| Olegs firmware SSH Server guide |
|
|
|
| Written by macsat | |
| Thursday, 24 November 2005 | |
|
This is a step for step guide for enabling the dropbear SSH server in your ASUS WLxxxx linux-based wireless product. If you are the lucky owner of any of the above devices, you have come to the right place. After following the steps in this guide, your ASUS WL device will have all its normal functionality, Guide Index1. Prerequisites - What is needed to get started.2. Configuring the ssh server 3. Enabling at startup, and opening the firewall to accept incomming ssh connections PrerequisitesAll you need is :The firmware IS needed. You will NOT get the steps below working if you use the stock firmware. The firmware on your device can be upgraded using the webinterface, please consult your users manual for details. Note that this guide does NOT require external storage, like a IDE or USB drive! If you dont already own one of the ASUS devices above, but consider buying one in order to take advantage of the server-possibilities, you should probably go for the WL-500gx or the WL-HDD. The WL-500gx has USB2.0 and the WL-HDD uses a normal IDE interface, while the other devices uses the slow USB 1.1 interface. Configuring the ssh serverThe ASUS WL-series routers are all running on a Broadcom BCM947XX Mipsel CPU and a customized linux.They all run a telnet server on the LAN side, allowing the users to access the routers console, using a telnet client like Putty 1) Log on to your router using telnet. As mentioned, putty would be a good choice of client. If you havent changed it, the router address is 192.168.1.1 and username / password is the same as you use for the webinterface. (In my screenshot I use 192.168.0.1, since this is my router address!) ![]() 2) To enable to ssh server, all you need is to generate a couple of keypairs for the ssl encryption: mkdir -p /usr/local/etc/dropbear < enter > dropbearkey -t dss -f /usr/local/etc/dropbear/dropbear_dss_host_key < enter > dropbearkey -t rsa -f /usr/local/etc/dropbear/dropbear_rsa_host_key < enter > Enabling at startup, and opening the firewall to accept incomming ssh connectionsThe Firmware version 1.9.2.7-4 by Oleg has a nice feature that it runs certain files at boot time, if they exist. Create theese files : mkdir /usr/local < enter > Create the correct lines in the post-boot file : mkdir /usr/local/sbin < enter > touch /usr/local/sbin/post-boot < enter > touch /usr/local/sbin/post-firewall < enter > chmod +x /usr/local/sbin/* < enter > echo "#!/bin/sh" >> /usr/local/sbin/post-boot < enter > Now you need to open your firewall, to accept WAN (Internet) connections to your ssh server. echo "dropbear" >> /usr/local/sbin/post-boot < enter > (This services is running on port 22) echo "#!/bin/sh" >> /usr/local/sbin/post-firewall < enter > The above will open the firewall for ssh connections.echo "iptables -D INPUT -j DROP" >> /usr/local/sbin/post-firewall < enter > echo "iptables -A INPUT -p tcp --dport 22 -j ACCEPT" >> /usr/local/sbin/post-firewall < enter > echo "iptables -t nat -A PREROUTING -i $1 -p tcp --dport 22 -j DNAT --to-destination $4:22 " >> /usr/local/sbin/post-firewall < enter > echo "iptables -A INPUT -j DROP" >> /usr/local/sbin/post-firewall < enter > Only thing now, is to save the changes we made. Since /usr/local/sbin is in the internal flash memory of the ASUS Device, we need to save it to flash and tell the router to use the files by enabling flashfs : flashfs save < enter > That is basically it, reboot your ASUS WL device, and enjoy your ssh server:-) flashfs commit < enter > flashfs enable < enter > reboot < enter > I hope you found this guide useful. Comments are welcome to This e-mail address is being protected from spam bots, you need JavaScript enabled to view it If you feel like it, donations are more than welcome as well :-) |
|
| Last Updated ( Tuesday, 10 January 2006 ) |
| < Prev | Next > |
|---|








