?
Solved

How to use ssh on DD-WRT v24sp1 wrt54gl ROUTER?

Posted on 2009-02-19
35
Medium Priority
?
4,209 Views
Last Modified: 2013-11-16
I am trying to test the remote connection over SSH to my dd-wrt router.
I found some tutorial... but it seems not for v24 sp1.. not sure if I am doing right.
0
Comment
Question by:bubuko
  • 18
  • 16
35 Comments
 
LVL 8

Expert Comment

by:MrJemson
ID: 23688656
When you same remote, do you mean over the WAN interface?
If so you need to enable this in the configuration menu.
0
 

Author Comment

by:bubuko
ID: 23688666
Ya. from outside to my network. I have tried this http://www.dd-wrt.com/wiki/index.php/Tunnel_all_traffic_over_ssh_using_remote_windows_machine_and_Putty 

but nothing is working
0
 
LVL 8

Expert Comment

by:MrJemson
ID: 23689286
So your attempting RDC over SSH, not just a remote SSH connection to the DD-WRT, is that correct?
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:bubuko
ID: 23689432
ya. I was able to ssh to my router, but not to my host pc.
Since my is v24 sp1, it's different from that tutorial. I went to Service -> Secure Shell -> enable SSHd, also SS TCP forwarding and I changed the port to 443

Form Putty, in Sesson, I type the public ip and port :443

In Tunnels: Source port 3389 / destination 192.168.1.5:3389 (my local pc)

I also ensured the remote desktop is enabled.
0
 
LVL 8

Expert Comment

by:MrJemson
ID: 23690110
Have you made sure the firewall on the XP machine is disabled?
0
 

Author Comment

by:bubuko
ID: 23693574
there is no firewall enabled on the xp. but i am not sure if the frewall on the client side block traffic... but I think it's not possible, since I am using port 443.. the firewall should not block outgoing traffic 443, it's https
0
 
LVL 8

Accepted Solution

by:
MrJemson earned 1000 total points
ID: 23697051
Are you running MSTSC in 98 compatibility mode?

Full how to can be found here:
http://www.dd-wrt.com/phpBB2/viewtopic.php?t=3516
0
 

Author Comment

by:bubuko
ID: 23697164
but the problem is I cannot even establish connection to my router...

I think I found out why...

because in v24 sp1, it's kind of different from the tutorial.

What I did inside:
Service/Secure Shell/SSHd -> enable
Service/Secure Shell/SSH TCP Forwarding -> enable
Service/Secure Shell/Password Login -> enable
Service/Secure Shell/port -> 443
Authorized Keys -> blank

-----------------------------------------------------------------------------------------
Administration/management/Remote Access/SSH Management -> enable
Administration/management/Remote Access/SSH Remote Port -> 443

*I forgot to change the port in SSH Remote Port -> 443. But why? This is not just for connection to manage the router?? Can you check my setting if there is any wrong or not necessary?
0
 
LVL 8

Expert Comment

by:MrJemson
ID: 23697184
You need to initialize the SSH connection in order to tunnel the remote desktop session through it.
When you open putty and select SSH, enter the IP of the WAN interface on your router and enter port 443, does it prompt for a username and password or does it time out?
0
 

Author Comment

by:bubuko
ID: 23697993
the setting I just show you above works. I just want you to take a look at my setting see if everything is correct. And I don't understand why I need to enable SSH Management and set the port to 443.. is not just for router management???
0
 
LVL 8

Expert Comment

by:MrJemson
ID: 23698189
No it is not just for router management.
You need to connect via SSH to the router in order to tunnel through to the Remote Desktop.

Your settings are correct, but I am having a hard time understanding at what exact point you are stuck?

First you say you cannot even establish a connection to the router, then you say the above settings are working?

What is the problem, where are you stuck?!?
0
 

Author Comment

by:bubuko
ID: 23698363
because I didn't enable these setting before:
Administration/management/Remote Access/SSH Management -> enable
Administration/management/Remote Access/SSH Remote Port -> 443

I only had this part enabled
Service/Secure Shell/SSHd -> enable
Service/Secure Shell/SSH TCP Forwarding -> enable
Service/Secure Shell/Password Login -> enable
Service/Secure Shell/port -> 443
Authorized Keys -> blank

So it was not working....
- Do you know what does the SSH TCP Forwarding do? Do I must enable it?
- The port I entered in both part 443.. has to be the same?
- If I want to access file without RDP.. how can I do it in Putty?
0
 
LVL 8

Assisted Solution

by:MrJemson
MrJemson earned 1000 total points
ID: 23698628
Yes SSH TCP Forwarding must be enabled. This enables the ports to be forwarded through to local network devices.

If you have this all enabled and the correct settings in putty (As per the guide) it should work.
You need to open putty, enter the username and password into the SSH session.
Then open remote desktop in windows 98 compatibility mode, and enter localhost and click connect.

If you follow this correctly, this should work fine.
0
 

Author Comment

by:bubuko
ID: 23698785
thank you so much MrJemson!! but I didn't open remote desktop in windows 98 compatibility mode, I can still open rdp...
and do you mean with SSH TCP Forwarding enabled, all the ports on the router open??

I think you missed some of my question above
- The port I entered in both part 443.. has to be the same?
- If I want to access file without RDP.. how can I do it in Putty?

0
 
LVL 8

Expert Comment

by:MrJemson
ID: 23703105
> and do you mean with SSH TCP Forwarding enabled, all the ports on the router open??

No this just allows the port tunneling via putty to work. If you have this disabled and try to do the port forward through Putty it should not work.

Yes the port has to be the same in both places. The first one is for the SSH service which port is will actually listen on, the second allows the connection through the firewall on the WAN port.

You cant access a file without RDP.

You could copy one, but you would need something to connect to.
To do this you could setup filezilla server or something, forward port 21 and connect using filezilla client.
0
 

Author Comment

by:bubuko
ID: 23703611
so you mean I cannot do soemthing like \\hostname\folder... I have to use ftp...

by the way, I want to have more secure ssh, so I followed the tutorial here to create public key and private key http://www.geek-pages.com/articles/latest/setting_up_an_ssh_tunnel_via_dd-wrt_and_your_windows_workstation.html

But in this tutorial, it says the port doesn't have to be the same... he left one in secure shell as port 22....

Also I am not sure if the author made a mistake or not... he mentioned to save public key for use in putty.. but i think it should be private key.... because in the putty, it's asking for private key and public key doesn't have the extension ppk.

lastly, after everything is set. I open up RDP and enter localhost... but i was not able to make the connection... the message is something like there is already established......
0
 
LVL 8

Expert Comment

by:MrJemson
ID: 23703979
http://www.blisstonia.com/eolson/notes/smboverssh.php
Try that for SMB over SSH. I am not sure if it would work, but you can try.

Public/Private key is actually FAR LESS secure, as if someone hacks into your PC they have unlimited access to your router etc. I would not recommend doing this.

As for this:
"I open up RDP and enter localhost... but i was not able to make the connection... the message is something like there is already established......"

This is why you MUST run Remote Desktop in Windows 98 Compatibility mode!!
0
 

Author Comment

by:bubuko
ID: 23708023
I see. Thank you very much!! So do you mean the way I did it for the first time from here http://www.dd-wrt.com/phpBB2/viewtopic.php?t=3516 is more secure than private/public key??
0
 
LVL 8

Expert Comment

by:MrJemson
ID: 23708040
> "So do you mean the way I did it for the first time from here http://www.dd-wrt.com/phpBB2/viewtopic.php?t=3516 is more secure than private/public key??"

Yes very much so! =)
0
 

Author Comment

by:bubuko
ID: 23709210
thank you again and I appreciate you time. Just want to make sure something again...
So you said I cannot do soemthing like \\hostname\folder... I have to use ftp way to access file...?

and compare SSH with VPN... which one is more secure? a lot of companies are using VPN solution... I rarely heard they use SSH ...... why?
0
 
LVL 8

Expert Comment

by:MrJemson
ID: 23709941
As you have experienced, SSH is more difficult to set up and get running.
With a VPN a person can access the file share, email, the company intranet, printers, other servers etc all from the one connection.
If you use SSH you need to configure the ports for each service on each client.

With a VPN the client only has to enter a few details, but with the SSH they have to know quite a bit about computers etc. VPN can be encrypted as good as or better than SSH.

The SSH tunnel is more secure from the point of view of someone finding it and hacking into it, but a good password policy for the VPN would be just as secure.
0
 

Author Comment

by:bubuko
ID: 23714469
I see... but to experienced hackers, which method is harder for them to hack?
and are you also saying VPN PPTP is also good enough?
0
 

Author Comment

by:bubuko
ID: 23715804
Can you explain to me what;s the difference between SSH Remote Port 443 and in Secure Shell, port 443? Do they have to be the same port number?
0
 
LVL 8

Assisted Solution

by:MrJemson
MrJemson earned 1000 total points
ID: 23719870
If a hacker wants to get in, they will get in.
Unless you are running an arm of the Department of Defense why worry over it?
PPTP is just as good as long as it is configured correctly. The easiest way to break in is to brute force the password. If you set the account to lock out after a certain number of incorrect atempts, this will make it more secure.

SSH meand Secure SHell. They are the same thing.
Port 22 is the default port for SSH. Port 443 is HTTPS, but the author of the article has changed SSH to 443 as when someone port scans the router, at first glance it looks like HTTPS is open but SSH is not.

You are really getting off topic now. If you have any more questions please open a new topic.
0
 

Author Comment

by:bubuko
ID: 23725323
Sorry about that. But I think the question I am going to ask here is still related to this topic...... if you still think this question is off topic, I will open new one. the question I asked above "SSH Remote Port 443 and in Secure Shell, port 443".
I was talking about the setting in DD-WRT. They are in different page. I see some article left SSH remote port as 443 and Secure Shell in service page as 22.... so I am confusing. Since both of them are SSH port.. why can be set differently?
0
 
LVL 8

Assisted Solution

by:MrJemson
MrJemson earned 1000 total points
ID: 23726294
Its like a NAT mapping.
Secure Shell in Service is what port the service runs on.
SSH Remote Port is that port is Forwarded through the firewall (To the Secure Shell Service)
If you change Remote Port, you access router from 443 from outside and 22 inside.

Changing both mean you only need to remember one port number, and if someone hacks into your wireless network or something they will have a harder time getting access to the DD-WRT.
0
 

Author Comment

by:bubuko
ID: 23726686
I see.. Thank you very much.
So I think it's like
public IP:remote port -> then the router forward to SSH service port

You said it's like NAT mapping.. it looks like, but it's forwarding to its own internal ip (router internal ip - 192.168.1.1:service port)? right?
0
 
LVL 8

Expert Comment

by:MrJemson
ID: 23726948
Correct
0
 

Author Comment

by:bubuko
ID: 23727554
Sorry to bug you again. The question is closed, but one question poped up in my mind...
SSH is not as VPN tunneling right?
0
 
LVL 8

Expert Comment

by:MrJemson
ID: 23729377
Correct.
0
 

Author Comment

by:bubuko
ID: 23729392
thank you for your time!
0
 

Author Comment

by:bubuko
ID: 23787938
Hi MrJemson, Sorry to bug you again. I tried to use MSTSC in 98 compatibility mode. But everytime I always got <lang_name> \mtsc.exe.mui message, do you know why?
0
 
LVL 8

Expert Comment

by:MrJemson
ID: 23788604
I am not 100% sure what you mean.
Perhaps you should open a new question?
0
 

Author Comment

by:bubuko
ID: 23792234
Hi , it's one of your answer from above
"Are you running MSTSC in 98 compatibility mode?

Full how to can be found here:
http://www.dd-wrt.com/phpBB2/viewtopic.php?t=3516"

I tried it with ssh, but I always got <lang_name> \mtsc.exe.mui message
0
 
LVL 4

Expert Comment

by:onlyamir007
ID: 23906507

hi guys,


 
I really dont wanna hack your thread but I didnt any response so I find experts
 
 
please if u  guys can help me?? how can i route my internet traffic via VPN ???
 
http://www.experts-exchange.com/Hardware/Networking_Hardware/Routers/Q_24220326.html 

 
please answer me .... thankx
 
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you thought ransomware was bad, think again! Doxware has the potential to be even more damaging.
Ransomware continues to be a growing problem for both personal and business users alike and Antivirus companies are still struggling to find a reliable way to protect you from this dangerous threat.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question