WebIF - can it be accessed from the WAN?
- Thread starter makem
- Start date
Sam Widges
Active Member
That looks like it should be right, now - what are you seeing in the login window?
Just a thought. Would it be easier to set the tunnel up to forward say port 2222 to port 22 on the Humax box. It may be easier than changing the dropbear settings.
e.g local port 2222 forwarded to localhost:22
Edit: Forget it, you're too quick for me
OP
makem
Member
Yes, I now realise it won't work anyway so it's best to forget my suggestion.
OP
makem
Member
Sam Widges
Active Member
Set up a new session - just configure a connection to your Humax, using SSH on port 22 and then, under connection>ssh>auth set the path to the private key file, then go abck to the top, give the session a name and save it. Don't worry about the tunnel details, that can be added in later.
Now, with that session loaded, click on the open button.
If you get the login prompt, then that's good, if not, let us know what happens.
After the login prompt, if you enter 'root', what do you see next?
If it prompts for the password, you have misconfigured PuTTY because you aren't presenting the key. If you have 'Server refused our key' then your configuration on the Humax is wrong or you have presented the wrong key in the config.
For the moment, just test on your local network and forget testing from outside the router.
If you see the message "SSH-2.0-dropbear_o.53.1", it's because you are using telnet to talk to the ssh service, and not using ssh.
Now, with that session loaded, click on the open button.
If you get the login prompt, then that's good, if not, let us know what happens.
After the login prompt, if you enter 'root', what do you see next?
If it prompts for the password, you have misconfigured PuTTY because you aren't presenting the key. If you have 'Server refused our key' then your configuration on the Humax is wrong or you have presented the wrong key in the config.
For the moment, just test on your local network and forget testing from outside the router.
If you see the message "SSH-2.0-dropbear_o.53.1", it's because you are using telnet to talk to the ssh service, and not using ssh.
OP
makem
Member
After login I get the prompt. If I enter 'root' I get root@192.168.x.x.' password.
Attachments
Sam Widges
Active Member
OK - we need to focus on your PuTTY configuration.
What are the names of your public and private keys?
What are the sizes of the 2 files?
Load up the PuTTY session that you are using for testing and check under Connection>SSH>auth and check what the key file is - it needs to be the private key, not the public key.
What are the names of your public and private keys?
What are the sizes of the 2 files?
Load up the PuTTY session that you are using for testing and check under Connection>SSH>auth and check what the key file is - it needs to be the private key, not the public key.
OP
makem
Member
Private key name is private key.ppk size = 859 bytes
Public key is public key (no filetype) size = 284 bytes
The Connection>SSH>auth contains a link (path) to the private key
Sam Widges
Active Member
That's a good point. And we also need the latest version because that's the one that's tweakable via webif.
OP
makem
Member
I installed dropbear yesterday - have not manually updated it but I have autoupdate set.
I will update it now
OP
makem
Member
Having said that the update is hanging processing
Maybe we should call it a night? I don't like keeping you 'on the job' !
I can go on all night
Attachments
Sam Widges
Active Member
I'll be around for a while yet.
Hanging updates happens occasionally. Ignore the webif for the moment and telnet/ssh into the box then 'opkg update' followed by 'opkg upgrade' should sort you out.
There is another tool from the PuTTY suite that you might want to try, called Pageant. When you run it, you get a little computer icon with a black hat on it in the task bar. Right click on that and select "Add Key", then select your private key and enter the passphrase. You shouldn't need to do anything else, but in your PuTTY settings, under connection>SSH.Auth, make sure the "Attempt authentication using Pageant" is selected. If Pageant won't load the private key, that will give us a better idea of where the problem may be.
By the way, your file sizes look right.
Please don't lose faith - once you've done this a few times it really is straightforward.
Hanging updates happens occasionally. Ignore the webif for the moment and telnet/ssh into the box then 'opkg update' followed by 'opkg upgrade' should sort you out.
There is another tool from the PuTTY suite that you might want to try, called Pageant. When you run it, you get a little computer icon with a black hat on it in the task bar. Right click on that and select "Add Key", then select your private key and enter the passphrase. You shouldn't need to do anything else, but in your PuTTY settings, under connection>SSH.Auth, make sure the "Attempt authentication using Pageant" is selected. If Pageant won't load the private key, that will give us a better idea of where the problem may be.
By the way, your file sizes look right.
Please don't lose faith - once you've done this a few times it really is straightforward.
OP
makem
Member
I investigated pageant, used it and it does have my key
The Attempt authentication using Pageant is selected
I never give up!
OP
makem
Member
The 'opkg update' just hangs also.
Sam Widges
Active Member
I'll be giving up in about a glass and a half of red's time
Could you please run the following commands for me on the box and let me know the output. I don't think that this is where the problem lies, but you never know.
Code:
ls -al /mod/.ssh
ls -al /mod/.ssh/authorized_keys
cat /mod/.ssh/authorized_keysThen, telnet into the box (use PuTTY, just tick the telnet option) and run the following commands
Code:
/mod/etc/init.d/S88dropbear stop
/mod/sbin/dropbear -E -FThese commands will stop dropbear running in the background and will log debug information to the console window.
Try to log in using your key and then copy what's in the console window and post it here (after sanitising IP addresses of course). Once you've done that, you can CTRL-C in the window and run
Code:
/mod/etc/init.d/S88dropbear startwhich will restart the service.
Sam Widges
Active Member
A reboot of the box might fix that, but you're already on dropbear 0.53.1 which I think doesn't have the authentication problem, but can't be tweaked by webif. That's not critical to this step of the process, so don't worry.