Welcome to the new FlexRadio Community! Please review the new Community Rules and other important new Community information on the Message Board.
If you are having a problem, please refer to the product documentation or check the Help Center for known solutions.
Need technical support from FlexRadio? It's as simple as Creating a HelpDesk ticket.

SmartLink and Dropbear SSHD

Can anyone tell me what "Dropbear SSHD 2020.81 protocol 2.0" that is running on all my radios on port 22 does, other than the generic answer that it is an SSH port forwarding connection? Does it have something to do with "Bronze Bear"?

It is involved in SmartLink functionality, from my discovery. What specifically does it do?

I hope this isn't another Flex Radio "secret", as I had a networking issue that affected SmartLink which took me a day to fix after several arguments Friday with my ISP's second level support people (On a CONTEST WEEKEND... Again!). It seems my ISP (Spectrum/Charter) was not happy it was there and sitting open all the time.

Thanks in advance!

Lu Romero - W4LT

Comments

  • Neil D Friedman N3DF
    Neil D Friedman N3DF Member ✭✭✭✭

    Just wanted to mention that I have been running SmartLink through my Spectrum internet, pretty much without issues, for the past several years. However, I don’t tax it much—just using my iPhone or mini iPad within the greater Dayton area.

  • Lu Romero
    Lu Romero Member ✭✭

    All:

    The solution to this issue is that my ISP was trying to help me where no help was needed.

    They did a routine port scan, found an open port, matched it with a CVE and found that it had a report of a vulnerability. Instead of asking me what I was doing, they simply blocked the port.

    This caused SmartLink to stop working. Finally, when I had finished investigating from my end and discovering that there was a Port 22 open in addition to the standard 4993 and 4994 ports for SmartLink, I spent several hours on the phone working my way up through Spectrum's support structure, finally reaching a supervisor that explained the port block.

    It took a while, but I explained Amateur Radio and Remote Operations to her and she relented and had her staff re-open the ports, where SmartLink started working again. Ive researched this DropBear module on my own and now know enough to close the discussion with Spectrum.

    So this problem is solved. The CVE is attached in case someone else gets a nastygram from their ISP.


  • KP4IP
    KP4IP Member ✭✭

    So they blocked port 22 + the 4993 and 4994? Port 22 shouldn't be open anytime unless intended by the user. Also, port 22 is NOT necessary for SmartLink.

    73' KP4IP

  • Lu Romero
    Lu Romero Member ✭✭

    Blocked 22, 21000, 22000, 21010, 22018 on their WAN on our gateway at the radio site. One user discovered it. I figured it out when my personal radio still worked and my admin back door to the site still worked. It’s straightened out now. At least they’re watching out for this, so I guess it’s a good thing?

    lu

  • Lu Romero
    Lu Romero Member ✭✭
    edited March 2023

    It appears that I had a, shall we say, "overzealous" Administrator at my ISP's NOC who took it upon herself to close the ports on the radio side of our remote system. I spoke to her earlier this week, again explained what we were doing and how we were doing it and she now understands the situation, was very gracious about her actions and has since unblocked the ports that were previously blocked on our external IP.

    I suspect that, even though I was told that no one penetrated my LAN at the remote, that was not the case (it is their proprietary router, and they can get into it remotely). To solve this "issue" going forward, I've purchased our own router/DOCSIS DSU for this site which will be delivered Monday and on Tuesday I will install it. Their proprietary router will be returned and now since the demarc point is on the WAN side of our router, they can't get into my LAN anymore and mess with it.

    This problem is now solved.

    Lu Romero - W4LT

  • KD0RC
    KD0RC Member, Super Elmer Moderator

    Hey Lu, never a dull moment! I'm glad that you got that all sorted out. Trying to keep a club station afloat has all the pain of a full-time job, with none of the pay...

    Did you and Dave ever get the antenna disconnector gizmo working? Last I heard, Dave was waiting for some opto-isolators (or something).

  • Lu Romero
    Lu Romero Member ✭✭

    Yeah. Feels like work.

    The box is not up yet. I think Dave is still working on the hardware.

    lu

  • Mike-VA3MW
    Mike-VA3MW Administrator, FlexRadio Employee, Community Manager, Super Elmer, Moderator admin

    We had this discussion on FaceBook.

    The port in question is a highly secure service port for the radio and is not exposed to the outside world. This should not have involved the ISP at all.

  • Lu Romero
    Lu Romero Member ✭✭

    Yes. But they did and we have new developments that I will soon document.

    lu

  • Lu Romero
    Lu Romero Member ✭✭

    See ticket #58097 for latest developments.

    lu W4LT

  • Lu Romero
    Lu Romero Member ✭✭
    edited April 2023

    As of this moment, we have been offline on our remote for a week now. Amazingly, everything works perfectly from my home to the remote and from the remote to my home. Lots of people are stumped over this issue, even a guy who is the senior system administrator for a University Research Computer Cluster. See ticket #58097 for latest developments.

    However, no one else can connect to SmartSDR from any other place, including my iPhone on an external network. All network settings are correct per Flex Support. All network ports are open per both ISP's. Both ISP's say their network is functioning properly.

    Attempted to rebuild site router, but no solution. Still back to the conditions on the paragraph above.

    We have decided to purchase a mid range router of our own, get rid of the Frontier supplied router (they are no help) and see if this solves the problem. The decision to stay with SmartLink if we can is due to our user's networking experience (or lack of). Its the easiest solution for 66% of our users.

    If replacing the router with something better doesnt solve this issue, then we will rid ourselves of SmartLink and implement OpenVPN for access.

    Oh, how I long for direct IP access to the radios from the clients. Or have a remote server app running so as to transfer only needed data outside of the remote location over a HTML 5 client... But, alas, we must jump through all these hoops to get the system working.

Leave a Comment

Rich Text Editor. To edit a paragraph's style, hit tab to get to the paragraph menu. From there you will be able to pick one style. Nothing defaults to paragraph. An inline formatting menu will show up when you select text. Hit tab to get into that menu. Some elements, such as rich link embeds, images, loading indicators, and error messages may get inserted into the editor. You may navigate to these using the arrow keys inside of the editor and delete them with the delete or backspace key.