OpenWrt Forum Archive

Topic: Password Reset Using SSH - Need Detailed Instructions Please

The content of this topic has been archived on 14 Apr 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.

I recently installed version 15.05.1 of OpenWrt and used Luci to set the root password. I have forgotten the password and need step by step detailed instructions on how to SSH into the router using Mac OS X Terminal please.

A member of this forum was kind enough to provide the Terminal command: ssh root@192.168.1.1 after typing it in, I hit return but nothing happened.

I am able to successfully trigger failsafe mode, which is confirmed by the routers rapid LED blink pattern. All I need are detailed instructions on what commands to use and what to expect after entering each command please. Thank you to all who offer instructions and advice. Below are my system settings and setup.

Using Terminal to SSH into Router
Connecting to Router’s LAN port
Disabled Firewall
Configure IPv4: Manually
IPv4 Address: 192.168.1.2
Router: 192.168.1.1

Computer: OS X
Router: WRT1900AC v1
OpenWrt: 15.05.1

(Last edited by Spartan81 on 5 Feb 2017, 18:14)

I think with 15.05 you use Telnet.  At some point it was changed so that ssh works in recovery mode (and telnet is never active), but I think that was after 15.05. Another likely reason it didn't work is you were using the WAN port.  Disconnect the router from everything except to connect one of the LAN ports directly to your Mac.

telnet access is simply 'telnet 192.168.1.1' after setting your addresses.

Once you have telnet or ssh logged in, do

mount_root
passwd
<type a new password twice>
reboot 

Thank you mk24 for your response and advice. I misspoke when listing the WAN port as my connection, I have been connecting to the LAN port on the router, apologizes.

I understand telnet is disabled once a root password has been set and SSH is another option. So I need step by step instructions on how to log into the router and provide commands to reset  the root password. I ask for detailed instructions because I have never used Terminal or SSH, and realize if a command is missed or performed incorrectly, resetting the password will fail. Thank you again for your help!

When you boot to recovery mode it uses only the default settings, which means there is no password.

Ok thank you. So using SSH, what are the commands to reset or add a new password?

What I posted above.

mount_root = activate the changeable part of the filesystem so your changes will be permanent.
passwd = set a new password (encrypts the password you enter and writes it to a file)
reboot = bring router up in normal mode

Ok thank you again for your response.

So once Failsafe mode is active I will launch Terminal and type these instructions:

1. type: mount_root [enter return]
2. type: passwd [enter return]
3. type new password: [enter return]
4. type new password again: [enter return]
5. reboot and login with new password

I assume SSH and IP address 192.168.1.1 does not need to be part of the commands in order to actually reach the router and make the password change via SSH?

You have to telnet or ssh to the router first. 
telnet 192.168.1.1
ssh root@192.168.1.1
Only one of these will work depending on how the router is configured.
When the connection is completed, the router will send a banner announcement to your Terminal and a different prompt will appear.  This is all coming from the router.  The next commands you type will be executed by the router's CPU not your Mac.

You absolutely need to type

ssh root@192.168.1.1

in terminal first before you type any other commands.

If you type

ssh root@192.168.1.1

in terminal and nothing happens -- it means there's no connection to the router from the computer you're typing it on.

You are hitting enter/return after you're typing the ssh command, right?

(Last edited by stangri on 5 Feb 2017, 20:49)

Thank you again. As you have indicated, another member instructed me to enter: ssh root@192.168.1.1 and after hitting enter, all that happen was my cursor dropped down one line. I was not presented with a banner announcement within Terminal. I tried it multiple times and I'm sure I have successfully triggered Failsafe mode and set the computers address to 192.168.1.2. This is the sticking point at this time. I will try this again in the order listed below and hopefully it will work. Thank you again for your help, I will report back the results.

1. Open Terminal and type: ssh root@192.168.1.1 [enter return]
2. type: mount_root [enter return]
3. type: passwd [enter return]
4. type new password: [enter return]
5. type new password again: [enter return]
6. reboot and login with new password

Try a ping.  In the Terminal,
ping 192.168.1.1
This should produce a line each second showing a response time in milliseconds.  The Ethernet lights will flash with each ping. Press ctrl-C to stop it.
If that does not work make sure your Mac is configured to 192.168.1.2 with a netmask of 255.255.255.0 (sometimes also called 24).  That is usually automatic.  Make sure you can ping your own machine at 192.168.1.2.

(Last edited by mk24 on 5 Feb 2017, 21:06)

Ok that's good advice. I assume if I can ping the router while in Terminal, that suggests I can communicate with it via Terminal commands. Hopefully after confirming this and typing: ssh root@192.168.1.1 I should be presented with a banner announcement within Terminal, letting me know I can proceed with the other commands listed earlier. Thank you again.

Using Network utility, I’ve configured IPv4 (Manually) and set the IP Address to (192.168.1.2) Subnet Mask to (225.225.225.0) and Router to (192.168.1.1)

When I start up the router without trying to go into Failsafe mode, I can ping the router in Terminal at 192.168.1.1 and can see the times in ms, packets sent and returned 100%. When I boot the router into Failsafe mode, “Lights flashing rapidly indicating failsafe mode is triggered” pinging the same IP address in Terminal, I receive “Request timeout”. So I’m unable to ping the router in what appears to be failsafe mode.

If I restart the router in the normal fashion “not Failsafe mode” and enter Terminal and type the command ssh root@192.168.1.1 I receive a message “The authenticity of host ‘192.168.1.1 (192.168.1.1)’ can’t be established. RSA key fingerprint is [followed by a large sequence of numbers, letters and special characters].

It appears I can ping and send commands while in Terminal to the router and not in failsafe mode. However, once I trigger failsafe mode while holding down the reset button on the router and waiting for the rapid blinking lights to appear, no form of communication can be made to the router. What could be the issue?

Maybe in failsafe mode the ip address is different.

But as you have a router with two partitions, have you tried booting into another partition: https://wiki.openwrt.org/toh/linksys/wr … e_recovery ? Maybe that one is stock and/or you'll remember password for that one.

The discussion might have continued from here.