DSM-G600, DNS-3xx and NSA-220 Hack Forum

boupartac · 2008-07-31 16:39:08

Hi all,

I am trying to install DenyHosts on my DNS-323. I basically followed the instructions on this page: http://81.216.140.39/dns-323/denyhosts/ but it is still not working.

Here are the steps I did:
- I updated openssh (funpkg -u) to fonz's version openssh-5.1p1-1.tgz (on page http://www.inreto.de/dns323/fun-plug/0.5/packages/)
- Installed Python-2.5.2-2.tgz and DenyHosts-2.6-1.tgz with 'funpkg -i'
- Replaced /ffp/start/inetd.sh with the provided one
- Copied DenyHosts configuration file to /ffp/etc
- Added sshd service in /ffp/etc/inetd.conf
- Started syslogd, inetd, denyhosts
- chmod a-x /ffp/start/sshd.sh, chmod a+x /ffp/start/syslogd.sh, chmod a+x /ffp/start/inetd.sh, chmod a+x /ffp/start/denyhosts.sh

Then, i was unable to log in via ssh. I had this "ssh_exchange_identification" problem. I telnetd in, removed the ssh package, then installed the last version.

I added those lines to /etc/hosts.allow, and I doubled checked if my IP was not in /etc/hosts.deny and in /ffp/shared/denyhosts/data
ALL : LOCAL
sshd : ALL

Was still not working. I installed 'tcpd' from fonz's repository. Activated telned at boot just in case ssh would not work. Then rebooted.

Not working. Still have this "ssh_exchange_identification" problem.

I wonder if i have to do the 'build' part on the page. Since my packages were installed, why would I have to do it? Anybody did that?

Thanks for your help,

boupartac

Last edited by boupartac (2008-08-01 16:49:36)

forre · 2008-07-31 18:11:55

Does /var/log/messages or /ffp/var/denyhosts/denyhosts.log say anything?

Last edited by forre (2008-07-31 18:28:55)

boupartac · 2008-08-01 03:57:09

Hi all,

Here are some logs:

/ffp/var/denyhosts/denyhosts.log
2008-07-31 19:47:46,806 - denyhosts : INFO restricted: set([])
2008-07-31 19:47:46,852 - denyhosts : INFO Processing log file (/var/log/messages) from offset (0)
2008-07-31 19:47:49,038 - denyhosts : INFO new denied hosts: ['210.212.168.244', '222.177.8.70']
2008-07-31 19:47:49,042 - denyhosts : INFO launching DenyHosts daemon (version 2.6)...
2008-07-31 19:47:49,060 - denyhosts : INFO DenyHosts daemon is now running, pid: 12941
2008-07-31 19:47:49,068 - denyhosts : INFO send daemon process a TERM signal to terminate cleanly
2008-07-31 19:47:49,103 - denyhosts : INFO eg. kill -TERM 12941
2008-07-31 19:47:49,108 - denyhosts : INFO monitoring log: /var/log/messages
2008-07-31 19:47:49,112 - denyhosts : INFO sync_time: 3600
2008-07-31 19:47:49,115 - denyhosts : INFO purging of /etc/hosts.deny is disabled
2008-07-31 19:47:49,119 - denyhosts : INFO denyhosts synchronization disabled

/var/log/messages
Jul 31 19:48:36 DNS-323 daemon.info sshd[12960]: connect from 192.168.1.100

/etc/hosts.deny
sshd: 210.212.168.244
sshd: 222.177.8.70

/etc/hosts.allow
File not found

On the command line, when I try to connect:
ssh_exchange_identification: Connection closed by remote host

When I look at /ffp/etc/inetd.conf I see this:
ssh stream tcp nowait root /ffp/sbin/tcpd sshd -i

The path of sshd is : /ffp/sbin/sshd
When i do 'sshd -i', got an error message : sshd: can't resolve symbol 'arc4random_stir'
Is there a package missing?

Double-checked, and tcpd is really under /ffp/sbin/tcpd. OK.

I think that inetd can't launch an instance of sshd when I try to connect, because of the arc4random_stir whatever bug. Can't find an answer to it.. As I said in my first post, there is a 'build' section that I did not do. Is it the missing part? Missing package?

Thanks for your help,

boupartac!

Last edited by boupartac (2008-08-01 03:59:02)

forre · 2008-08-01 05:25:05

when I type sshd-i I got following in my console

SSH-2.0-OpenSSH_5.0

It seams that it is somthing with openssh.

openssh require tcp_wrappers and openssl.

I have almost all packages installed that fonz provide.

boupartac · 2008-08-01 05:44:02

Okay, I installed openssl, but still have the same problem.. sshd: can't resolve symbol 'arc4random_stir'

How can I list the installed packages with their versions?

boupartac

fonz · 2008-08-01 09:31:59

boupartac wrote:
sshd: can't resolve symbol 'arc4random_stir'

You need the latest uclibc package, too.

boupartac · 2008-08-01 16:17:02

Allright then, I will try that this weekend.

I'll keep you posted.

boupartac

boupartac · 2008-08-04 16:31:21

Okay, Hi back everybody,

After installing the latest uclibc package, I managed to make DenyHosts working. Here is a listing of the packages I had to install in order to make it work properly. Follow this link to find them: http://www.inreto.de/dns323/fun-plug/0.5/packages/
- DenyHosts-2.6-1.tgz
- Python-2.5.2-2.tgz
- openssh-5.1p1-1.tgz
- openssl-0.9.8h-1.tgz
- tcp_wrappers-7.6-3.tgz
- uclibc-0.9.29-4.tgz
- zlib-1.2.3-3.tgz

I think that was it. If you find any more packages to install, please add them to the list to make sure everybody can secure as much as possible their lovely DNS-323

Thank you everybody for your help,

boupartac

Last edited by boupartac (2008-08-04 16:31:49)

fonz · 2008-08-04 16:34:58

boupartac wrote:
Follow this link to find them: http://www.inreto.de/dns323/fun-plug/0.5/packages/

denyhosts and python are provided by forre: http://81.216.140.39/dns-323/denyhosts/

boupartac · 2008-08-04 17:03:16

Yeah. Sorry for this mistake.

boupartac

DSM-G600, DNS-3xx and NSA-220 Hack Forum

Announcement

#1 2008-07-31 16:39:08

Installation of DenyHosts

#2 2008-07-31 18:11:55

Re: Installation of DenyHosts

#3 2008-08-01 03:57:09

Re: Installation of DenyHosts

#4 2008-08-01 05:25:05

Re: Installation of DenyHosts

#5 2008-08-01 05:44:02

Re: Installation of DenyHosts

#6 2008-08-01 09:31:59

Re: Installation of DenyHosts

boupartac wrote:

#7 2008-08-01 16:17:02

Re: Installation of DenyHosts

#8 2008-08-04 16:31:21

Re: Installation of DenyHosts

#9 2008-08-04 16:34:58

Re: Installation of DenyHosts

boupartac wrote:

#10 2008-08-04 17:03:16

Re: Installation of DenyHosts

Board footer