I enabled a password using telnet and now how do I enable remote SSH access to latest Kamikaze on a non-standard port like 443, 80, or 23?

The ssh is activated when you change your root password over telnet, and telnet is disabled. Just fire up ssh client and try to connect to your router.

that is working but when i goto wifi hotspot; connection refused on port 23

ssh uses 22

wow dude thats amazing thanks for your input that really solved my problem; now everything makes sense; im  not being sarcastic at all; you must be a goddam genius

BTW to any non-trolling douche-bags the original question is how do I enable remote SSH access to latest Kamikaze on a non-standard port like 443, 80, or 23?

start dropbear listening on the other port and change the firewall accordingly to open that port.
was nit intending to troll; your question was ambiguous.

you guys are on such a higher level it must be like trying to explain to a 3 yr old the significance of quantum mechanics on a molecular level. thanks for trying. i know ur probably not gonna answer any more questions; but ill just throw it out their in the lame attempt to actually gain insight.

how do i set dropbear to listen on the other port?

change what firewall settings; and how?

Insulting everyone trying to help will make sure nobody will want to help you anymore. We are not under any obligation to help you, so please stay polite.

Yes, having a problem and not being able to solve it yourself sucks, but it is not our fault.

useless reply # 4.

i understand that this knowledge is just so hard to come by and you really feel like you should be payed for being such geniuses. i understand that; really i do.

but please just tell me the 1 or 2 lines of firewall code and what file they should be placed in and then tell me what config setting controls the port dropbear listens on; and we'd be best buds, really we would.

you know what; i'll learn it for myself from this tutorial; thanks for nothing guys, like usual

http://www.youtube.com/watch?v=ldB8kDEtTZA

You must be dumber'n a bag of hammers. I would suggest getting your little sister to help you, I'm sure she can do it.

Just because he is acting like a jerk does not mean you have the right to insult him, so watch your tongue.

Maybe you should direct that to the person that insulted the rest of us. So watch your tongue.

Never argue with an idiot*, they drag you down to their level and beat you with experience ;-).

What I want to say is, don't let yourself down to his level. If you do, you aren't any better than him.

KM

*of course not meaning you.

One hesitates to enter in, but ... you can change the dropbear port if you edit its config file.

vi /etc/config/dropbear

When you reboot, you should be able to ssh in on the new port.

(Last edited by lizby on 8 Feb 2010, 09:52)

I know. I was just bored and thought I would give him a little bit of what he was fishing for. Sorry about that.

/etc/config/dropbear
config dropbear
        option PasswordAuth 'on'
        option Port         '22'

Openwrt is a rather simple linux system, so it is a good idea to look into /etc for ALL files in there and try to figure out what they are, one by one, then you may have a better idea how this system works and where to config it

Well then no harm is done, apology accepted (for my part)

'Though thats only half the way, it still isn't reachable from the internet.
You need to add to  /etc/config/firewall

config 'rule'
        option 'src' 'wan'
        option 'proto' 'tcp'
        option 'dest_port' '<your_custom_ssh_port>'
        option 'target' 'ACCEPT'

After that, it should be reachable from the outside on the specified port.

KM

Disclamer: this rule is taken from a live installation of an older trunk build of kamikaze, the current trunk might behave otherwise.

I wouldn't say this is definitive, but I just ran the following:

/usr/sbin/dropbear -p 50022 -P /var/run/dropbear.2.pid

I was then immediately able to ssh in on 50022 with no change in firewall.  This was on r19490.  On builds as of last July, no firewall change was needed.  This was running on the local net.  Connecting from the internet I had (last summer) set up the router which connected to the internet to redirect incoming, e.g., 50022, to the desired internal ip address, again with no firewall change on the receiving device (but perhaps making that change on the stock firmware of a Netgear WGR614v6 made that change to its firewall--so perhaps this is needed if openWrt device makes internet connection).

(Last edited by lizby on 8 Feb 2010, 13:46)

it is not entirely clear from the original question whether the remote access should happen via wireless or via wan but the other method is to leave the ssh server at port 22 for internal network purposes and to do a port forward for ssh traffic with the new port number:

assuming remote comes via wan and new ssh portnumber is <n>:
#close port 22 for wan
config rule
       option src wan
       option dest_port 22
       option target DROP

#open  port <n>
config rule
       option src wan
       option dest_port <n>
       option proto tcp
       option target ACCEPT

# port <n> redirect  to 22
config redirect
     option src wan
     option src_dport <n>
     option dest lan
     option dest_ip 127.0.0.1
     option dest_port 22
     option proto tcp

@ doddel; i do not understand where this confusion comes from. thank you for your latest reply though. what i mean by remote is simply that; i wish to use SSH tunneling from the Himalayas using my super-spy kit satellite link. using this remote tunnel will enable me to save the world from the evil menace known as the Emperor Zurg.

alright, so;

@lizby; that seems so simple and intuitive; however, using the default kamikazi settings on their latest release did not work like that at all; you would receive the vote for best answer though and thank you for your reply.

@Kanjimonster; i've read the /etc/config/firewall is not for editing and if i want to add a firewall rule i should use /etc/firewall.user

@shallpion ty for the simple and easy to understand direction that answered only half the question. it would answer all the question if you'd simply clarify whether the firewall without any modification allows someone in the Himalayas using their secret spy-kit satellite uplink to connect to the router. For instance, if you'd replied with, the SSH config setting is in the /etc/config/dropbear file and you don't need to touch (whoops thats actually a linux command isn't it? well i don't mean the linux touch command, i mean as in tweeking a file setting) the firewall config in any way whatsoever; that would of been a complete and concise answer to this thread.

@myself and everyone else; let us hope we can overcome our mental disabilities and work together.

Then you must have had old information.

The /etc/config/firewall is for creating 'simple' rules, like opening certain ports to the internet, forwarding ports to different hosts in the lan, the normal stuff you would use the firewall in a router.
But this rule set is quite limited, and you don't have access to everything what linux can. So if you need really  advanced features and know what you do, then you put your rules in the firewall.user.

But for opening a port for incoming connecetions to the router, creating a rule in /etc/config/firewall is the easiest way to do.

Btw all files in /etc/config/* are meant to be edited - usually by uci, but you can also edit them directly with your favourite editor, or use the appropriate luci page.

Just remember to restart the correct service (e.g. by running "/etc/init.d/firewall restart") if you changed something yourself. Luci does that for you automatically when you apply the changes.

Last thing I read was that redirects within the router weren't working (never tried them myself), but if they do now, that's great.

KM

this is so ridiculous. i had everything working last night before i went to sleep; now i woke up this morning and it wasn't working. wth is going on