Why SSH into Router

I noticed that it is possible to SSH into my GL-AXT1800 with the admin credentials. What do people use that for? Why? Is there a CLI to control router settings or something?

If I don’t have a use for SSH’ing into the router, can I shut SSH off in order to minimize the attack surface?

Lot’s of reasons. Testing. If you have an attached drive or card, you can download directly to the drive via ssh. But yeah if you’re just using it for everyday routing, turn it off.

Attack surface of SSH while using Public keys is nearly zero.

If you want to disable ssh, you can disable dropbear :+1:

If you go to advanced settings and login into luci.

You can go here: System (tab) → Administration → SSH Access (tab).

Delete the ssh instance there.

Then disable the ssh service:

You can go here:

System (tab) → Startup

Then find Dropbear stop it and then disable :wink::+1:

1 Like

I would like to know specifically what that is for. “Lot’s of reasons” doesn’t ansser that.

And HOW do I turn off SSH access? That was the other question albeit implicit one.

SSH is similar to a cmd shell, but with capabilities it can also be accessed external.

By default this is not configurated to be accessible from the outside on wan scope only the local networks.

SSH is a admin CLI, you can use it to diagnose things, edit files, its basically Linux in a command window :+1:

A proper configuration consists of not using root account (well cough cough that is not by OpenWrt design also not really a huge issue on local scope), but in practice key authentication is securer than password, with putty you have a program called puttygen where you can easily create the public key this you can paste in luci and disable root passwords :+1:

Thanks. This answers part of my question. And I have another: what is “dropbear”? Where can I find out more about it?

Thanks. Where can I learn specifically how to use the the Router’s linux shell to configure it? The manual I got with it talks about how to plug it and turn it on. That’s it!

Dropbear is the SSH server, if you want to know more about it here are some pages:



Note dropbear is not standard in the Linux kernel, but since that OpenWrt (the OS), is made to be very small to run on these small chips, dropbear has a smaller in footprint than other ssh servers.

That is just Linux :wink:, so learning linux commands would help you alot :+1:

And for OpenWrt specific commands:


Uci is a tool to modify configuration files, or to use it in your scripts, you can also use vim which is a default text editor in Linux.