netbird icon indicating copy to clipboard operation
netbird copied to clipboard

Published 20 hours ago verified publisher icon netbirdio

netbird ssh on OpenWrt not working

Open mrbluecoat opened this issue 1 year ago • 3 comments

Describe the problem

NetBird SSH on NetBird 0.27.3-r1 on OpenWrt isn't working

To Reproduce

Steps to reproduce the behavior:

  1. Login to OpenWrt as root
  2. Run opkg update && opkg install netbird
  3. Run netbird up to join your account as a peer
  4. Add CGNAT CIDR to firewall:
cat >> /etc/config/firewall <<EOF

config  zone
        option  name        'NetBird'
        option  input       'ACCEPT'
        option  output      'ACCEPT'
        option  forward     'REJECT'
        option  subnet      '100.64.0.0/10'

EOF
  1. In https://app.netbird.io/peers click the three-dots button to the right of the OpenWrt peer row and select Enable SSH Access
  2. In another peer terminal, try sudo netbird ssh your-openwrt-device.netbird.cloud (using your actual OpenWrt peer address)

Expected behavior

SSH login is granted. Instead I get:

Error: dial tcp 100.x.x.x:44338: connect: connection refused
Couldn't connect. Please check the connection status or if the ssh server is enabled on the other peer
You can verify the connection by running:

 netbird status

On the OpenWrt server:

# netbird status
Daemon version: 0.27.3
CLI version: 0.27.3
Management: Connected
Signal: Connected
Relays: 0/2 Available
Nameservers: 0/0 Available
FQDN: openwrt.netbird.cloud
NetBird IP: 100.x.x.x/16
Interface type: Userspace
Quantum resistance: false
Routes: -
Peers count: 1/1 Connected

Are you using NetBird Cloud?

Yes

NetBird version

0.27.3-r1 on OpenWrt server 0.27.4 on Ubuntu client

** Notes **

ssh [email protected] (using your actual OpenWrt peer address) works fine, leveraging the default Dropbear SSH server on OpenWrt

mrbluecoat avatar May 04 '24 22:05 mrbluecoat

Have you enabled ssh on the peer: https://docs.netbird.io/how-to/cli#up

lixmal avatar May 05 '24 07:05 lixmal

@heisbrot I think that we should indicate in the web UI that the user should ensure that the client app should be started with the netbird up --allow-server-ssh flag to explicitly permit SSH.

braginini avatar May 05 '24 10:05 braginini

Oh, interesting. You are correct that I assumed the UI step was all that was required on the server side. +1 for braginini recommendation.

Out of curiosity, what does the UI Enable SSH Access action do?

mrbluecoat avatar May 05 '24 14:05 mrbluecoat

netbird up --allow-server-ssh worked like a charm, thanks. Is there a way to apply this setting via a config file rather than a CLI argument? (OpenWrt custom builds leverage files for configuration rather than runtime arguments.)

mrbluecoat avatar May 07 '24 00:05 mrbluecoat

P.S. I see where you can use an environment variable export NB_ALLOW_SERVER_SSH=true via https://docs.netbird.io/how-to/cli#environment-variables. I think I can use this and $HOME/.profile for my needs: https://forum.openwrt.org/t/set-environment-variable/36723/2

mrbluecoat avatar May 07 '24 00:05 mrbluecoat

Even better, I found you can set it via "ServerSSHAllowed": true in /etc/netbird/config.json

mrbluecoat avatar May 07 '24 01:05 mrbluecoat

How did you download the latest version of netbird for openwrt?

XMethues avatar Jun 15 '24 07:06 XMethues

@Tatametheus I didn't: 0.27.3-r1 on OpenWrt server

mrbluecoat avatar Jun 15 '24 15:06 mrbluecoat