SSH access for newcomers

One way to manage OpenWrt is through the command‑line interface using SSH. By default, OpenWrt accepts SSH connections on port 22/tcp.

SSH to OpenWrt

To connect to your OpenWrt device, make sure your computer is on the same local network. Then open a terminal emulator and enter: 

ssh root@192.168.1.1

Explanation:

  • ssh, the command that starts an SSH session;
  • root, the default administrator account on OpenWrt;
  • 192.168.1.1, the default LAN IP address of an OpenWrt router.

The first time you connect to your router over SSH, you will likely see a message about a “... key fingerprint ...” and the question “Are you sure you want to continue connecting ...”.

  • If you are sure you are connecting to your OpenWrt device, type yes and press Return.

If you see the prompt “root@192.168.1.1's password:”, enter the password you set for your router.

Here is an example session: 

$ ssh root@192.168.1.1
The authenticity of host '192.168.1.1 (192.168.1.1)' can't be established.
RSA key fingerprint is SHA256:4VbDA/MOc7inPiyllF5f0r3Q6iEx89ddKdhLGBovsiY.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.1.1' (RSA) to the list of known hosts.
root@192.168.1.1's password:

BusyBox v1.28.4 () built-in shell (ash)

  _______                     ________        __
 |       |.-----.-----.-----.|  |  |  |.----.|  |_
 |   -   ||  _  |  -__|     ||  |  |  ||   _||   _|
 |_______||   __|_____|__|__||________||__|  |____|
          |__| W I R E L E S S   F R E E D O M
 -----------------------------------------------------
 OpenWrt 18.06.2, r7676-cddd7b4c77
 -----------------------------------------------------

root@OpenWrt:~#

To end the SSH session, type exit and press Return.

Notes

  • Depending on your system’s configuration, you may not see your password as you type it.
  • If password is not set yet, a “WARNING!” appears with the message “There is no root password defined on this device! Use the “passwd” command to set up a new password in order to prevent unauthorized SSH logins.”
  • If the message “WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!” appears after reinstalling or resetting the router ...
    • edit or delete host key for 192.168.1.1 in “known_hosts” file to get rid of this message;
      • alternatively use command ssh-keygen -R 192.168.1.11);
    • after resolving host key for 192.168.1.1 in “known_hosts” file, try again SSH to OpenWrt.
  • To add an SSH public key to your OpenWrt device, see From the LuCI Web Interface.

Terminal emulators

Windows

Built-in terminals

Windows provides a command-line SSH client as part of the default installation accessible via Windows Terminal, PowerShell, or Command Prompt. These can be used as terminal emulators when SSHing to OpenWrt.

However, if your version of Windows is older, you may follow this guide or use a third party option listed below.

Windows SSH also includes an SCP client (to open/edit/download/upload files via SSH). Alternatively, you can use WinSCP (see below), which is often easier for SCP purposes.

Windows Subsystem for Linux (WSL)

The Windows Subsystem for Linux is a convenient way to run a Linux environment of your choice directly in Windows. It should already have a command-line SSH client preinstalled. With this you can SSH to OpenWrt.

For detailed steps on how to install WSL, refer to Microsoft's WSL documentation.

WinSCP

WinSCP allows you to browse the OpenWrt file system in a Windows Explorer-like GUI.

  • Download WinSCP, get the non-beta Installation package or portable executables and install or unzip them on your Windows client.
  • Start WinSCP.exe, WinSCP's login window will pop up.
  • Click on New Site on the left, ensure File protocol is set to scp then enter the IP address of your OpenWrt device (usually 192.168.1.1) on the right side into Host name, keep the default port 22. In User name enter root, in Password, enter your root password (or leave blank if you have not set a password yet)
  • Click the Login at the bottom of the window.
  • You now have an Explorer-like view of your OpenWrt file system.

Editing OpenWrt config files with WinSCP's integrated GUI editor.

  • Just right-click the file in WinSCP and select Edit from the context menu.

Connect using private key:

  • click on Tabs - Sites - Site Manager...;
  • click on Edit (for existing Remote connection) or add a New Site;
  • click on advanced... button to open popup menu;
  • click on SSH - Authentication - Private key file and point to your private key file *.ppk.

Now you don't need to fill in the password field on the site page in WinSCP. Instead you will be asked for the passphrase of the private key when connecting.

Other third party terminals

For many years, Windows did not include a viable terminal emulator out of the box and as such there are many high quality third party projects with SSH available. Below is a short list of options with advanced features you might want to use instead of the built-in options.

Linux

Most Linux distributions include an SSH client and a terminal emulator as part of the default installation. With these you can SSH to OpenWrt.

Linux also usually has SCP/SFTP clients (to open/edit/download/upload files in OpenWrt), which may or may not be installed by default.

macOS

On macOS, with any terminal emulator you can SSH to OpenWrt.

  • Terminal, the macOS built-in terminal program, to be found in /Applications/Utilities.
  • iTerm2, a much-enhanced terminal program.

ChromeOS

On ChromeOS, with the Secure Shell extension as SSH client and terminal emulator you can SSH to OpenWrt.

Android

For Android, there are many apps available such as Termius and Termux.

iOS

Same for iOS, there are many apps available such as Termius.

cross-platform

Midnight Commander is a cross-platform Norton Commander-like file manager.

You can access remote files on OpenWrt via mc:

  • press 'F9';
  • select 'Left' panel config;
  • select 'Shell link';
  • input 'root@192.168.1.1/' and press OK;
  • now you'll see a list of files and directories in the root of OpenWrt.

Internally, it works over a protocol similar to SCP, called FISH, so it doesn't require an installed SFTP server.

Footnotes

1)
Reference: ssh-keygen
This website uses cookies. By using the website, you agree with storing cookies on your computer. Also you acknowledge that you have read and understand our Privacy Policy. If you do not agree leave the website.More information about cookies
  • Last modified: 2026/02/23 15:05
  • by ja