- OpenWrt — Set SSH
- Disable PasswordAuth, Change Default Port
- Use uci command
- Edit /etc/config/dropbear Directly
- Simple Your Life With an SSH Config File
- Use SSH to connect to the internet and install LuCI web interface
- SSH access for newcomers
- Windows terminal emulators
- Windows 10/11 built-in terminals
- PowerShell
- Windows Subsystem for Linux (WSL)
- PuTTY
- WinSCP
- Cmder
- SmarTTY
- Linux terminal emulators
- Midnight Commander
- macOS terminal emulators
- ChromeOS terminal emulator
OpenWrt — Set SSH
Now ssh -i ~/.ssh/wrt_rsa root@192.168.1.1 can ssh to the OpenWrt system.
Disable PasswordAuth, Change Default Port
Use uci command
root@OpenWrt:~# uci show dropbear dropbear.@dropbear[0]=dropbear dropbear.@dropbear[0].PasswordAuth='on' dropbear.@dropbear[0].RootPasswordAuth='on' dropbear.@dropbear[0].Port='22' root@OpenWrt:~# uci set dropbear.@dropbear[0].Port='2222' root@OpenWrt:~# uci set dropbear.@dropbear[0].PasswordAuth='off' root@OpenWrt:~# uci set dropbear.@dropbear[0].RootPasswordAuth='off' root@OpenWrt:~# uci commit dropbear root@OpenWrt:~# uci show dropbear dropbear.@dropbear[0]=dropbear dropbear.@dropbear[0].Port='2222' dropbear.@dropbear[0].PasswordAuth='off' dropbear.@dropbear[0].RootPasswordAuth='off' root@OpenWrt:~# /etc/init.d/dropbear reload
Edit /etc/config/dropbear Directly
root@OpenWrt:~# cat /etc/config/dropbear config dropbear option PasswordAuth 'on' option RootPasswordAuth 'on' option Port '22' # option BannerFile '/etc/banner'
config dropbearoption PasswordAuth 'off'option RootPasswordAuth 'off'option Port '2222'# option BannerFile '/etc/banner'
root@OpenWrt:~# /etc/init.d/dropbear reload
Now only ssh -i ~/.ssh/wrt_rsa -p 2222 root@192.168.1.1 can ssh to the OpenWrt system.
Simple Your Life With an SSH Config File
Host openWRTUser rootHostname 192.168.1.1Port 2222PreferredAuthentications publickeyIdentityFile ~/.ssh/wrt_rsa
Now ssh openWRT can ssh to the OpenWrt system.
About dropbear
Dropbear is a relatively small SSH server and client. It runs on a variety of POSIX-based platforms. Dropbear is open source software, distributed under a MIT-style license. Dropbear is particularly useful for “embedded”-type Linux (or other Unix) systems, such as wireless routers.
Use SSH to connect to the internet and install LuCI web interface
The following instructions give the OpenWrt device an IP address in the same network of the ISP modem, then set the ISP modem’s IP address as “gateway” and “dns server” for the OpenWrt device, which is providing internet access to it’s clients.
The OpenWrt device will act as a client of the ISS modem and will be accessible through its LAN port.
For example that the ISP modem has IP address 192.168.2.1; so we can assign any IP that starts with 192.168.2.xxx. I will assign 192.168.2.200 to the OpenWrt device in the example.
uci set network.lan.ipaddr="192.168.2.200" uci set network.lan.gateway="192.168.2.1" uci set network.lan.dns="192.168.2.1" uci commit /etc/init.d/network restart
This should save the setting and close the ssh connection as the IP address was changed.
You can also disconnect power from the OpenWrt device now, the setting is saved.
Disconnect the cable from the notebook and connect it to the ISP modem’s Ethernet port.
Connect the PC to the ISP modem with DHCP (normal “automatic IP ” way), Wi-Fi or Ethernet should be the same. Connect to the OpenWrt device with ssh at IP 192.168.2.200.
This website uses cookies. By using the website, you agree with storing cookies on your computer. Also you acknowledge that you have read and understand our Privacy Policy. If you do not agree leave the website. OK More information about cookies
Self-registration in the wiki has been disabled.
If you want to contribute to the OpenWrt wiki, please post HERE in the forum or ask on IRC for access.
Except where otherwise noted, content on this wiki is licensed under the following license:
CC Attribution-Share Alike 4.0 International
SSH access for newcomers
One of the methods to manage OpenWrt is using command-line interface over SSH. OpenWrt listens for incoming SSH connections on port 22/tcp by default. To “ssh into your router”, you can enter the following command in a terminal emulator using you router’s LAN IP address that is typically 192.168.1.1 :
The first time you ssh into your router, you will probably see a warning about the RSA key fingerprint. If you are certain this is the address of your OpenWrt device, simply type yes and press Return. Then enter the password you have given to your router, or press Return if this is the initial setup. Here is an example session:
To end your ssh session to your router, type exit and press Return.
The remainder of this page describes several terminal emulators that Windows, Linux, or macOS can use to access your OpenWrt device.
Note: To add a SSH public key to your OpenWrt device, see From the LuCI Web Interface
Windows terminal emulators
Windows Terminal or the legacy PowerShell, Command Prompt, ConHost, or WSL Bash choices are available. Third party programs such as PuTTY, MinGW (installed with Git), Cmder, SmarTTY, and WinSCP are also terminal emulators that can provide SSH into an OpenWrt router.
Windows 10/11 built-in terminals
Windows Terminal, PowerShell, and Command Prompt allow using the SSH client. That client is now available by default, however if your version of Windows is older, you may follow this guide to enable SSH.
If you have installed a WSL distribution, the SSH client is usually preinstalled in there.
If you directly launch cmd.exe , powershell.exe or wsl.exe the legacy ConHost terminal will open. Otherwise, you can install the modern Windows Terminal from the MS store and select any of these shells from there.
Open any of the above terminal emulators and write ssh root@192.168.1.1 (“ssh” is the command, “root” is the OpenWrt user you are connecting to, and “192.168.1.1” is OpenWrt default IP )
There will be a message to accept a new key from the OpenWrt device, write “yes” and press Enter key.
If for some reason you have reinstalled OpenWrt the device will have a different key and you get an error about key mismatch. The error will state what is the command line to copy-paste in your terminal to delete the old key and proceed. Do it and retry. If that does not resolve the error then you may need to delete C:\Users\yourusername\.ssh\known_hosts and try again.
The Windows optional SSH feature also includes SCP client (to open/edit/download/upload files in OpenWrt via SSH ). Use google for SCP tutorials to learn how to use it. Otherwise, use WinSCP which is easier for SCP purposes.
PowerShell
Windows Subsystem for Linux (WSL)
The Windows Subsystem for Linux is a convenient way to run a Linux environment of your choice including most,command-line tools, utilities, and applications directly on Windows. For detailed steps of how to install WSL on Windows 10, refer to Microsoft’s documentation: https://docs.microsoft.com/en-us/windows/wsl/install-win10
PuTTY
PuTTY gives you command-line access to OpenWrt.
go to the Session category of PuTTY’s login window, look for the field Host Name (or IP address) and simply enter the IP -address (e.g. 192.168.1.1) of your OpenWrt device, keep the default provided port 22.
Click the Open button at the Bottom to open a connection. This will pop up a shell windows, asking to login as . Login as root with the OpenWrt password you have defined some time before. If you have not yet set a password yet on “root”, you will not be asked for the password.
Setting up key-based authentication.
Generate a key pair using puttygen.exe . Save the private key to the PC and add the public key to /etc/dropbear/authorized_keys on your OpenWrt device.
Connection → SSH → Auth: In the box “Authentication Parameters” under “Private key file for Authentication” state the path to your private key file for this connection (e.g. the openwrt.ppk file you created before). Best is to click “Browse. ” and select the file via the file dialog.
Load, save or delete a stored session, enter openwrt.lan in Saved Sessions and click the Save button.
To make a PuTTY shortcut with an automatic login, create one and append the saved session with an @ sign, for example call PuTTY with: putty.exe @openwrt.lan
WinSCP
WinSCP allows you to browse the OpenWrt file system in Windows Exlorer like GUI -style.
Download WinSCP, get the non-beta Installation package or portable executables and install or unzip them on your Windows client
Click on New Site on the left, ensure File protocol is set to scp then enter your OpenWrt device IP address (192.168.1.1) on the right side into Host name , keep the default port 22 . In User name enter root, in Password , enter your root password (or leave blank, if you have not set a password yet)
Editing OpenWrt config files with WinSCP’s integrated GUI editor.
To edit an OpenWrt config file with WinSCP’s GUI -based editor, just right-click the file in WinSCP and select Edit from the context menu.
Cmder
Cmder for Windows is an open-source terminal emulator that runs on Windows. It is free to use and provides an easy “command line shell” that allows you to ssh into OpenWrt. Its attractive fonts and color scheme are easy on the eyes. The Full distribution is preferred (over the mini distribution), since it provides a bash emulation, with a Unix-y suite of commands.
Open the Cmder folder, and double-click the Cmder icon. You’ll see a Cmder window open similar to the image below.
SmarTTY
SmarTTY gives you command line access to OpenWrt and allows you to open/edit/download/upload files in OpenWrt, and is overall more modern and user-friendly than PuTTY (another tool detailed below).
Download SmarTTY, choose “download” for the installer, or “portable version” if you want it as a standalone program that works without installation.
after installation or after unzipping the archive, doubleclick on SmarTTY executable file.
You will be greeted by a window with two choices, doubleclick on “setup a new SSH connection” (the other option is for serial connections, for usb- TTL dongles and somesuch you connect to the device’s debug serial pins on the board, we won’t use that now).
User Name: root (this is the “administrator” and only user in default OpenWrt)
Password: leave this blank for your first connection, then write the password you set up (either in Luci GUI or after your first SSH access)
A default OpenWrt firmware lacks the server component to allow you to open/edit/view/upoad/download files in SmarTTY, so after you have connected to the internet write opkg update && opkg install openssh-sftp-server to install it. If the next step fails, it might be necessary to reboot the OpenWrt device for this new service to start up properly.
Now you can click on File → Open a Remote File to open a popup that shows the file system of the OpenWrt device, and you can navigate in it and open text files for example as normal (they will open in a SmarTTY text editor window)
If you want to upload or download files to/from a specific folder in the device, you can click on SCP menu and choose the most appropriate action from there.
After the first time you connected to a device, SmarTTY saved a profile, so you can connect again to the same device (at that IP address with that password) by just doubleclicking its icon on the first window you see when starting SmarTTY. You can right-click on this profile icon to edit it again, if needed.
Linux terminal emulators
All Linux distributions provide a command-line ssh client as part of the default installation.
Open a terminal emulator and write ssh root@192.168.1.1 (“ssh” is the command, “root” is the OpenWrt user you are connecting to, and “192.168.1.1” is OpenWrt default IP )
there will be a message about accepting a new key from the OpenWrt device, write “yes” and press Enter key.
If for some reason you have reinstalled OpenWrt the device will have a different key and you get an error about key mismatch. The error will state what is the command line to copy-paste in your terminal to delete the old key and proceed.
Linux also usually has SCP/ SFTP clients (to open/edit/download/upload files in OpenWrt), which may or may not be installed by default. You need to look up your distro’s documentation or search with your package management interface for “scp” and “sftp” to find where it is and its current installation status. Read scp manual for the command line SCP client or google some tutorials to learn how to use it.
Midnight Commander
Midnight Commander is Norton Commander like file manager that works on Linux and macOS. You can access remote files on OpenWrt via mc:
Internally it works over scp like protocol FISH so it not needs for installed SFTP server.
macOS terminal emulators
On macOS (formerly Mac OSX) any terminal emulator will allow you to ssh.
To ssh into your OpenWrt router at 192.168.1.1, type ssh root@192.168.1.1 , then press Return.
ChromeOS terminal emulator
On ChromeOS, the Secure Shell App will allow you to SSH .
This website uses cookies. By using the website, you agree with storing cookies on your computer. Also you acknowledge that you have read and understand our Privacy Policy. If you do not agree leave the website. OK More information about cookies
Self-registration in the wiki has been disabled.
If you want to contribute to the OpenWrt wiki, please post HERE in the forum or ask on IRC for access.
Except where otherwise noted, content on this wiki is licensed under the following license:
CC Attribution-Share Alike 4.0 International