Asus RT-N66U Enable SSH Access

Question

Is the option to enable ssh access to this router not available in the stock version of the firmware?

I can only see "Enable Telnet" under Administration -> System.
That's kind of lame. Telnet is sent over the network in plain text and is not secure. I have firmware version 3.0.0.4.376_1071 and that is the latest version according to the check for updates feature on the router.

If you Google around, other people have been talking about SSH access into this popular router. Are they using some custom firmware?

I'm not familiar with this particular router, but did you check to make sure that SSH is not just always on (so there is no option to enable/disable it)? — lzam, Sep 12 '14 at 21:21
Yes, I checked. I could indeed telnet in but ssh connections are refused. — CarlGammaSagan, Sep 12 '14 at 21:32
I cannot find any mention of ssh in the online manual, http://s3.amazonaws.com/szmanuals/94e22106f06ba60241c493946c403c46 — MariusMatutiae, Sep 13 '14 at 06:15
3.0.x firmwares are wrt based so you do not necessarily need a custom firmware to add some functionality. See http://irq5.io/2012/12/10/hacking-functionality-into-asuswrt-routers/ Also, see https://github.com/RMerl/asuswrt-merlin/wiki which is a fork of ASUSWRT to give you more options. Finally, note that telnet on a local confined LAN is kina OK (though not a good practice). — Mahdi, Jan 14 '15 at 20:38
I have the AC-version of the same router and there is no SSH there either. However, I have a strong memory there was en SSH-option when I bought this router so some update along the road must have removed it. Stupid. — d-b, Dec 16 '17 at 15:27
Could someone please state the benefits of SSH access to a router? What can be done over SSH? Is it a subset/same/superset of what is available in the web-gui, for example? — RoG, Oct 11 '21 at 12:51

score 4 · Accepted Answer · answered Sep 12 '14 at 21:28

4

are they using some custom firmware?

Yes, most owners of this router use custom firmware like tomato or mods thereof.

answered Sep 12 '14 at 21:28

Jan

1,898
13
18

1

Someone care to explain the downvotes? – Jan Mar 04 '16 at 06:34

score 3 · Answer 2 · answered Dec 01 '15 at 01:49

Even though this is a year old I wanted to chime in with what I found because I was just now trying to get sshd working on the same router after reading similar pages.

I'm using version 3.0.0.4.376_3861 and they still haven't added in sshd. I got a chuckle out of the hidden ssh options in the menu. They are still there, but don't work. I telnetted in and did nvram show | grep ssh. Nothing was already there, but I tried shinji14's answer anyway. I tried with reboot too, but nmap still showed no SSH on a port scan. I then telnetted back in and tried ls -alR --color=always | more and after scanning the results I saw that they are using BusyBox. I couldn't remember if BusyBox had sshd built in so I did busybox --help and didn't see it in the list.

BusyBox's site mentions Dropbear for sshd here, so it looks like they are likely using a WRT variant like 0xC0000022L mentioned or they may be putting Dropbear on it. I'll probably end up trying Dropbear myself. If that works then I'd say it'd be the way to go because one could pretty much keep it stock and then just put it back on anytime an official update is installed.

score 2 · Answer 3 · answered Dec 10 '14 at 20:43

According to its author, the customized version of AsusWRT named AsusWRT-Merlin supports SSH in the form of dropbear.

Search for "SSHD" in this README.

Check out the Github website and build your own or follow the download link at the bottom.

Also note: AsusWRT was originally a fork of Tomato. It diverged quite a lot since then, but if you only need a version that is somewhat enhanced over the offer Asus makes on its firmware download page, this may be the right thing for you.

score 0 · Answer 4 · edited Jan 14 '15 at 21:29

0

If you debug the router webpage, in the administration tab you can see that the ssh row is hidden with style display:none;

You can go through telnet and set the values with

nvram set sshd-enabled=1
nvram set sshd-port=22

You can find those values in the apache server of the router, checking the source code of the router webpage.

edited Jan 14 '15 at 21:29

u1686_grawity

426,297
64
894
966

answered Jan 14 '15 at 20:27

shinji14

145
1
1
6

This did not work for me. I have firmware 3.0.0.4.376_3861. I did find / -name ssh -print as well as -name sshd and came up with nothing. – pedz May 18 '15 at 14:23
I agree. This looks good, but it does not work. Yes, the HTML is hidden using JavaScript. You can open your web console and type `$('ssh_table').style.display='';` to show it. But setting the nvram value does not cause it to be displayed when reloading the page, and showing it, clicking the "Enable" button and applying does not turn SSH on. – Phrogz Oct 29 '15 at 03:31
1

I think in order for nvram changes to work, you need to do `nvram commit` and restart router (`reboot`.) But after doing that on the latest firmware (3.0.0.4.378_9459-g7ddc2c6) I can't connect with ssh on that port ("connection refused".) – Carl G Apr 16 '16 at 17:00

Asus RT-N66U Enable SSH Access

4 Answers4

Linked