SSH access for newcomers

One of the methods to manage OpenWrt is by using a command-line interface over SSH. OpenWrt listens for incoming SSH connections on port 22/tcp by default. In order to SSH into your router, be connected to the same local network and enter the following command in a terminal emulator, using your router's LAN IP address, which by default is 192.168.1.1:

ssh root@192.168.1.1

The first time you SSH into your router, you will probably see a warning about the RSA key fingerprint. If you are certain this is the address of your OpenWrt device, simply type yes and press Return. Then enter the password you assigned to your router, or press Return if this is the initial setup. Here is an example session:

$ ssh root@192.168.1.1
The authenticity of host '192.168.1.1 (192.168.1.1)' can't be established.
RSA key fingerprint is SHA256:4VbDA/MOc7inPiyllF5f0r3Q6iEx89ddKdhLGBovsiY.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.1.1' (RSA) to the list of known hosts.
root@192.168.1.1's password:

BusyBox v1.28.4 () built-in shell (ash)

  _______                     ________        __
 |       |.-----.-----.-----.|  |  |  |.----.|  |_
 |   -   ||  _  |  -__|     ||  |  |  ||   _||   _|
 |_______||   __|_____|__|__||________||__|  |____|
          |__| W I R E L E S S   F R E E D O M
 -----------------------------------------------------
 OpenWrt 18.06.2, r7676-cddd7b4c77
 -----------------------------------------------------

root@OpenWrt:~#

Note: you probably won't see your password as you type it, though that depends on the configuration of your system.

Note: To add an SSH public key to your OpenWrt device, see From the LuCI Web Interface

To end the SSH session, type exit and press Enter.

The remainder of this page describes terminal emulator options for SSH in Windows, Linux, and macOS.

Windows provides a command-line SSH client as part of the default installation accessible via Windows Terminal, PowerShell, or Command Prompt. However, if your version of Windows older, you may follow this guide or use a third party option listed in the section below.

Open Windows Terminal.

1. Write ssh root@192.168.1.1 (“ssh” is the program, “root” is the user you are connecting as, and “192.168.1.1” is the IP)
2. There will be a message to accept a new key from the OpenWrt device, write “yes” and press Enter.
   1. If for some reason you have reinstalled OpenWrt, the device will have a different key, and you will get an error about a key mismatch. The error will state the command to copy and paste into your terminal to delete the old key and proceed. Do it and retry. If that does not resolve the error then delete the C:\Users\yourusername\.ssh\known_hosts file then try again it will work.
3. If you want to close the session, write “exit”.

Windows SSH also includes an SCP client (to open/edit/download/upload files via SSH). Alternatively, you can use WinSCP, which is often easier for SCP purposes.

The Windows Subsystem for Linux is a convenient way to run a Linux environment of your choice directly in Windows. It should already have a command-line SSH client preinstalled, for more instructions see the Linux terminal emulators section. For detailed steps on how to install WSL, refer to Microsoft's WSL documentation.

WinSCP allows you to browse the OpenWrt file system in a Windows Explorer-like GUI.

1. Download WinSCP, get the non-beta Installation package or portable executables and install or unzip them on your Windows client.
2. Start WinSCP.exe, WinSCP's login window will pop up.
3. Click on New Site on the left, ensure File protocol is set to scp then enter the IP address of your OpenWrt device (usually 192.168.1.1) on the right side into Host name, keep the default port 22. In User name enter root, in Password, enter your root password (or leave blank if you have not set a password yet)
4. Click the Login at the bottom of the window.
5. You now have an Exlorer-like view of your OpenWrt file system.

Editing OpenWrt config files with WinSCP's integrated GUI editor.

1. Just right-click the file in WinSCP and select Edit from the context menu.

Connect using private key.

1. Click on Tabs - Sites - Site Manager...
2. Click on Edit(for existing Remote connection or add a New Site
3. Click on advanced... button to open popup menu
4. Click on SSH - Authentication - Private key file and point to your private key file *.ppk
   • To generate a private key file use the instruction above using Putty.

Now you don't need to fill in the password field on the site page in WinSCp. Instead you will be asked for the passphrase of the private key when connecting.

Historically for many years Windows did not include a viable terminal emulator out of the box and as such there are many high quality third party projects with SSH availble. Below is a short list of options with advanced features you might want to use instead of the built-in options.

1. PuTTY
2. SmarTTY
3. WinSCP
4. Cmder

Most Linux distributions provide a command-line SSH client as part of the default installation.

1. Open a terminal emulator and write ssh root@192.168.1.1
2. There will be a message about accepting a new key from the OpenWrt device, write “yes” and press Enter.
   1. If for some reason you have reinstalled OpenWrt, the device will have a different key, and you will get an error about a key mismatch. The error will state the command to copy and paste into your terminal to delete the old key and proceed.
3. If you want to close the session, write “exit”

Linux also usually has SCP/SFTP clients (to open/edit/download/upload files in OpenWrt), which may or may not be installed by default.

On macOS any terminal emulator will allow you to SSH.

1. Terminal - The macOS built-in terminal program, you can find it in /Applications/Utilities.
2. iTerm2 a much-enhanced terminal program.

To SSH into your OpenWrt router at 192.168.1.1, type ssh root@192.168.1.1, then press Return.

On ChromeOS, the Secure Shell App will allow you to SSH.

For Android, there are many apps available such as Termius and Termux.

Same for iOS, there are many apps available such as Termius.

Midnight Commander is a Norton Commander-like file manager that works on Linux and macOS. You can access remote files on OpenWrt via mc:

1. Press 'F9'
2. Select 'Left' panel config
3. Select 'Shell link'
4. Input 'root@192.168.1.1/' and press OK
5. Now you'll see list of files and directories in root of OpenWrt

Internally, it works over a protocol similar to SCP, called FISH, so it doesn't require an installed SFTP server.