DSM-G600, DNS-3xx and NSA-220 Hack Forum

vi should be installed as part of the default implementation which includes busybox. Assuming that the install went correctly, then your path should be set automatically to include /ffp/bin which is where you should find vi.

Thanks.  I'll install the fonz packages tonight. 

I see that it has joe and nano, which both look much better than vi.  Any idea if I need to change the permissions on sshd_config before I can edit it?

Just change the external port forwarding on your router's gateway page.  Set it to forward external port 443 to internal port 22 on the ip of your NAS.  Should be in the Port Forwarding section of your router gateway page.  MUCH easier than messing with sshd_config and accomplishes the same thing.

Poster your router model if you want some help.

Port 443 is often used for HTTPS.  If you have a web server running on the NAS, and you probably do, you may be getting a port conflict.

You can try starting sshd with debugging level and message options set so that you can see messages and see if this is the problem.  Do a web search for sshd man pages to learn how.

Or, try some other port number.  Something like 6211.

If you make this work, then each time you ssh to the NAS on your local network, you'll have to specify the non-default port number.  This can be automated through the use of config files, depending on your ssh client.

If you want to ssh to your NAS from outside your network, you'll have to forward the port to your NAS IP address at port 6211, if that is what you picked above.  You could set the incoming port to 22.  But it would be better to pick another port (6211 is ok) so that you don't get as many break-in attempts from port scanners.

Right.  Until I have it figured out I've disabled port forwarding on my router.

Still can't get OpenSSH to use port 443.

netstat -an | grep 443 returned:
tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN

lsof -i :443 returned:
COMMAND  PID USER   FD   TYPE DEVICE SIZE NODE NAME
webs        1600 root    4u   IPv4   1645           TCP    *:443 (LISTEN)

I'm not running a webserver.  All I have installed is the fonz fun plug.

When running ffp the dlink web interface is still running on ports 80/443.  It's the process named /webwebs

Genius. 

That fixed the problem.  It should probably be noted on the OpenSSH config page that you need to:

chmod a+x /ffp/start/kickwebs.sh

Thanks for all the help.

Got telnet working.  Got SSH on port 443 working, but had to manually execute kickwebs before sshd.

How do I ensure that kickwebs starts up before sshd on a reboot?

Adding the line:

sh /ffp/start/kickwebs.sh start to sshd.sh worked like a charm.

I also added it to lighttpd.sh just to be safe. [along with changing the port from 8080 to 80]

Thanks.  (I can't be the only person to ever have this issue, can I?)

Last edited by fmackenz (2011-04-03 02:35:56)

fmackenz wrote:

Thanks.  (I can't be the only person to ever have this issue, can I?)

I didn't understand why you were wanting to route SSH traffic over port 443 until I searched an bit and found that people sometimes do it to get through firewalls.  So I get it now.

I think that most people trying to achieve the same thing would do it by translating the port number during port forwarding in their router.  And that's why the issue does not come up much.

Although you've got it working now, you still have some nasty hacks in place to disable the admin server.  Someday, you may need it for something.

I would probably leave the SSHD config alone on the NAS, setting back to its defaults.  Then change the router to translate the port number.

You must already have port forwarding in place on your router to direct incoming port 443 to your NAS port 443.  Just change that forwarding so that the incoming port 443 traffic gets routed to your NAS at port 22.  This solution was mentioned earlier and may actually be the better one.  Hopefully your router supports this.  (I think I had some old firmware on a Qwest-provided router once that could only forward port xxx traffic to a local address using the same port xxx).  If your router does not allow the port number to change, then your current solution is probably the only way.