DSM-G600, DNS-3xx and NSA-220 Hack Forum

Unfortunately no one can be told what fun_plug is - you have to see it for yourself.

You are not logged in.

#1 2008-02-07 18:27:37

govegan
New member
Registered: 2008-02-07
Posts: 4

ssh connect with public key.

Hello,

I have here a DNS-323 with fun-plug 0.3.
I have a few linux servers, I would that the linux server connect to the dns via ssh with a public key.

I search the forum but only found way's to connect from dns to other servers.

so i want to connect from linux server to dns via ssh with a public key,
in need to put the key in a .ssh/authorized_keys file.

i try this:

HOME=/mnt/HD_a2/root
mkdir -p $HOME
mkdir ~/.ssh
cd ~/.ssh
touch authorized_keys
cat linux-key.pub >> authorized_keys

but the than de dns is this asking for a password when connecting from linux server.
could someone give me a hint.

Offline

 

#2 2008-02-07 18:55:25

fonz
Member / Developer
From: Berlin
Registered: 2007-02-06
Posts: 1716
Website

Re: ssh connect with public key.

Things to check:

- /mnt/HD_a2/root must be root's home dir (/etc/passwd !!)
- check directory permissions (must not be world-writeable)
- check dropbear readme file: http://www.inreto.de/dns323/fun-plug/0. … opbear.txt

Offline

 

#3 2008-02-08 13:33:16

govegan
New member
Registered: 2008-02-07
Posts: 4

Re: ssh connect with public key.

Still not working, this is what i did:

on linux server as root:
- cd ~/.ssh
- ssh-keygen -t rsa
- used ftp to transfer the rsa-nas.pub file to the nas.
( with ssh i can't login on the nas, i dont know whate the standaard password is.)

on the nas:
- vi /etc/passwd
  changed
  "root:x:0:0:Linux User,,,:/home/root:/bin/sh"
  to
  "root:x:0:0:Linux User,,,:/mnt/HD_a2/root:/bin/sh"
- store-passwd.sh (to save the passwd file)
- reboot
- HOME=/mnt/HD_a2/root
- cd ~/.ssh
- cat rsa-nas.pub >> authorized_keys
- chmod -R 0777 /mnt/HD_a2/root


on linux server as root:

[root@linux_server~]# ssh -i ~/nas-rsa  root@192.168.168.20
root@192.168.168.20's password:


whate am i doing wrong?
I readed http://www.inreto.de/dns323/fun-plug/0. … opbear.txt
but you only need to convert the key when you ssh from nas to linux-server.

Last edited by govegan (2008-02-08 13:35:02)

Offline

 

#4 2008-02-08 14:41:39

fonz
Member / Developer
From: Berlin
Registered: 2007-02-06
Posts: 1716
Website

Re: ssh connect with public key.

govegan wrote:

- chmod -R 0777 /mnt/HD_a2/root

That's scary. And because it's so incredibly wrong, dropbear refuses to accept your key.

Code:

cd /mnt/HD_a2
chmod 0755 root root/.ssh
cd root/.ssh
chmod 0600 authorized_keys

From the dropbear readme:

Server public key auth:

You can use ~/.ssh/authorized_keys in the same way as with OpenSSH, just put
the key entries in that file. They should be of the form:
[...]

You must make sure that ~/.ssh, and the key file, are only writable by the
user.
Beware of editors that split the key into multiple lines.

Note that the firmware has a built-in mis-feature that will reset all file permissions of all files on the disk to something world-writable (search for post by radiusweb). If that happens, it's over with public-key root-logins. So be sure this isn't your only way to become root! Setting a root password is a possibility (you need to add root to /etc/shadow, set a passwd, and run store-passwd.sh again).

Offline

 

#5 2008-02-08 15:05:43

govegan
New member
Registered: 2008-02-07
Posts: 4

Re: ssh connect with public key.

YES

Great, that was the problem, thanks fonzy

Offline

 

#6 2008-02-08 15:43:59

fonz
Member / Developer
From: Berlin
Registered: 2007-02-06
Posts: 1716
Website

Re: ssh connect with public key.

govegan wrote:

Great, that was the problem, thanks fonzy

You're welcome - now buy me a steak, govegan wink

Offline

 

#7 2008-02-08 15:55:07

govegan
New member
Registered: 2008-02-07
Posts: 4

Re: ssh connect with public key.

fonz wrote:

govegan wrote:

Great, that was the problem, thanks fonzy

You're welcome - now buy me a steak, govegan wink

Not yet smile

I still got one problem, i think easy to solve, but my linux skill are not that good.

when running this on my linux_server:

[root@linux_server .ssh]# rsync -avz   /var/www/html/ -e "ssh -i /root/.ssh/linux_server-rsa" root@192.168.168.20:/mnt/HD_b2/linux_server_www/
sh: rsync: not found
rsync: connection unexpectedly closed (0 bytes received so far) [sender]
rsync error: remote command not found (code 127) at io.c(453) [sender=2.6.9]
[root@linux_server .ssh]#


I got the error "sh: rsync: not found"

I found this: http://www.brandonhutchinson.com/sh_rsy … found.html
I think I need to tell the nas where rsync is standing, however when I run "rsync" on the nas, he shows me the standaard rsync help. So he know where rsync stands..

could someone help?

## UPDATE

oke
rsync -avz  --rsync-path=/mnt/HD_a2/fun_plug.d/bin/rsync  /var/www/html/ -e "ssh -i /root/.ssh/linux_server-rsa" root@192.168.168.20:/mnt/HD_b2/linux_server_www/

works, but if someone knew howto do it without "--rsync-path=/mnt/HD_a2/fun_plug.d/bin/rsync"

Last edited by govegan (2008-02-08 15:59:16)

Offline

 

#8 2008-02-09 00:27:29

fonz
Member / Developer
From: Berlin
Registered: 2007-02-06
Posts: 1716
Website

Re: ssh connect with public key.

govegan wrote:

works, but if someone knew howto do it without "--rsync-path=/mnt/HD_a2/fun_plug.d/bin/rsync"

It's a known problem in 0.3, and I think it's fixed in 0.4-test. Problem is that rsync is installed in a non-standard path. Maybe, a symlink in /usr/bin solves it, too.

Offline

 

#9 2008-04-20 10:56:22

Martin77
New member
Registered: 2008-04-20
Posts: 2

Re: ssh connect with public key.

Hello,

I would like to append some information:

If you do it the described way your harddisk will spin up and down every few minutes (in case you use the HD off option of the DNS-323) which of course means large stress to it and early break down. I am not so good in system issues but my guess would be that it tries to check this file or maybe just the home directory from time to time.
However, the better way would be to store the authorized_keys file on the device and leave the home directory of root in the old place instead of moving it to the harddisk.
Unfortunatelly it will vanish as soon as you reboot the DNS. The trick is to copy the authorized_keys file from the harddrive to the device in the startup procedure.

So you do as described above but do NOT edit the "/etc/passwd" file, that is you do NOT do the following steps:
#################################
on the nas:
- vi /etc/passwd
  changed
  "root:x:0:0:Linux User,,,:/home/root:/bin/sh"
  to
  "root:x:0:0:Linux User,,,:/mnt/HD_a2/root:/bin/sh"
- store-passwd.sh (to save the passwd file)
- reboot
#################################

Instead you do:
- cd /mnt/HD_a2/fun_plug.d/start

Here we create a file called authorize.sh and append the script in between the "//" signs.
- vi authorize.sh
- press "i" to be able to write something

//
#!/bin/sh
if [ ! -d "/home/root/.ssh" ]; then
    mkdir /home/root/.ssh
    echo "directory created"
else
    echo "directory already exists"
fi
if [ ! -f "/home/root/.ssh/authorized_keys" ]; then
    cp /mnt/HD_a2/root/.ssh/authorized_keys /home/root/.ssh/.
    echo "file copied"
    chmod 600 /home/root/.ssh/authorized_keys
    echo "access rights changed"
else
    echo "file already exists"
fi
echo "done."
//

- now press "escape" on the keyboard, followed by ":w" and ":q" to save what you've written and exit the editor.

We need to make this script executable:
- chmod a+x authorize.sh

And can test it with:
- sh authorize.sh start

Reboot:
- reboot

From now on after each reboot in the /home/root/ directory a directory called .ssh will be created and the authorized_keys file from /mnt/HD_a2/root/.ssh/ will be stored in this directory. The device will not spin up the harddrive every few minutes any longer.

Best regards,
Martin

Offline

 

Board footer

Powered by PunBB
© Copyright 2002–2010 PunBB