Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
Next revisionBoth sides next revision
docs:guide-quick-start:sshadministration [2018/11/11 18:43] – Overhauled and Updated jw0914docs:guide-quick-start:sshadministration [2022/08/05 18:08] – [Windows terminal emulators] added external link and cleanup palebloodsky
Line 1: Line 1:
-====== SSH Access for Newcomers ======+====== SSH access for newcomers ====== 
 +One of the methods to manage OpenWrt is using [[docs:guide-user:base-system:user.beginner.cli|command-line interface]] over [[wp>SSH_(Secure_Shell)|SSH]]. 
 +OpenWrt listens for incoming SSH connections on port ''22/tcp'' by default. 
 +To "ssh into your router", you can enter the following command in a terminal emulator using you router's LAN IP address that is typically ''192.168.1.1'':
  
-This wiki describes several terminal emulators to initiate a SSH connection on [[sshadministration#bsd_macos|BSD/MacOS]], [[sshadministration#linux|Linux]], and [[sshadministration#|Windows]] +<code bash> 
-  * To SSH into your router with [[https://www.openssh.com/manual.html|OpenSSH]], issue: <WRAP lo><code bash>ssh root@192.168.1.1</code></WRAP> +ssh root@192.168.1.1 
-    * **Default Port:** 22 +</code>
-    * **//Password Set://** enter root's password when prompted +
-    * **//Password __not__ Set://** press <wrap lo>''[ENTER]''</wrap> and once logged in, issue <wrap lo>''passwd''</wrap>\\ \\ +
-  * //The first time you SSH into your router, you will see a warning about the SSH server's RSA key fingerprint// +
-    * If you are certain this is the address of your OpenWrt router, type ''yes'', then press <wrap lo>''[ENTER]''</wrap> +
-    * To end your SSH session, type <wrap lo>''exit''</wrap>, then press <wrap lo>''[ENTER]''</wrap>+
  
-<WRAP indent> +The first time you ssh into your router, you will probably see a warning about the //RSA key fingerprint//. 
-=== Example === +If you are certain this is the address of your OpenWrt device, simply type ''yes'' and press Return. 
-<WRAP 57em lo><code text> +Then enter the password you have given to your router, or press Return if this is the initial setup. 
-ssh root@192.168.1.1+Here is an example session:
  
-The authenticity of host '192.168.1.1 (192.168.1.1)' cannot be established.+<code> 
 +$ ssh root@192.168.1.1                                          <== You type this 
 +The authenticity of host '192.168.1.1 (192.168.1.1)' can'be established.
 RSA key fingerprint is SHA256:4VbDA/MOc7inPiyllF5f0r3Q6iEx89ddKdhLGBovsiY. RSA key fingerprint is SHA256:4VbDA/MOc7inPiyllF5f0r3Q6iEx89ddKdhLGBovsiY.
-Are you sure you want to continue connecting (yes/no)? yes +Are you sure you want to continue connecting (yes/no)? yes      <== and this
 Warning: Permanently added '192.168.1.1' (RSA) to the list of known hosts. Warning: Permanently added '192.168.1.1' (RSA) to the list of known hosts.
-root@192.168.1.1 password:+root@192.168.1.1'password:                                    <== and the password here
  
-BusyBox v1.28.() built-in shell (ash) +BusyBox v1.28.() built-in shell (ash)
-Enter 'help' for a list of built-in commands.+
  
   _______                     ________        __   _______                     ________        __
Line 31: Line 29:
           |__| W I R E L E S S   F R E E D O M           |__| W I R E L E S S   F R E E D O M
  -----------------------------------------------------  -----------------------------------------------------
- OpenWrt (18.06.1 r7324-05606de1aa)+ OpenWrt 18.06.2, r7676-cddd7b4c77
  -----------------------------------------------------  -----------------------------------------------------
  
-root@OpenWrt:~ # +root@OpenWrt:~#                                                 <== type next command here 
-</code></WRAP> +</code>
-</WRAP>+
  
 +To end your //ssh session// to your router, type ''exit'' and press Return.
  
-<WRAP indent> +The remainder of this page describes several terminal emulators that Windows, Linux, or macOS can use to access your OpenWrt device.
-===== BSD/MacOS =====+
  
-<wrap button lo>[[https://raw.githubusercontent.com/JW0914/Wikis/master/Scripts%2BConfigs/OpenSSH/BSD-Linux/ssh_config|ssh_config]]</wrap>+//Note: To add a SSH public key to your OpenWrt device, see [[:docs:guide-user:security:dropbear.public-key.auth#From the LuCI Web Interface]]// 
 +===== Windows terminal emulators ===== 
 +[[https://github.com/microsoft/terminal|Windows Terminal]] or the legacy PowerShell, Command Prompt, ConHost, or WSL Bash choices are available. Third party programs such as  [[https://www.putty.org/|PuTTY]], MinGW (installed with Git), Cmder, SmarTTY, and WinSCP are also terminal emulators that can provide SSH into an OpenWrt router.
  
-  * **All UNIX-based distributions provide a command-line SSH client as part of the default installation** +==== Windows 10 built-in terminals ==== 
-    * Terminal is the MacOS default <sup>(location: ''/Applications/Utilities'' )</sup> +Both Windows PowerShell and Command Prompt allows using the default Windows 10 SSH client. 
-    * [[https://iterm2.com/|iTerm2]] is an enhanced terminal program\\ \\ +That SSH client is an optional windows feature and has to be [[https://docs.microsoft.com/en-us/windows-server/administration/openssh/openssh_install_firstuse|enabled]].
-    * It's recommended to read the integrated manual for the program(s) +
-      * Terminal: <wrap lo>''man scp''</wrap> or <wrap lo>''man ssh''</wrap> +
-      * Search Engine: <wrap lo>''scp man page''</wrap> or <wrap lo>''ssh man page''</wrap>+
  
 +If you have installed a WSL distribution, the SSH client is usually preinstalled in there.
  
-===== Linux =====+If you directly launch ''cmd.exe'', ''powershell.exe'' or ''wsl.exe'' the legacy ConHost terminal will open. 
 +Otherwise, you can install the modern [[https://www.microsoft.com/store/productId/9N0DX20HK701|Windows Terminal]] from the store and select any of these shells from there.
  
-<wrap button lo>[[https://raw.githubusercontent.com/JW0914/Wikis/master/Scripts%2BConfigs/OpenSSH/BSD-Linux/ssh_config|ssh_config]]</wrap>+  - Open any of the above terminal emulators and write ''ssh root@192.168.1.1'' ("ssh" is the command, "root" is the OpenWrt user you are connecting to, and "192.168.1.1" is OpenWrt default IP) 
 +  - there will be a message about accepting a new key from the OpenWrt device, write "yes" and press Enter key. 
 +    - If for some reason you have reinstalled OpenWrt the device will have a different key and you get an error about key mismatch. The error will state what is the command line to copy-paste in your terminal to delete the old key and proceedDo it and retry. 
 +  if you want to close the session, write "exit"
  
-  * **All UNIX-based distributions provide a command-line SSH client as part of the default installation** +The Windows 10 optional SSH feature also includes SCP client (to open/edit/download/upload files in OpenWrt via SSH). 
-    * The distro's documentation or package management may need to be queried for proper syntax +Try google for some SCP tutorials to learn how to use it. 
-    * It's recommended to read the integrated manual for the program(s) +Otherwise, use [[docs:guide-quick-start:sshadministration#winscp|WinSCP]] which is way easier for SCP purposes.
-      * Terminal<wrap lo>''man scp''</wrap> or <wrap lo>''man ssh''</wrap> +
-      * Search Engine<wrap lo>''scp man page''</wrap> or <wrap lo>''ssh man page''</wrap>+
  
 +==== PowerShell ====
 +[[https://devblogs.microsoft.com/powershell/announcing-PowerShell-7-0/|Powershell]] provides SSH access.
  
-===== Windows =====+==== Windows Subsystem for Linux (WSL) ==== 
 +The Windows Subsystem for Linux is a convenient way to run a Linux environment of your choice including most,command-line tools, utilities, and applications directly on Windows. For detailed steps of how to install WSL on Windows 10, refer to Microsoft's documentation: https://docs.microsoft.com/en-us/windows/wsl/install-win10
  
-<wrap button lo>[[https://github.com/PowerShell/Win32-OpenSSH/releases|Win32-OpenSSH]]  [[https://github.com/PowerShell/Win32-OpenSSH/wiki|Wiki]] [[https://raw.githubusercontent.com/JW0914/Wikis/master/Scripts%2BConfigs/OpenSSH/Windows/config|ssh_config]]</wrap> +==== PuTTY ==== 
-  * **[[sshadministration#cmder|Cmder]], [[sshadministration#conemu|ConEmu]], [[sshadministration#smartty|SmarTTY]], [[sshadministration#putty|PuTTY]], and [[sshadministration#winscp|WinSCP]] are terminal emulators for SSH connections** +PuTTY gives you command-line access to OpenWrt.
-    * OpenSSH has been ported over to Windows by Microsoft +
-      * Installation should be pulled directly from Microsoft's Win32-OpenSSH GitHub +
-        * //Do not utilize Windows' "Add Features"// +
-        * [[https://github.com/PowerShell/Win32-OpenSSH/wiki/Install-Win32-OpenSSH|Installation Instructions]]+
  
-<WRAP indent+  - Download [[https://www.putty.org/|PuTTY]], get the 32bit ''putty.exe'' from the ''Alternative binary files'' section. 
-==== Cmder ====+  - Start ''putty.exe'' on your Windows client -PuTTY's login window pops up. 
 +  - go to the ''Session'' category of PuTTY's login window, look for the field ''Host Name (or IP address)'' and simply enter the IP-address (e.g. **192.168.1.1**) of your OpenWrt device, keep the default provided port **22**. 
 +  - Click the ''Open'' button at the Bottom to open a connection. This will pop up a shell windows, asking to ''login as''. Login as **root** with the OpenWrt password you have defined some time before. If you have not yet set a password yet on "root", you will not be asked for the password. 
 +  - Done, you are logged into the OpenWrt command line.
  
-<wrap button lo>[[https://github.com/cmderdev/cmder|cmder]]</wrap>+Setting up key-based authentication.
  
-  * **Cmder for Windows is an open-source terminal emulator for Windows, built upon ConEmu** +  - Generate a key pair using ''puttygen.exe''. Save the private key to the PC and add the public key to ''/etc/dropbear/authorized_keys'' on your OpenWrt device. 
-    * Full distribution is preferred over the mmini, as it provides bash emulation and a Unix commands +  Connection -> SSH -> Auth: In the box "Authentication Parameters" under "Private key file for Authentication" state the path to your private key file for this connection (e.g. the ''openwrt.ppk'' file you created before). Best is to click "Browse..." and select the file via the file dialog.
-    Download, and once installed, open Cmder +
-    Issue: <wrap lo>''ssh root@192.168.1.1''</wrap> +
-      - //Assumes you have installed [[sshadministration#windows|Win32-OpenSSH]]//+
  
-==== ConEmu ====+Automating connections.
  
-<wrap button lo>[[https://mridgers.github.io/clink/|Clink]]  [[https://conemu.github.io/|ConEmu]]  [[https://conemu.github.io/en/TableOfContents.html|Wiki]]  [[https://raw.githubusercontent.com/JW0914/Wikis/master/Scripts%2BConfigs/ConEmu/ConEmu.xml|config]]</wrap>+  - Connection -DataIn the box "Login details" enter the "Auto-login username" which is ''root''. 
 +  - Load, save or delete a stored session, enter ''openwrt.lan'' in Saved Sessions and click the Save button. 
 +  - To make a PuTTY shortcut with an automatic login, create one and append the saved session with an ''@'' sign, for example call PuTTY with''putty.exe @openwrt.lan''
  
-  * **ConEmu is a fully customizable terminal emulator for Windows capable of hosting any application developed for:** +==== WinSCP ==== 
-    * **//WinAPI//:** <wrap lo>''choco''</wrap>, <wrap lo>''cmd''</wrap>, <wrap lo>''far''</wrap>, <wrap lo>''git''</wrap>, <wrap lo>''powershell''</wrap>, etc. +WinSCP allows you to browse the OpenWrt file system in Windows Exlorer like GUI-style.
-    * **//Unix PTY//:** <wrap lo>''bash''</wrap>, <wrap lo>''cygwin''</wrap>, <wrap lo>''git-bash''</wrap>, <wrap lo>''msys''</wrap>, <wrap lo>''wsl bash''</wrap>, etc. +
-    - Download, and once ConEmu & CLink are installed, open ConEmu +
-      * //Install CLink to <wrap lo>''%ProgramFiles%\ConEmu\ConEmu\clink\''</wrap>// +
-    - ConEmu auto opens the **//Create New Console//** window +
-      Select **//{Shells::PowerShell}//** from drop down, then press <wrap lo>''[ENTER]''</wrap> +
-    - Issue: <wrap lo>''ssh root@192.168.1.1''</wrap> +
-      - //Assumes you have installed [[sshadministration#windows|Win32-OpenSSH]]//+
  
 +  - Download [[https://winscp.net/eng/download.php|WinSCP]], get the non-beta ''Installation package'' or ''portable executables'' and install or unzip them on your Windows client
 +  - Start ''WinSCP.exe'' on your Windows client, WinSCP's login window will pop up
 +  - Click on ''New Site'' on the left, ensure ''File protocol'' is set to **scp** then enter your OpenWrt device IP address (192.168.1.1) on the right side into ''Host name'', keep the default port ''22''. In ''User name'' enter **root**, in ''Password'', enter your root **password** (or leave blank, if you have not set a password yet)
 +  - Click the ''Login'' at the bottom of the Window.
 +  - Done. You now have an Exlorer-like view of your OpenWrt file system.
  
-==== PuTTY ====+Editing OpenWrt config files with WinSCP's integrated GUI editor. 
 + 
 +  - To edit an OpenWrt config file with WinSCP's GUI-based editor, just right-click the file in WinSCP and select ''Edit'' from the context menu. 
 + 
 +==== Cmder ==== 
 +Cmder for Windows is an open-source terminal emulator that runs on Windows. 
 +It is free to use and provides an easy "command line shell" that allows you to ssh into OpenWrt. 
 +Its attractive fonts and color scheme are easy on the eyes. 
 +The //Full// distribution is preferred (over the //mini// distribution), since it provides a bash emulation, with a Unix-y suite of commands.
  
-<wrap button lo>[[https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html|PuTTY]] [[https://raw.githubusercontent.com/JW0914/Wikis/master/Scripts%2BConfigs/PuTTY/SSH/OpenWrt.reg|Config]]</wrap>+  - Download [[https://cmder.net/|Cmder]]
 +  - Unzip the //cmder.zip// file. 
 +  - Open the Cmder folder, and double-click the Cmder icon. You'll see a Cmder window open similar to the image below. 
 +  - To ssh into the OpenWrt router at 192.168.1.1, type ''ssh root@192.168.1.1'' then press Return.
  
-  * **PuTTY provides command line access to OpenWrt via SSH and other methods** 
-    - Download, and once installed, open PuTTY 
-      - **//Session Category//** 
-        - **//Host Name (or IP)//:** <wrap lo>''root@192.168.1.1''</wrap> 
-      - Click **//Open//** 
-        - Enter password if set 
-        - Done: you are now logged into the OpenWrt command line 
-   
-   
 ==== SmarTTY ==== ==== SmarTTY ====
 +SmarTTY gives you command line access to OpenWrt and allows you to open/edit/download/upload files in OpenWrt, and is overall more modern and user-friendly than PuTTY (another tool detailed below).
  
-<wrap button lo>[[http://smartty.sysprogs.com/|SmarTTY]]</wrap>+  - Download [[http://sysprogs.com/SmarTTY/|SmarTTY]], choose "download" for the installer, or "portable version" if you want it as a standalone program that works without installation. 
 +  - after installation or after unzipping the archive, doubleclick on **SmarTTY** executable file. 
 +  - You will be greeted by a window with two choices, doubleclick on "setup a new SSH connection" (the other option is for serial connections, for usb-TTL dongles and somesuch you connect to the device's debug serial pins on the board, we won't use that now). 
 +  - The window changes into the SSH setup, write the following info:  
 +    - **Host name:** OpenWrt device IP address (default is **192.168.1.1** ) 
 +    - **User Name:** **root** (this is the "administrator" and only user in default OpenWrt) 
 +    - **Password:** leave this blank for your first connection, then write the password you set up (either in Luci GUI or after your first SSH access) 
 +  - Click "Connect" button at the bottom, and you will now see a big terminal screen coming up 
 +  - A default OpenWrt firmware lacks the server component to allow you to open/edit/view/upoad/download files in SmarTTY, so after you have connected to the internet write ''opkg update && opkg install openssh-sftp-server'' to install it. If the next step fails, it might be necessary to reboot the OpenWrt device for this new service to start up properly. 
 +  - Now you can click on **File -Open a Remote File** to open a popup that shows the file system of the OpenWrt device, and you can navigate in it and open text files for example as normal (they will open in a SmarTTY text editor window) 
 +  - If you want to upload or download files to/from a specific folder in the device, you can click on SCP menu and choose the most appropriate action from there.
  
-<wrap danger>**CA/Cert listed as untrusted:** //No guarantee program's downloadable files have not been tampered with//</wrap>\\ +After the first time you connected to device, SmarTTY saved profileso you can connect again to the same device (at that IP address with that password) by just doubleclicking its icon on the first window you see when starting SmarTTY. 
-  * **SmarTTY is more modern and user-friendly terminal emulator than PuTTY** +You can right-click on this profile icon to edit it againif needed.
-    - Downloadand once installed, open SmarTTY +
-    - Choose **//Setup New SSH Connection//** +
-      - **//Host name//:** <wrap lo>''192.168.1.1''</wrap> +
-      - **//User Name//:** <wrap lo>''root''</wrap> +
-      - **//Password//:** //Enter root's passwordelse leave blank// +
-    - Click **//Connect//** +
-      - Configure for SCP, in lieu of SFTP +
-      - Click **//File <wrap em>-></wrap> Open a Remote File//** +
-        * Allows navigation of the OpenWrt filesystem and editing of config files +
-      To upload/download files to/from OpenWrtclick on the SCP menu+
  
 +===== Linux terminal emulators =====
 +All Linux distributions provide a command-line ssh client as part of the default installation.
  
-==== WinSCP ====+  - Open a terminal emulator and write ''ssh root@192.168.1.1'' ("ssh" is the command, "root" is the OpenWrt user you are connecting to, and "192.168.1.1" is OpenWrt default IP) 
 +  - there will be a message about accepting a new key from the OpenWrt device, write "yes" and press Enter key. 
 +    - If for some reason you have reinstalled OpenWrt the device will have a different key and you get an error about key mismatch. The error will state what is the command line to copy-paste in your terminal to delete the old key and proceed. 
 +  - if you want to close the session, write "exit" 
 + 
 +Linux also usually has SCP/SFTP clients (to open/edit/download/upload files in OpenWrt), which may or may not be installed by default. 
 +You need to look up your distro's documentation or search with your package management interface for "scp" and "sftp" to find where it is and its current installation status. 
 +Read [[man>scp|scp manual]] for the command line SCP client or google some tutorials to learn how to use it. 
 + 
 +==== Midnight Commander ==== 
 +[[https://midnight-commander.org/|Midnight Commander]] is Norton Commander like file manager that works on Linux and macOS. 
 +You can access remote files on OpenWrt via mc: 
 + 
 +  - Press 'F9' 
 +  - Select 'Left' panel config 
 +  - Select 'Shell link' 
 +  - Input 'root@192.168.1.1/' and press OK 
 +  - Now you'll see list of files and directories in root of OpenWrt 
 + 
 +Internally it works over [[wp>Files_transferred_over_shell_protocol|scp like protocol FISH]] so it not needs for installed SFTP server.
  
-<wrap button lo>[[https://winscp.net/eng/download.php|WinSCP]]</wrap>+===== macOS terminal emulators ===== 
 +On macOS (formerly Mac OSX) any terminal emulator will allow you to ssh.
  
-  * **WinSCP allows browsing of the OpenWrt file system in an Explorer-like GUI** +  - Terminal - The macOS built-in terminal programfind it in /Applications/Utilities. 
-    Downloadand once installed, open WinSCP +  [[https://iterm2.com/|iTerm2]] a much-enhanced terminal programdonation-ware it's worth it.
-    - Click **//New Site//** on left, then enter: +
-      **//File Protocol//:** <wrap lo>''SCP''</wrap> +
-      - **//Host name//:** <wrap lo>''192.168.1.1''</wrap> +
-      **//User name//:** <wrap lo>''root''</wrap> +
-      - **//Password//:** //Enter root's passwordelse leave blank// +
-    Click **//Login//** +
-    Done: you now have an Explorer-like view of the OpenWrt filesystem +
-      * To edit files, right-click file in WinSCP, select <wrap lo>''Edit''</wrap> from the context menu+
  
-</WRAP>+To ssh into your OpenWrt router at 192.168.1.1, type ''ssh root@192.168.1.1'', then press Return.
  
-</WRAP>+===== Chrome OS terminal emulator ===== 
 +On Chrome OS, [[https://chrome.google.com/webstore/detail/secure-shell-app/pnhechapfaindjhompbnflcldabbghjo?hl=en|Secure Shell App]] will allow you to ssh.
  
  • Last modified: 2022/08/05 19:30
  • by palebloodsky