Erratum about SSH is very unhelpful

On Errata – Index of known bugs [Turris wiki] it says:

After setting a password for the advanced configuration it is not able to log in to Omnia via SSH. Please perform a factory reset or log in to Omnia via serial cable and enter the following command rm /etc/ssh/ssh_host_* to fix this issue.

This is not helpful, for a number of reasons. Firstly, no-one has a serial cable and if they did, there’s no serial port on the box. If it’s some secret header inside, you need to explain where it is and where to find an appropriate cable how to connect to it. But even then, this is an impractical suggestion.

So to the second one - perform a factory reset. But that doesn’t fix anything because as soon as you set a password for the advanced config again, the same problem will reoccur. The workaround doesn’t explain how to get both advanced web access and SSH working together.

Apparently, though, according to Got my router today - But can't SSH into it , it is possible to use the Custom commands UI on the Advanced interface to run command lines like the one which fixes it. This didn’t work for me, but perhaps I used the wrong commands. If it is possible, the erratum should explain how.

Gerv

I agree with you that the information is not easy for normal users.

It took me about 15 minutes to implement that, most of it spend searching for the image to see which pins to connect. If that information would have been linked there it would have taken 5 minutes. So it’s not impractical in my opinion. Just not for normal users.

This is interesting. I thought this is caused by some weird race condition, when router is restarted before the SSH host key generation succeeds. So a factory reset should help. Anyway, there is always option to reflash the firmware, which should be prehaps mentioned.

Well, the documentation certainly could be improved, as the number of red links implies. :wink:

The setup wizard will install an update that fixes this. After completing the wizard reboot to be sure that the fix is in place.

Alternative is to configure command “rm /etc/ssh/ssh_host_dsa_key /etc/ssh/ssh_host_dsa_key.pub /etc/ssh/ssh_host_ecdsa_key /etc/ssh/ssh_host_ecdsa_key.pub /etc/ssh/ssh_host_ed25519_key /etc/ssh/ssh_host_ed25519_key.pub /etc/ssh/ssh_host_rsa_key /etc/ssh/ssh_host_rsa_key.pub” in Luci and then execute it. Finally reboot.

1 Like

People who ordered the hacker perk got a suitable serial cable to implement the workaround. And here are the instructions how to use the serial cable:

But you are correct it would have been nice if there would have been more alternative instructions in the erratum.

Well, I wasn’t able to log in via SSH, and I performed the steps to fix it and they didn’t seem to, but it’s working now, so <shrug>. :slight_smile: If this is fixed in updated firmware, that should be noted on the erratum page.