Running tomato-K26USB-1.28.9050MIPSR2-beta20-vpn3.6 on an ASUS RT-N16 I find that I can't connect via ssh, though telnet works fine.
Looking at the process list I see:
2247 root 1156 S dropbear -p 22 -s -a
yet an attempt to connect from the LAN or WAN (from various Ubuntu flavors) results in a timeout.
Additionally, I have "Remote Access" enabled, and an alternate port specified, and thus I expect to see either a second -p switch or a second dropbear process.
I turned on inbound connection logging, and do see the expected DROP messages when I aim an ssh connection at a random port from the WAN, but don't see such messages when I attempt to connect to the configured remote port, which seems to suggest that at least the firewall isn't eating the packets.
Also, dropbear isn't logging anything on these connection attempts (if it was operating per the config settings, it should be logging something when I try connecting to the designated port).
When I start dropbear manually using the configured port, like:
- dropbear -p 22123 -s -a
and then try connecting to it from the WAN, again I get a timeout, and nothing logged. (Same if I drop the -s and -a switches.) So maybe the firewall is interfering?
But if I try connecting from the LAN to that port:
% ssh -p root@22123 192.168.1.1
It works as expected and the connection is logged.
To sum up, the unanswered questions are:
Why does ssh on port 22 from the LAN not work?
Why is there not a dropbear process listening on the configured remote port?
Why does a manually started dropbear process not receive connections on the remote port?
So something seems broken and it isn't obvious how to work around it.
Oh wait…under "Admin Restrictions" I have "Limit Connection Attempts" checked for SSH, with parameters of 1 every 60 seconds. When I uncheck that box, everything works as expected.
That makes no sense, as I was not exceeding the connection attempt threshold. If that was the case, it should have been connecting at least some of the time. Either this functionality has a bug, or the UI isn't clearing indicating what it is doing.
I still don't see a dropbear process with a -p switch showing the external port, but now there are two with -p 22, even though it is answering on WAN port 22123. Something non-obvious is happening.
About Tom Metro