Introduction

This section describes how to turn on remote ssh access with regular root user. You'll need serial adapter connected to perform these steps. At this point you need to be logged in as root (using your serial adapter attached to router).

Mount the filesystem in read-write mode

Please see Saving files permanently to remount your / and /etc directories

Updating config xml to enable sys account login

If you previously enabled limited SSH access (by adding RemoteSSH flag in xml file directly), you need to remove this flag first:

uci delete dropbear.dropbear.RemoteSSH

Then perform these commands:

uci set dropbear.dropbear.SysAccountLogin=on
uci commit dropbear
lua -e 'require("luci.sys.config").saveconfig()'

These changes are required for /etc.init.d/dropbear script, because it was appending flags unsupported by the new dropbear binary (causing it to abort starting up). The last command makes your uci changes permanent.

Copying new dropbear binary

Transfer the new dropbear binary to /usr/sbin overwriting the old file (you can backup the old one first if you wish). The easiest way is to transfer the file via pendrive, which will be automatically mounted as /mnt/sda1 when you plug it into the router. Don't forget to chmod +x /usr/sbin/dropbear :)

Setup root password

Edit /tmp/root/etc/rc.local and include the command to set root password. The command below sets root password to 'admin'

sed -i 's/root:x:0/root:$1$6fOOmpc6$I58ozowznZOkIRazKo6Bq0:16800/g' /etc/shadow

You could actually try to edit /tmp/root/etc/shadowdirectly, but I'm not sure if this will work. /etc/shadow might be overwritten during startup.

I personally created my own startup script in /data/custom.sh

#!/bin/sh
sed -i 's/root:x:0/root:$1$6fOOmpc6$I58ozowznZOkIRazKo6Bq0:16800/g' /etc/shadow

and modified /tmp/root/etc/rc.local file to call my script. This gives me the flexibility to modify my own boot scripts without remounting /etc partition. /data is always mounted read-write, so I can modify custom.sh script anytime. The content of my /etc/rc.local file is listed below.

root@AC2300:/data# cat /tmp/root/etc/rc.local
# Put your custom commands here that should be executed once
# the system init finished. By default this file does nothing.

tddp &

(/data/custom.sh | tee /data/custom.log) &

exit 0

Enjoy

Reboot and pray to have a working router with ssh enabled over network :)

Persist your ssh server keys

You will notice that every router restart causes server identity keys to be changed. To fix it, login to your box (once ssh is running), remount your /etc in read-write mode and copy the current keys to /tmp/root/etc/dropbear with this command:

cp /etc/dropbear/dropbear_*key /tmp/root/etc/dropbear/