DSM-G600, DNS-3xx and NSA-220 Hack Forum

random404 · 2011-10-19 20:03:05

I have password-less SSH set up to my DNS 323, so that I can do 'ssh root@my-dns-device' and not have to enter a password. But everytime I reboot the device, /home/root/.ssh gets cleared and thereby removing /home/root/.ssh/authorized_keys, which is required for password-less SSH to work. Why does this happen, and how can I ensure it doesn't get cleared on a reboot?

I'm not sure but could this have something to do with the fact that the root user's home directory in this case is /home/root, rather than /root which is what I thought the root user's home directory was always supposed to be on a Linux system?

rsd76 · 2011-10-19 20:38:53

This is part of the firmware.
The filesytem "/" (the root) is copied/created during the boot.

For the same reason you need to use store-passwd.sh to store the /etc/passwd and /etc/group file in the flash memory.
I have just created such keys, but I haven't created a solution yet.

I'm thinking of creating a /ffp/start/my_sshkeys.sh script, which un-tar-s the .ssh dir from the /ffp dir to /home/root.
But I haven't started it yet.

I will let you know when I'm done. Or someone else should know a solution?

bjby · 2011-10-19 22:04:12

One way is to set homedir of for example root to non RAM memory e.g. /ffp/home/root. I am pretty sure homedir propterty is saved with store-passwd.

random404 · 2011-10-19 22:42:11

I'm confused between / (root) and /ffp, as both seem to be Linux 'roots', with somewhat similar directory structure - what's the difference or purpose of both? (Is the /ffp directory what resulted when the fun_plug.tgz file was unpackaged then deleted?)

If / (root) is copied/created during the boot, how are things like /ffp/start/cleanboot.sh and /mnt/HD_a2/packages/ (which contains all my *.tgz funplug packages) retained after a reboot?

I'm new to this and confused :s Thanks in advance for your help.

scaramanga · 2011-10-20 00:01:27

random404 wrote:
I'm confused between / (root) and /ffp, as both seem to be Linux 'roots', with somewhat similar directory structure - what's the difference or purpose of both? (Is the /ffp directory what resulted when the fun_plug.tgz file was unpackaged then deleted?)

If / (root) is copied/created during the boot, how are things like /ffp/start/cleanboot.sh and /mnt/HD_a2/packages/ (which contains all my *.tgz funplug packages) retained after a reboot?

I'm new to this and confused :s Thanks in advance for your help.

/mnt/HD_a2 is your right hard-drive. Obviously, it retains its content unless something goes horribly wrong.
/ffp is, by default, a soft link to /mnt/HD_a2/ffp, which is located on your right HDD. it is created by the fun_plug script every boot.

random404 · 2011-10-20 02:14:10

So then I'm a bit confused about what sticks around between reboots and what doesn't. /home/root seems to be emptied, and rsd76 said that the whole / (root) is copied/created between restarts...where is it copied from? (I'm just trying to get a better conceptual idea of all this...)

Does anyone have any ideas about how I can get /home/root/.ssh/authorized_keys to persist between reboots? rsd76 said "I'm thinking of creating a /ffp/start/my_sshkeys.sh script, which un-tar-s the .ssh dir from the /ffp dir to /home/root". So does that mean any script under /ffp/start gets run on startup?

bjby · 2011-10-20 07:29:26

Its copied from flash memory on bootup, it comes from your flashed firmware.

If you want to know if specific directory is on ram och not you can run 'df <folder>'

yes scripts under under /ffp/start are run on boot if they have execute permission.

KyleK · 2011-10-21 11:07:57

Here are instructions to move your SSH homedir to a persistent location (i.e. the hard drive).

Code:

$ cd /ffp
$ mkdir -p home/root
$ chown root:root home/root
$ chmod 0700 home/root
$ usermod -d /mnt/HD_a2/ffp/home/root root
$ store-passwd.sh

Then move your SSH keys to the new root:

Code:

$ cp -a /home/root/.ssh /ffp/home/root

Last edited by KyleK (2011-10-21 11:14:16)

random404 · 2011-10-22 14:25:59

Thanks for those steps, I tried them and unfortunately it didn't work:

Code:

mkdir -p /mnt/HD_a2/ffp/home/root
chown root:root /mnt/HD_a2/ffp/home/root
chmod 0700 /mnt/HD_a2/ffp/home/root
usermod -d /mnt/HD_a2/ffp/home/root root
store-passwd.sh
cp -a /home/root/.ssh /mnt/HD_a2/ffp/home/root

When I restart the DNS 323 and do a 'cat /etc/passwd', root's home directory is successfully changed to /mnt/HD_a2/ffp/home/root. However, in order to run that command I wasn't able to do a password-less SSH into the box. Although /mnt/HD_a2/ffp/home/root contains .ssh/authorized_keys, it doesn't seem to be recognized by the SSH code.

I had to do the following in order to make it work:, essentially copying .ssh/authorized_keys to something on /mnt/HD_a2, then creating a starting script that would add copy it over to /home/root every time the drive is started.

Code:

cp -ar /home/root/.ssh /mnt/HD_a2/ssh
echo "cp -ar /mnt/HD_a2/ssh /home/root/.ssh" > /ffp/start/passwordless-ssh.sh
chmod +x /ffp/start/passwordless-ssh.sh

I'm wondering why your suggestion didn't work though. Do you see any problems with the solution that I'm using now? (I think it might be causing problems with cleanboot shutdown/reboot, so I'd prefer to go with your solution if I can get it to work.) Thanks.

rsd76 · 2011-10-22 15:49:37

Did the .ssh directory in /ffp/home/root have the correct attributes?
It should have drwx------.
Otherwise use:

Code:

chmod 700 /ffp/home/root/.ssh

The "cp -a" should take care of this, but you never know.
SSH is strict about the .ssh dir. You might also need to check the authorized_keys file itself. It should have -rw------- (chmod 600 /ffp/home/root/authorized_keys).

There is a way to trace sshd. But first you need to activate telnet.

Code:

chmod +x /ffp/start/telnetd.sh
/ffp/start/telnetd.sh start

Connect via telnet and stop the current sshd daemon. Be sure logging on to telnet works before stopping sshd.
Otherwise a reboot is needed (thats the reason I do not remove execute bit from /ffp/start/sshd.sh)

Code:

/ffp/start/sshd.sh stop

You can then start sshd in the foreground with the debug option.

Code:

/ffp/sbin/sshd -D -d

Disgard the "Bind to port 22 on 0.0.0.0 failed: Address already in use." error. It seems to try to bind port 22 twice.

With a test I got the following error while authorized_keys had -rw-rw----:
Authentication refused: bad ownership or modes for file /home/root/.ssh/authorized_keys
And it wanted a password.
Same goes for the .ssh dir I think.

Use CTRL^C to quit the sshd daemon.

Enable the normal sshd daemon:

Code:

/ffp/start/sshd.sh start

Logon via ssh and quit the telnet session and disable telnet.

Code:

/ffp/start/telnetd.sh stop
chmod -x /ffp/start/telnetd.sh

Tracing from a ssh client can be done by using the "-v" options. Multiple 'v's can be used to increase the debubbing.

DSM-G600, DNS-3xx and NSA-220 Hack Forum

Announcement

#1 2011-10-19 20:03:05

/home/root/.ssh gets deleted after reboot, breaking password-less SSH

#2 2011-10-19 20:38:53

Re: /home/root/.ssh gets deleted after reboot, breaking password-less SSH

#3 2011-10-19 22:04:12

Re: /home/root/.ssh gets deleted after reboot, breaking password-less SSH

#4 2011-10-19 22:42:11

Re: /home/root/.ssh gets deleted after reboot, breaking password-less SSH

#5 2011-10-20 00:01:27

Re: /home/root/.ssh gets deleted after reboot, breaking password-less SSH

random404 wrote:

#6 2011-10-20 02:14:10

Re: /home/root/.ssh gets deleted after reboot, breaking password-less SSH

#7 2011-10-20 07:29:26

Re: /home/root/.ssh gets deleted after reboot, breaking password-less SSH

#8 2011-10-21 11:07:57

Re: /home/root/.ssh gets deleted after reboot, breaking password-less SSH

Code:

Code:

#9 2011-10-22 14:25:59

Re: /home/root/.ssh gets deleted after reboot, breaking password-less SSH

Code:

Code:

#10 2011-10-22 15:49:37

Re: /home/root/.ssh gets deleted after reboot, breaking password-less SSH

Code:

Code:

Code:

Code:

Code:

Code:

Board footer