Home

Forums

Stories

Knowledge Base

Home Network Community > Deco > SSH dropbear

< Deco

SSH dropbear

fab2k

a week ago

Posts: 4

Helpful: 0

Solutions: 0

Stories: 0

Registered: 2026-04-10

SSH dropbear

a week ago

Tags: #Wi-Fi 6E

Model: Deco BE65-5G

Hardware Version: V1

Firmware Version: 1.1.0 Build 20250730 Rel. 54880

hi All ,

I report two problems encountered on the Deco BE65-5G with current firmware:

1) SSH PROBLEM: The SSH (dropbear) service is active and accepts connections even with SSH disabled by the settings. Successful accesses from unidentified IPs with the entry 'Login attempt for nonexistent user / Password auth succeeded' appear in the system logs, on an installation with a single node and no SSH functionality enabled by the user.

2) 6GHz BAND/STEERING BAND PROBLEM: The nrd daemon performs continuous 802.11k measurements (every 6 seconds) on WiFi 7 devices with Apple N1 chips (iPhone Air), which support a maximum of 160MHz of bandwidth on 6GHz. The BE65-5G operates at 320MHz on 6GHz and does not expose options to reduce channel width, causing an uninterrupted loop of 'not MLD!' errors and periodic nrd crashes resulting in increased CPU utilization.

The Service Qos,IoT, VpN and others are disable, but the CPU work to 11% usage and memory to up 49%... I've a Log file to this elements .

I attach the system logs to support it. Thank you.

File:

log-2026-04-10-4.log.zipDownload

7 Reply

HelpFixDecoApp

LV5

Saturday

Posts: 1639

Helpful: 436

Solutions: 102

Stories: 0

Registered: 2024-08-25

Re:SSH dropbear

Saturday

@fab2k

Can you please submit your Deco logs. You can find the directions below

How to submit Deco APP log

Thanks

@David-TP

Need help with the Deco app, setup, Ethernet backhaul, network switch or rolling back firmware? Router or AP mode? https://community.tp-link.com/us/home/forum/topic/699816?page=1

fab2k

LV1

Saturday

Posts: 4

Helpful: 0

Solutions: 0

Stories: 0

Registered: 2026-04-10

Re:SSH dropbear

Saturday

@HelpFixDecoApp

Thank you for you replay, I see last night other problem with The LTE/WiFi loop coexists even more every 3-5 seconds.

The two remaining loops — nrd and mc_coex — are continuous 24 hours a day, even with stopped devices, nrd / 6GHz 320MHz.

Now I can Try to extract log with app Deco.

File:

log-2026-04-11.log.zipDownload

Solla-topee

Wednesday - last edited Wednesday

Posts: 19255

Helpful: 3115

Solutions: 4396

Stories: 11

Registered: 2020-05-19

Re:SSH dropbear

Wednesday - last edited Wednesday

@fab2k

Hi
The SSH service on Deco is used to manage Deco units through the Deco app. Usually, after logging into the Deco app on your device, you'll see the entry 'Login attempt for nonexistent user / Password auth succeeded'. This doesn't mean another device is accessing Deco via the SSH service. Furthermore, the "6GHz band/steering band" phenomenon you described is a normal roaming process for MLO devices and usually won't affect Deco's performance.

If you encounter any problems while using the Deco BE65-5G, please describe them in detail, and we will assist you.

Best Regards

>> Smart Home: Introduction to Common Smart Action Scenarios for Tapo Cameras >> Tapo Camera Day/Night Mode Selection Guide: Best Settings Recommendations for Different Scenarios >> Enhance Your Tapo App Experience: Introduction to Several Practical Features >> Troubleshooting for Tapo Camera's Privacy Mode Automatic Activation

fab2k

LV1

Wednesday

Posts: 4

Helpful: 0

Solutions: 0

Stories: 0

Registered: 2026-04-10

Re:SSH dropbear

Wednesday

@Solla-topee

Hi,

Thank you for your response, but I'm afraid the explanations provided don't match what the logs show. Let me clarify both points:

1) SSH ISSUE:
You mention that the SSH service is used by the Deco app. However, the Deco app communicates via the web interface on port 80, not via SSH. More importantly, the log entry clearly states 'Login attempt for nonexistent user / Password auth succeeded' — if this were the official Deco app or an internal TP-Link process, it would use a valid system user, not a nonexistent one. Additionally, the IPs involved (192.168.68.50 and 192.168.68.53) do not correspond to any device currently or previously identified in my network device list. This is a single-node installation with no mesh satellites. Could you please clarify which specific process generates this login attempt, and why it authenticates successfully with a nonexistent username?

2) 6GHz BAND STEERING ISSUE:
You describe this as a normal MLO roaming process, but the logs tell a different story. The error 'not MLD!' is logged repeatedly every 6 seconds — this is not a normal roaming event, it is an error indicating that the nrd daemon is attempting MLO/MLD operations on a device (iPhone Air with Apple N1 chip) that explicitly does not support MLD. Furthermore, the nrd daemon crashes and restarts periodically due to these failures, as shown by the log entries 'stadbUpdateLinkPriorityBlackList: Failed to update black list' followed by 'Leaving nrd executive program' and immediate restart. This is reproducible and continuous, 24 hours a day including overnight when the device is in standby.

I would kindly ask to escalate this ticket to second-level technical support, as these appear to be firmware-level issues that require deeper investigation. I have detailed system logs available to support both reports.

Thank you.

HelpFixDecoApp

LV5

Yesterday

Posts: 1639

Helpful: 436

Solutions: 102

Stories: 0

Registered: 2024-08-25

Re:SSH dropbear

Yesterday

@fab2k

Can you provide us with your TKID number?

Thanks.

Need help with the Deco app, setup, Ethernet backhaul, network switch or rolling back firmware? Router or AP mode? https://community.tp-link.com/us/home/forum/topic/699816?page=1

Solla-topee

Yesterday

Posts: 19255

Helpful: 3115

Solutions: 4396

Stories: 11

Registered: 2020-05-19

Re:SSH dropbear

Yesterday

@fab2k

Hi,

1. The Deco app manages Deco units via SSH service, and the communication is encrypted; other devices cannot access Deco via SSH service, so there are usually no security concerns. If your client device, such as a PC, is connected to the Deco network, you can log in to the Deco web interface on port 8080 on the PC. Please note that managing Deco through the Deco app and logging into Deco's web interface are different.

2. As I mentioned in this post(https://community.tp-link.com/en/home/forum/topic/861884?replyId=1683734), these log entries are triggered when a device logs into the Deco app or roams. They do not affect Deco's performance, nor do they indicate a nonexistent user/Password login. However, the wording of these logs is easily misunderstood. I have forwarded this case to the relevant department for evaluation and improvement of the Deco log wording.

3. If you have encountered any problems while using Deco devices, please describe them in detail. We are happy to assist you.

Best Regards

fab2k

LV1

Yesterday

Posts: 4

Helpful: 0

Solutions: 0

Stories: 0

Registered: 2026-04-10

Re:SSH dropbear

Yesterday

@HelpFixDecoApp

hi Sir if you mean TKID to ticket, I dont' open, but first I've open post here and I followed the guide in your replay to upload Log from Deco App.

SSH dropbear

SSH dropbear

Information

Voters 0

Tags