DSM-G600, DNS-3xx and NSA-220 Hack Forum

bound4h · 2010-04-16 04:16:47

So I setup the DNS323 with ffp for the first time following instructions. Everything went well, was able to login to telnet, enable ssh, set up root and the root pw and then disabled telnet. But now when I reconnect to ssh, it doesn't accept the pw. ASSUMING I mistyped it or something while setting it up (doubt it), what should I do? How can I get in without reformatting?

Here is the script from start to finish:

Code:

Last login: Tue Apr 13 02:37:15 on ttys000
MAE-MAC:~ Michael$ telnet 192.168.11.110
Trying 192.168.11.110...
Connected to 192.168.11.110.
Escape character is '^]'.
/ # uname -a
Linux DNS-323 2.6.12.6-arm1 #32 Wed Jun 24 15:19:48 CST 2009 armv5tejl unknown
/ # pwconv
/ # passwd
Changing password for root
Enter the new password (minimum of 5, maximum of 8 characters)
Please use a combination of upper and lower case letters and numbers.
New password: 
Re-enter new password: 
Password changed.
/ # usermod -s /ffp/bin/sh root
/ # login

DNS-323 login: root
Password: 
Last login: Thu Apr 15 16:11:23 -0800 2010 on pts/0.
No mail.
root@DNS-323:~# store-passwd.sh
Copying files to mtd1...
Copying files to mtd2...
Done.
root@DNS-323:~# chmod a+x /ffp/start/sshd.sh
root@DNS-323:~# sh /ffp/start/sshd.sh start
Generating public/private rsa1 key pair.
Your identification has been saved in /ffp/etc/ssh/ssh_host_key.
Your public key has been saved in /ffp/etc/ssh/ssh_host_key.pub.
The key fingerprint is:
25:95:9c:92:06:4c:fe:cd:07:18:c9:fa:e9:0e:65:93 root@DNS-323
The key's randomart image is:
+--[RSA1 2048]----+
|     ooo.+.o     |
|     .. *++      |
|      .oo.o      |
|      .. * .     |
|       .E.o .    |
|       oo. .     |
|      ..         |
|       ..        |
|       ..        |
+-----------------+
Generating public/private dsa key pair.
Your identification has been saved in /ffp/etc/ssh/ssh_host_dsa_key.
Your public key has been saved in /ffp/etc/ssh/ssh_host_dsa_key.pub.
The key fingerprint is:
0e:44:1e:93:49:87:e6:7e:ab:4e:43:4e:3b:9b:4b:3a root@DNS-323
The key's randomart image is:
+--[ DSA 1024]----+
|     .=+.        |
|     o=+         |
|     oo          |
|     ..          |
|     .+ S        |
|     +.+.        |
|      B...       |
|    E+ =.        |
|    .o*o         |
+-----------------+
Generating public/private rsa key pair.
Your identification has been saved in /ffp/etc/ssh/ssh_host_rsa_key.
Your public key has been saved in /ffp/etc/ssh/ssh_host_rsa_key.pub.
The key fingerprint is:
91:a1:9b:42:75:d0:97:35:cf:e4:5c:bf:45:71:4d:84 root@DNS-323
The key's randomart image is:
+--[ RSA 2048]----+
|      ooo  oo .=O|
|     . o.oo  BEo+|
|    . . o.    = o|
|   .   o .      o|
|    . o S      . |
|     .           |
|                 |
|                 |
|                 |
+-----------------+
Starting /ffp/sbin/sshd 
root@DNS-323:~# ssh root@DNS-323
b       ^H[1] + Stopped                    ssh root@DNS-323
root@DNS-323:~# ssh root@192.168.11.110
The authenticity of host '192.168.11.110 (192.168.11.110)' can't be established.
RSA key fingerprint is 91:a1:9b:42:75:d0:97:35:cf:e4:5c:bf:45:71:4d:84.
Are you sure you want to continue connecting (yes/no)? y
Please type 'yes' or 'no': yes
Warning: Permanently added '192.168.11.110' (RSA) to the list of known hosts.
root@192.168.11.110's password: ***********THIS IS WHERE I SET THE PW I THINK************
root@DNS-323:~# chmod -x /ffp/start/telnetd.sh
root@DNS-323:~# cd /mnt/HD_a4
root@DNS-323:/mnt/HD_a4# ls
root@DNS-323:/mnt/HD_a4# mkdir packages
root@DNS-323:/mnt/HD_a4# ls
packages
root@DNS-323:/mnt/HD_a4# cd packages
root@DNS-323:/mnt/HD_a4/packages# wget http://www.inreto.de/dns323/fun-plug/0.5/
packages/bash-3.2-3.tgz
Connecting to www.inreto.de (217.119.59.48:80)
bash-3.2-3.tgz       100% |*******************************|   425k 00:00:00 ETA
root@DNS-323:/mnt/HD_a4/packages# funpkg -i bash-3.2-3.tgz
Installing package bash-3.2-3 ...
root@DNS-323:/mnt/HD_a4/packages# ls -lF /ffp/bin/bash
-rwxr-xr-x    1 root     root       516792 Apr 14  2008 /ffp/bin/bash*
root@DNS-323:/mnt/HD_a4/packages# wget http://kylek.is-a-geek.org:31337/files/cu
rl-7.18.1.tgz
Connecting to kylek.is-a-geek.org:31337 (91.14.139.192:31337)
curl-7.18.1.tgz      100% |*******************************|   370k 00:00:00 ETA
root@DNS-323:/mnt/HD_a4/packages# funpkg -i curl-7.18.1.tgz
Installing package curl-7.18.1 ...
root@DNS-323:/mnt/HD_a4/packages# wget http://kylek.is-a-geek.org:31337/files/Tr
ansmission-1.92-1.tgz
Connecting to kylek.is-a-geek.org:31337 (91.14.139.192:31337)
Transmission-1.92-1. 100% |*******************************|   583k 00:00:00 ETA
root@DNS-323:/mnt/HD_a4/packages# funpkg -i Transmission-1.92-1.tgz
Installing package Transmission-1.92-1 ...
root@DNS-323:/mnt/HD_a4/packages# mkdir /mnt/HD_a2/incoming
root@DNS-323:/mnt/HD_a4/packages# chown nobody:501 /mnt/HD_a2/incoming
root@DNS-323:/mnt/HD_a4/packages# chmod 755 /mnt/HD_a2/incoming
root@DNS-323:/mnt/HD_a4/packages# reboot
root@DNS-323:/mnt/HD_a4/packages# Connection closed by foreign host.
MAE-MAC:~ Michael$ ssh root@192.168.11.110
The authenticity of host '192.168.11.110 (192.168.11.110)' can't be established.
RSA key fingerprint is 91:a1:9b:42:75:d0:97:35:cf:e4:5c:bf:45:71:4d:84.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.11.110' (RSA) to the list of known hosts.
root@192.168.11.110's password: 
Permission denied, please try again.
root@192.168.11.110's password: 
Permission denied, please try again.
root@192.168.11.110's password: 
Permission denied (publickey,password,keyboard-interactive).
MAE-MAC:~ Michael$ ssh root@192.168.11.110
root@192.168.11.110's password: 
Permission denied, please try again.
root@192.168.11.110's password: 
Permission denied, please try again.
root@192.168.11.110's password: 
Permission denied (publickey,password,keyboard-interactive).
MAE-MAC:~ Michael$ telnet 192.168.11.110
Trying 192.168.11.110...
telnet: connect to address 192.168.11.110: Connection refused
telnet: Unable to connect to remote host
MAE-MAC:~ Michael$ ssh root@192.168.11.110
root@192.168.11.110's password: 
Permission denied, please try again.
root@192.168.11.110's password: 
Permission denied, please try again.
root@192.168.11.110's password:

EDIT: I recopied fun_plug and fun_plug.tgz to Volume_1 and it reinstalled fun_plug and restarted telnet. I successfully logged in to telnet, but how do I reset the ssh password now? That is where I'm stuck. Can I just "uninstall" and reinstall ssh?

Last edited by bound4h (2010-04-16 04:41:51)

fonz · 2010-04-16 09:48:22

bound4h wrote:
EDIT: I recopied fun_plug and fun_plug.tgz to Volume_1 and it reinstalled fun_plug and restarted telnet. I successfully logged in to telnet, but how do I reset the ssh password now? That is where I'm stuck. Can I just "uninstall" and reinstall ssh?

See at the end of http://dns323.kood.org/howto:ffp#the_root_user
There's a simple way to re-enable password-less telnet, for when you've locked yourself out.

bound4h · 2010-04-16 16:48:31

No, no, I already reloaded the fun_plug.tgz and now have telnet access. My question is, how do I reset the root user for SSH? Say, if I don't have the password. Can I just "reinstall" ssh somehow to start fresh?

Thanks

Electrocut · 2010-04-18 19:57:14

If you have telnet access, why don't you follow "the root user" instructions, to change system root password (that ssh uses), like fonz suggested ?

DSM-G600, DNS-3xx and NSA-220 Hack Forum

Announcement

#1 2010-04-16 04:16:47

Locked out of SSH (i think)!

Code:

#2 2010-04-16 09:48:22

Re: Locked out of SSH (i think)!

bound4h wrote:

#3 2010-04-16 16:48:31

Re: Locked out of SSH (i think)!

#4 2010-04-18 19:57:14

Re: Locked out of SSH (i think)!

Board footer