Modify

Opened 3 years ago

Last modified 3 years ago

#19993 new defect

After reboot, WAN SSH fails unless DropBear is restarted

Reported by: jw0914 Owned by: developers
Priority: normal Milestone: Chaos Calmer 15.05
Component: packages Version: Trunk
Keywords: dropbear, ssh Cc:

Description

After reboot, remote WAN SSH fails unless DropBear is restarted, whereas LAN SSH has no issues.

(I'm not sure what information is needed, so please let me know what other information I need to pull and post.)

K.V.: 3.18.16
F.V.: r46118 / LuCI (git-15.168.50780-bae48b6)
DropBear V.: 2015.67-1

LAN SSH is set to it's own port and set to LAN only
WAN SSH is set to it's own port and set to WAN only

From looking at the running processes, DropBear is starting a process for the LAN SSH port, but is not starting the subsequent process for the WAN SSH port. As a workaround, I'll simply add a command to restart DropBear after a reboot.

Attachments (0)

Change History (1)

comment:1 Changed 3 years ago by m+openwrt@…

Following the situation for barrier breaker which - at least to my knowledge - is still the same for trunk:

Well, it is only possible to bind dropbear to IP-Adresses and not to interfaces. Because of that, the interface config option is a bit misleading. It has to be read as "bind to ip-addresses of interface".

I assume your openWRT device get its WAN IP-Adress via pppoe/dhcp and that happens after dropbear is started in the openwrt boot process. The logical consequence: The WAN interface has no IP-Adress which dropbear can listen on.

You have to add a hotplug script that restarts dropbear when the WAN interface comes up as illustrated by http://wiki.openwrt.org/doc/uci/dropbear to fix your issue. Maybe it's possible to add an interface specific dropbear reload trigger via netifd or procd. I guess the later one would be accepted for inclusion into the openwrt source.

Furthermore, without such a hotplug script, dropbear would listen infinite on the IP-Address which the WAN interface has at the time dropbear was started and doesn't rebind to a possible new assigned WAN IP-Address.

I guess the situation is the same for changing IP-Addresses on LAN (new IPv6 prefix for example) so it should be safe to restart dropbear if any interface is brought up.

Add Comment

Modify Ticket

Action
as new .
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.