Archer A9 accepts SSH inbound connections to router
Firmware 1.1.1 build 20210315 rel. 40657. My router accepts inbound SSH conections How can this be stopped so the router does not accept SSH connections ?
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
If you haven't explicitly allowed SSH connections through port-forwarding (virtual servers), DMZ or passively by UPnP, then most probably this is due to how Tether app connects to your A9 - only Tether app can have access to your A9 in this case.
Describe your network topology. Is there any SSH servers configured on your local network ? Is 192.168.100.1 your Archer A9 LAN IP address ?
- Copy Link
- Report Inappropriate Content
@terziyski There is no option on the router to allow SSH. Yet if an attempt is made to connect to the router via SSH the following occurs.
The authenticity of host '192.168.100.1 (192.168.100.1)' can't be established.
RSA key fingerprint is SHA256:2h2I8Mt4mQrNRkvEjdptIMAvXqVgWn815NO1RQw0dEs.
Are you sure you want to continue connecting (yes/no/[fingerprint])?
Meaing it ready to authenticate a user for SSH. the router should not respond in any way to SSH, unless there is a setting.
How can this be turned off?
- Copy Link
- Report Inappropriate Content
The network has one workstation connected to the router via ethernet. The ssh is initiated to the router from a workstation.
There is no tethered apps. There is no UPNP as that is diasbled.
Why would a tethered app activate SSH when there is no need ? How would a tethered app used SSH?
- Copy Link
- Report Inappropriate Content
I was referring to the Tether app from TP-Link, which is used to manage the router - check this FAQ.
That means, even TCP port 22 is open, only Tether app can login your router and make changes on its configuration.
- Copy Link
- Report Inappropriate Content
@terziyski That answer still does not make sense as the router is still repsonding to SSH attempt connections. If according to the documentation
"Other SSH clients cannot access to TP-Link products or adjust their settings with command lines. So please rest assured that the SSH will never cause any safety issues on your device."
It should not respond to a workstations via SSH and should be turned off to prevent that response .
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
Yeah, that's definitely something to be concerned about. It seems to me these home routers do not have enough flexibility to allow users to make the changes they need.
There's no way you cam get to a shell to see what's going on with these web interfaces. In the advanced option lacks functionality. The logging is awfully quiet too.
You can use a port scanner to scan your router at home to see if port 22 or a higher port is open. But if there's no option in the web interface, then you can't do it. Tp link should provide a shell service for advanced users to look at what's going on.
- Copy Link
- Report Inappropriate Content
@Antiks72 The SSH 22 port is definitley open on the
archer router. I know this becuase I can connect via SSH but not authenticate.
Why is there no option to turn SSH to the router off?
Why does user authenticating to the router not show up in the log either legitimate or not ?
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 758
Replies: 8
Voters 0
No one has voted for it yet.