.42.1 > Host is up (0.0010s latency). > Not shown: 999 closed ports > PORT STATE SERVICE > 53/tcp open domain > > Nmap done: 1 IP address (1 host up) scanned in 2.59 seconds > ----------------------xxxxxxxxxxxxx----------------------- > > I started with the etc directory in 3.10.40-6 and removed a few things > and made some changes in /etc/config. I kept the /etc/config/firewall > file unchanged. So I am not sure if it is the firewall blocking the ports. > Here is a link to the /etc I placed in cerowrt/files directory to have it > compiled into the build. > > https://github.com/TWEFF/OpenWireless/tree/master/etc > > Could it be that when building, the permissions with which > the files are being created in the firmware image are not what > they need to be, and this is causing the problems I am seeing ? > Is there any way to analyze the firmware image without flashing > it onto a router ? > > Thanks, > Ranga > > > > _______________________________________________ > Cerowrt-devel mailing list > Cerowrt-devel@lists.bufferbloat.net > https://lists.bufferbloat.net/listinfo/cerowrt-devel > --089e0149be2204ece904fd8a22f3 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable

I would check for the presence of the dropbear-xinetd packag= e and /etc/xinetd.conf and xinetd.d/ssh

Openwrt uses dropbear (a lightweight ssh clone) directly. Ce= ro uses xinetd for extra security.

As for your other issues, a 3.3v serial cable is invaluable = in circumstances like this, I typically use a bus pirate to get onto the 4 = header pins in the router.

On Jul 6, 2014 10:33 AM, "Ranga Krishnan" <ranga@eff.org> wrote:
>
> Dave,
>
> Appreciate any suggestions debugging the problem below.=C2=A0
>
> I finally flashed a build I made onto the router and it seems to boot = fine and
> is broadcasting the two SSIDs I programed into it but I cant ssh into = the router,=C2=A0
> neither through wireless nor an ethernet cable.=C2=A0
>
> ----------------xxxxxxxxx--------------------
> $:OpenWireless ranga$ ssh=C2=A0roo= t@172.30.42.1
> ssh: connect to host 172.30.42.1 port 22: Connection refused
> ----------------xxxxxxxxxx-------------------
>
> All ports except 53 seem to be blocked. Even the webserver=C2=A0
> we have running on 80/443 is not responding.=C2=A0
>
> -----------------------xxxxxxxxxxxx-----------------------
> $:OpenWireless ranga$ nmap 172.30.42.1
>
> Starting Nmap 6.46 (=C2=A0http://nmap.org<= /a>=C2=A0) at 2014-07-06 07:23 PDT
> Nmap scan report for 172.30.42.1
> Host is up (0.0010s latency).
> Not shown: 999 closed ports
> PORT =C2=A0=C2=A0STATE SERVICE
> 53/tcp open =C2=A0domain
>
> Nmap done: 1 IP address (1 host up) scanned in 2.59 seconds
> ----------------------xxxxxxxxxxxxx-----------------------
>
> I started with the etc directory in 3.10.40-6 and removed a few things=
> and made some changes in /etc/config. I kept the /etc/config/firewall<= br> > file unchanged. So I am not sure if it is the firewall blocking the po= rts.
> Here is a link to the /etc I placed in cerowrt/files directory to have= it=C2=A0
> compiled into the build.=C2=A0
>
>
http= s://github.com/TWEFF/OpenWireless/tree/master/etc
>
> Could it be that when building, the permissions with which
> the files are being created in the firmware image are not what=C2=A0 > they need to be, and this is causing the problems I am seeing ?
> Is there any way to analyze the firmware image without flashing
> it onto a router ?
>
> Thanks,
> Ranga
>
>
>
> _______________________________________________
> Cerowrt-devel mailing list
> Cerowrt-devel@l= ists.bufferbloat.net
> https= ://lists.bufferbloat.net/listinfo/cerowrt-devel
>

--089e0149be2204ece904fd8a22f3--