DSM-G600, DNS-3xx and NSA-220 Hack Forum

sindex · 2007-02-23 21:41:34

Is it possible to reatch my dns 323 from the internet with ssh access?

- Linux n00b but still trying!

someguy · 2007-02-25 04:21:50

- People in these forums have gotten ssh working using a debian chroot, see:
http://dns323.kood.org/howto:chroot_debian
I found confirmation of this by searching the forum threads for "ssh", and I found:
e.g: http://dns323.kood.org/forum/p980-20070 … .html#p980

- I don't see a default binary for ssh on KRH's great download site (see posting: http://dns323.kood.org/forum/p850-20070 … .html#p850), but you will find telnet there (and you can potentially tunnel it securely - though I agree I wouldn't want to do that, if I could use ssh, either):
KRH download site:
http://www.dns323.info/

- From what I've read, you can ALSO cross-compile an ssh binary (a standalone application) from these instructions:
http://dns323.kood.org/howto:crosscompile

Last edited by someguy (2007-02-25 05:24:34)

pic_micro · 2007-02-27 16:40:16

I'm also a n00b.

KRH - If you read this, would you mind creating a compiled version of shh (dropbear) that works with your binaries? pretty please.

Thanks

KRH · 2007-02-27 19:17:32

i have build the files budt its missing /dev/random so i can not get it working right now.

budt im working on it.

(random fixed soon there if all go nice)

Last edited by KRH (2007-02-27 19:50:48)

KRH · 2007-02-27 21:34:18

i give up for now..

Code:

#!/bin/bash
#
source setpath
export GCC=arm-linux-gcc

cd dropbear-0.48.1
make clean

./configure CC=arm-linux-uclibc-gcc \
 --disable-openpty  --disable-zlib CFLAGS="-Os -pipe " \
CXXFLAGS="-Os -pipe" \
--target="arm-uclibc-linux-gnu" \
--host="i686-linux-gnu" \
--build="arm-uclibc-linux-gnu"

make CC=arm-linux-uclibc-gcc STATIC=1

ends up whit this error
[9279] Feb 27 20:17:47 failed to open any /dev/pty?? devices
[9279] Feb 27 20:17:47 no pty was allocated, couldn't execute

Last edited by KRH (2007-02-27 21:34:41)

fonz · 2007-02-28 00:01:44

you can create /dev/random with:

mknod /dev/random c 1 8

i think the terminal problem may be solved by compiling dropbear
without --disable-openpty (see attached .dnsbuild script). it works
fine with /dev/ptmx setup like this:

mknod -m 0666 /dev/ptmx c 5 2
mkdir /dev/pts
mount -t devpts devpts /dev/pts

i did all that and successfully logged into my dns box. however:

i didn't get a prompt when using the default shell (/bin/sh, busybox
1.00-pre1). login is successful, and I get the welcome message, but
no prompt.

but it works when i use my busybox 1.4.2 ash. for this, i had to
change my login shell in /etc/passwd to /opt/bin/ash, and add
/opt/bin/ash to /etc/shells (using telnet+vi or nfs).

bad news is that /etc/passwd and /etc/shells are replaced from
/.../mtd1 after reboot... so your dropbear start script should do the
modifications to /etc/passwd and /etc/shells automatically.

ps: you can find my dropbear-0.49 package at http://www.inreto.de/dns323/

tobyg · 2007-02-28 17:59:28

fonz wrote:
i did all that and successfully logged into my dns box. however:

i didn't get a prompt when using the default shell (/bin/sh, busybox
1.00-pre1). login is successful, and I get the welcome message, but
no prompt.

That's easy... it's because of the 'password' they put in the shell in the busybox compiled into the firmware.

Type "5784468" and hit enter after you see the "Busybox 1.0.0" welcome banner when telnetting/ssh'ing in.

Apskaft · 2007-02-28 18:21:35

tobyg wrote:
Type "5784468" and hit enter after you see the "Busybox 1.0.0" welcome banner when telnetting/ssh'ing in.

Should've been 4 8 15 16 23 42

/Apan

utilityboy · 2007-03-10 20:05:07

fonz, this is great. i've got everything up and working nicely.

one odd thing though. sshfs into dropbear doesn't seem to work (changed the shell too to avoid dlink password entry). i'm using macfuse. any thoughts? has anybody else successfully mounted sshfs volumes to this thing?

thx.

someguy · 2007-03-14 02:35:12

@utilityboy, can you post your ssh binary? I'm sure a lot of us could make good use of it. It would be great to get it on the download site. Thanks!

zero · 2007-03-15 06:11:05

beautiful. a thousand thank-yous, fonz!

is it possible to sftp through dropbear to the built-in ftp server?

utilityboy · 2007-03-15 20:49:58

someguy wrote:
@utilityboy, can you post your ssh binary? I'm sure a lot of us could make good use of it. It would be great to get it on the download site. Thanks!

i just followed fonz's instructions and grabbed the package from his site: http://www.inreto.de/dns323/

someguy · 2007-03-16 10:36:22

ah, thank you!! I didn't know what dropbear was, now I see - GREAT!!
http://matt.ucc.asn.au/dropbear/dropbear.html
--
followup: I've gotten Fonz's dropbear ssh package working well! This is so much better - thanks!

Last edited by someguy (2007-04-04 21:17:22)

bob · 2007-04-15 20:47:10

SFTP?

Anyone who can post a quick instruction on how to get an SFTP server up on the DNS-323? I got the native dropbear (thanks fonz) up and running but that does not come with an SFTP server. Dropbear works fine and I can connect.

I tried to do it in chrooted etch. I have chrooted etch set up as described in the howto, seems to work fine. I start ssh using /etc/init.d/ssh start, it seems to start, although I can not see an SSH process using top? When I connect using ssh under fedora I get a question about password, I type it and then the promt disappear. When I try to connect using winSCP, and get the response that the server does not run an SFTP service? I am probably missing something with the chrooted environment, with user setup?

Can anyone who got this working in chrooted etch write a small howto?

Or if anyone got a toolchain up and have OpenSSH compiled, can you share? This would be fantastic as it would take the burden of having to run a bootsrtap environment for the SSH server.

Also, considering the discussion regarding SSHFS, have anyone solved that? I think it can not be done on dropbear due to the lack of an SFTP daemon, or am I wrong? As far as i understand SSHFS is depending on SFTP rather than SSH?

Any help seriously appreciated

Last edited by bob (2007-04-15 20:49:04)

fonz · 2007-04-15 21:11:37

bob wrote:
SFTP?

Dropbear's CHANGES file says about sftp (Oct 11 2003):
- sftp support works (relies on OpenSSH sftp binary or similar)

So I guess it can be done with dropbear.

bob · 2007-04-16 12:24:12

Yes fonz,

that is what I have understood as well. That means we need a native OpenSSH binary, or can I somehow use the one in chrooted etch? Your dropbear binary runs without chrooted etch which is the beauty of the whole story.

/bob

fonz · 2007-04-16 12:34:37

bob wrote:
That means we need a native OpenSSH binary, or can I somehow use the one in chrooted etch?

We need an sftp binary (it's different from the ssh binary). It doesn't seem to be too hard:
http://www.mail-archive.com/dropbear@uc … 00152.html

I think, I'll give it a try tonight.

fonz · 2007-04-16 22:34:44

Here it is. It wasn't as easy as expected, though. To use it:
- copy attached sftp-server binary to /mnt/HD_a2/fun_plug.d/bin
- replace /mnt/HD_a2/fun_plug.d/start/dropbear.sh script with the attached version

A small change to dropbear.sh ("chmod a+w /dev/null") is needed, because for some reason /dev/null wasn't world-writeable on my 323 (firmware 1.02).

Last edited by fonz (2007-04-16 22:36:19)

fonz · 2007-04-16 22:37:34

Only one attachment per post?
Here's dropbear.sh.

someguy · 2007-04-17 03:53:50

fonz to the rescue! I'm looking forward to trying it out.
If it works, the only thing missing that I'd wish for is the equivalent of a dropbear denyhosts.

bob · 2007-04-17 09:37:32

Brilliant fonz,

Thanx a lot, ever considered applying for a job at d-link, they certainly need that. Just read the posts on the the 1.03 firmware, haven't tried it myself though.

I'll try to set SFTP up tonight, let you know how it works.

/Bob

fonz · 2007-04-17 16:32:48

someguy wrote:
If it works, the only thing missing that I'd wish for is the equivalent of a dropbear denyhosts.

After a quick look at the denyhosts site, I think that will require quite a bit of work. So far I see three problems:
- dropbear doesn't read "hosts.deny" / doesn't use libwrap
- dropbear's log format is different
- I'm not going to compile python (in the foreseeable future)

Approaches to the first problem could be:
- Change dropbear to use libwrap
- Run dropbear from inetd, using tcpd

IMO, second and third problems are best solved by rewriting denyhosts, and not use python.

someguy · 2007-04-18 03:22:37

I emailed Phil Schwartz, the author of denyHosts, and he just emailed me back:

I'm not familiar w/ Dropbear or it's logging implementation. I suspect
that DH [DenyHosts] would work but might require some customer regex'es.

he also knew a guy who has the same name as me : ). (my name is not someguy, btw) : ).

Last edited by someguy (2007-04-18 03:23:35)

bob · 2007-04-18 21:42:09

Hi,

I have a (probably simple) problem that I just can not understand. I have installed fonz binaries (dropbear+ssh). I can start dropbear (using ps I can see it is running).

I login using telnet and add a user (useradd -p test test) and tries to connect using cygwins ssh client and get the following error message:

[1291] Apr 18 19:29:21 exit after auth (test): error changing directory

I figured that this is because there is no user /home/test library so I make one:
mkdir /home/test
chmod 777 /home/test
When I try to connect I now get the following message:
[1311] Apr 18 19:36:56 exit after auth (test): child failed

I also changed the /etc/passwd and /etc/shells to use ash as described by fonz above, but it does not change anything.

What am I doing wrong?

Pleez help

/bob

fonz · 2007-04-19 01:59:57

bob wrote:
[1311] Apr 18 19:36:56 exit after auth (test): child failed

Means that "execv(usershell, argv)" failed - it can't start the shell.
Something wrong with your installation?

Try telnet and check /mnt/HD_a2/fun_plug.d/start/dropbear.sh, look for "-l ${BINDIR}/sh". Is it there (near the end)? Verify that the files exist "ls -l ${BINDIR}/sh ${BINDIR}/busybox". It should show a link "/mnt/HD_a2/fun_plug.d/bin/sh -> busybox". and the (executable) busybox binary.

Better permissions for a home directory are:
chown test /home/test
chmod 0755 /home/test

HTH

DSM-G600, DNS-3xx and NSA-220 Hack Forum

Announcement

#1 2007-02-23 21:41:34

SSH posibility on DNS 323?

#2 2007-02-25 04:21:50

Re: SSH posibility on DNS 323?

#3 2007-02-27 16:40:16

Re: SSH posibility on DNS 323?

#4 2007-02-27 19:17:32

Re: SSH posibility on DNS 323?

#5 2007-02-27 21:34:18

Re: SSH posibility on DNS 323?

Code:

#6 2007-02-28 00:01:44

Re: SSH posibility on DNS 323?

#7 2007-02-28 17:59:28

Re: SSH posibility on DNS 323?

fonz wrote:

#8 2007-02-28 18:21:35

Re: SSH posibility on DNS 323?

tobyg wrote:

#9 2007-03-10 20:05:07

Re: SSH posibility on DNS 323?

#10 2007-03-14 02:35:12

Re: SSH posibility on DNS 323?

#11 2007-03-15 06:11:05

Re: SSH posibility on DNS 323?

#12 2007-03-15 20:49:58

Re: SSH posibility on DNS 323?

someguy wrote:

#13 2007-03-16 10:36:22

Re: SSH posibility on DNS 323?

#14 2007-04-15 20:47:10

Re: SSH posibility on DNS 323?

#15 2007-04-15 21:11:37

Re: SSH posibility on DNS 323?

bob wrote:

#16 2007-04-16 12:24:12

Re: SSH posibility on DNS 323?

#17 2007-04-16 12:34:37

Re: SSH posibility on DNS 323?

bob wrote:

#18 2007-04-16 22:34:44

Re: SSH posibility on DNS 323?

#19 2007-04-16 22:37:34

Re: SSH posibility on DNS 323?

#20 2007-04-17 03:53:50

Re: SSH posibility on DNS 323?

#21 2007-04-17 09:37:32

Re: SSH posibility on DNS 323?

#22 2007-04-17 16:32:48

Re: SSH posibility on DNS 323?

someguy wrote:

#23 2007-04-18 03:22:37

Re: SSH posibility on DNS 323?

#24 2007-04-18 21:42:09

Re: SSH posibility on DNS 323?

#25 2007-04-19 01:59:57

Re: SSH posibility on DNS 323?

bob wrote:

Board footer