You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Description:
I created a new network called whatever. It is neither part of lan nor br-lan.
In dropbear I restricted
→ System → Administration → SSH Access → Interface: "lan" (Listen only on the given interface or, if unspecified, on all)
(saved and rebootet)
I would assume that only devices from network lan can reach OpenWrt via SSH but also the network whatever can reach it. Is my assumption incorrect?
In the end I restricted it with firewall rules but for me this setting is irritating.
I also tried to use br-lan but that is not selectable via Luci and via ssh it gives an error...
vi /etc/config/dropbear
config dropbear
option Port '22'
option Interface 'br-lan'
option PasswordAuth 'off'
/etc/init.d/dropbear restart
error: interface br-lan has no physdev or physdev has no suitable ip
The text was updated successfully, but these errors were encountered:
I would assume that only devices from network lan can reach OpenWrt via SSH but also the network whatever can reach it. Is my assumption incorrect?
In the end the interface settings is resolved to the current IP of the underlying interface and dropbear will bind to that IP instead of using the 0.0.0.0 wildcard address. If your routing/firewall settings allow the "whatever" network to reach the IP address of the "lan" network then "whatever" can access dropbear. In that sense, the settings works as intended.
Also, you need to specify a logical interface, lan in your case. This will cause dropbear to bind to the IP address of the LAN interface.
phqzgunsfjror:
Environment:
Fritzbox 4040
LuCI openwrt-19.07 branch (git-21.044.30835-34e0d65)
OpenWrt 19.07.7 r11306-c4a6851c72
Description:
I created a new network called
whatever
. It is neither part oflan
norbr-lan
.In dropbear I restricted
→ System → Administration → SSH Access → Interface: "lan" (Listen only on the given interface or, if unspecified, on all)
(saved and rebootet)
I would assume that only devices from network
lan
can reach OpenWrt via SSH but also the networkwhatever
can reach it. Is my assumption incorrect?In the end I restricted it with firewall rules but for me this setting is irritating.
I also tried to use
br-lan
but that is not selectable via Luci and via ssh it gives an error...vi /etc/config/dropbear config dropbear option Port '22' option Interface 'br-lan' option PasswordAuth 'off'
/etc/init.d/dropbear restart
error:
interface br-lan has no physdev or physdev has no suitable ip
The text was updated successfully, but these errors were encountered: