Strict Standards: Declaration of Walker_Page::start_lvl() should be compatible with Walker::start_lvl(&$output) in /membri/cyberstorm/blog/wp-includes/classes.php on line 576

Strict Standards: Declaration of Walker_Page::end_lvl() should be compatible with Walker::end_lvl(&$output) in /membri/cyberstorm/blog/wp-includes/classes.php on line 576

Strict Standards: Declaration of Walker_Page::start_el() should be compatible with Walker::start_el(&$output) in /membri/cyberstorm/blog/wp-includes/classes.php on line 576

Strict Standards: Declaration of Walker_Page::end_el() should be compatible with Walker::end_el(&$output) in /membri/cyberstorm/blog/wp-includes/classes.php on line 576

Strict Standards: Declaration of Walker_PageDropdown::start_el() should be compatible with Walker::start_el(&$output) in /membri/cyberstorm/blog/wp-includes/classes.php on line 593

Strict Standards: Declaration of Walker_Category::start_lvl() should be compatible with Walker::start_lvl(&$output) in /membri/cyberstorm/blog/wp-includes/classes.php on line 687

Strict Standards: Declaration of Walker_Category::end_lvl() should be compatible with Walker::end_lvl(&$output) in /membri/cyberstorm/blog/wp-includes/classes.php on line 687

Strict Standards: Declaration of Walker_Category::start_el() should be compatible with Walker::start_el(&$output) in /membri/cyberstorm/blog/wp-includes/classes.php on line 687

Strict Standards: Declaration of Walker_Category::end_el() should be compatible with Walker::end_el(&$output) in /membri/cyberstorm/blog/wp-includes/classes.php on line 687

Strict Standards: Declaration of Walker_CategoryDropdown::start_el() should be compatible with Walker::start_el(&$output) in /membri/cyberstorm/blog/wp-includes/classes.php on line 710

Strict Standards: Redefining already defined constructor for class wpdb in /membri/cyberstorm/blog/wp-includes/wp-db.php on line 58

Deprecated: Assigning the return value of new by reference is deprecated in /membri/cyberstorm/blog/wp-includes/cache.php on line 99

Strict Standards: Redefining already defined constructor for class WP_Object_Cache in /membri/cyberstorm/blog/wp-includes/cache.php on line 404

Deprecated: Assigning the return value of new by reference is deprecated in /membri/cyberstorm/blog/wp-includes/query.php on line 21

Deprecated: Assigning the return value of new by reference is deprecated in /membri/cyberstorm/blog/wp-includes/theme.php on line 576

Strict Standards: Declaration of fs_ezSQL_mysql::query() should be compatible with fs_ezSQLcore::query() in /membri/cyberstorm/blog/wp-content/plugins/firestats/lib/ezsql/mysql/ez_sql_mysql.php on line 329

Strict Standards: Declaration of fs_ezSQL_mysql::escape() should be compatible with fs_ezSQLcore::escape() in /membri/cyberstorm/blog/wp-content/plugins/firestats/lib/ezsql/mysql/ez_sql_mysql.php on line 329

Strict Standards: call_user_func_array() expects parameter 1 to be a valid callback, non-static method GoogleSitemapGeneratorLoader::Enable() should not be called statically in /membri/cyberstorm/blog/wp-includes/plugin.php on line 311
New fw - sshd inside! | marco v. site
Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /membri/cyberstorm/blog/wp-includes/kses.php on line 932

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /membri/cyberstorm/blog/wp-includes/kses.php on line 933

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /membri/cyberstorm/blog/wp-includes/kses.php on line 932

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /membri/cyberstorm/blog/wp-includes/kses.php on line 933

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /membri/cyberstorm/blog/wp-includes/kses.php on line 932

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /membri/cyberstorm/blog/wp-includes/kses.php on line 933

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /membri/cyberstorm/blog/wp-includes/kses.php on line 932

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /membri/cyberstorm/blog/wp-includes/kses.php on line 933

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /membri/cyberstorm/blog/wp-includes/kses.php on line 932

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /membri/cyberstorm/blog/wp-includes/kses.php on line 933

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /membri/cyberstorm/blog/wp-includes/kses.php on line 932

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /membri/cyberstorm/blog/wp-includes/kses.php on line 933

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /membri/cyberstorm/blog/wp-includes/kses.php on line 932

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /membri/cyberstorm/blog/wp-includes/kses.php on line 933

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /membri/cyberstorm/blog/wp-includes/kses.php on line 932

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /membri/cyberstorm/blog/wp-includes/kses.php on line 933

New fw - sshd inside!

Filed under: Linksys WAG354G, Unofficial firmware — Wrote by marco v on Friday, March 16th, 2007 @ 6:22 pm

New firmware. Added ability to run a ssh server on the router.
To use ssh server, you have to do some easy steps, using the Management.asp page:
1) Format the rw partition
2)Enable the mount of the rw partition at boot
3)Reboot
4)Generate the ssh key
5)Enable the dropbear server
6)Reboot

I advice you to do this after ~ 5min of router uptime, and with the router in idle status, because key generation need some computation resources.
Download page

15 Comments   -
  • Comment by Anonymous | March 16, 2007 @ 11:04 pm

    I flashed the firmware, followed the steps, and have trouble logging into the modem with ssh.
    ie ssh -l admin 192.168.1.1
    >enter password….access denied.

    Any Ideas??

    Cheers,

    Andy Burn
    (Good work by the way, I havent had time to compile stuff lately!)

  • Comment by marco v | March 17, 2007 @ 10:07 am

    well, that sounds like a really strange problem.
    The login and password are the same you use for the web interface and for telnet.
    Have you tried that from the lan side? To use it from the wan side, you have to add a rule to netfilter.

    Is the answer from the rotuer only the line you have reported here?
    The router should let you enter password for 3 times, even if the login name does not exist. You should see this:
    [email protected].1.1’s password:

    Also, usually the first time you login you should get something like:
    The authenticity of host ‘192.168.1.1 (192.168.1.1)’ can’t be established.
    RSA key fingerprint is 1f:54:6a:30:f2:48:f8:ae:fe:19:f8:ce:19:f5:f2:d8.
    Are you sure you want to continue connecting (yes/no)?

    You have obviously to answer yes.
    just fyi:
    The fingerprint of ther routher key is added to .ssh/known_host. If later you change the ssh key, you will get an error if you login because of the different fingerprint.
    To solve this problem, you have to edit the .ssh/known_hosts file, and remove the line corresponding to the old fingerprint.

  • Comment by Anonymous | March 17, 2007 @ 11:20 am

    Yes Marco, it is strange.
    I know about all the usual things to do with ssh/netfilter etc after 4-5 years of gentoo and and even more with RH ;o) .
    On the LAN side, I tried changing the password to something short, made another key, deleted the known hosts file,rebooted etc.

    The strange thing is, if I enable telnet, I can log in!

    Ill have another go this weekend and reflash the firmware.

    Many Thanks,

    Andy

  • Comment by Anonymous | March 17, 2007 @ 11:21 am

    Miracle! It lets me in!
    I must have been drunk last night!

    lol, hahahaha!

    Thanks for your work Marco :)

    Andy

  • Comment by Anonymous | March 17, 2007 @ 6:11 pm

    Hi again :)

    I’ve opened port 22 to the modem with the address 192.168.1.1 using the web interface, however I have no luck connecting from the WAN side.
    Also, I cannot seem to find any netfilter file to add a rule to!

    How have you enabled access via the WAN side? A nice entry box on the web page would be cool to enable the required port ( I normally use 8080) to the world.

    Thanks again,

    Andy

  • Comment by marco v | March 18, 2007 @ 3:31 pm

    AFAIK from the web interface you can only forward ports. The rule you need to accept connections from the wan side should be:

    iptables -A INPUT -i ppp0 -p tcp –dport 22 -j ACCEPT

    Tell me if this works, because I dont have an easy and fast way to test ssh from the internet.

    Yes, I will integrate it in the web interface, and also add a field for a custom port, I only need some spare time :)

  • Comment by Andy Burn | March 18, 2007 @ 11:20 pm

    Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /membri/cyberstorm/blog/wp-includes/kses.php on line 932

    Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /membri/cyberstorm/blog/wp-includes/kses.php on line 933

    I appreciate the fact you have little time! Me too! :)

    /usr/sbin/iptables -A INPUT -i ppp0 -p tcp –dport 22 -j ACCEPT

    doesnt seem to work. I cannot login from a remote machine. Even when I put 192.168.1.1 in the DMZ…

    I get nothing in the logs either.
    mmmmm.

    I just created a script in /mnt

    #!/bin/bash
    # Firewall script that allows access to my WAG354G
    #These rules will be overwritten by the http://192.168.1.1/Forward_UPnP.asp page

    # Location of iptables command
    IPTABLES=/usr/sbin/iptables

    # Flush existing firewall rules
    $IPTABLES –flush

    # Delete any chains from previous scripts
    $IPTABLES –delete-chain

    # Change the default policy of all three chains to DROP
    $IPTABLES -P INPUT DROP

    #$IPTABLES -P FORWARD DROP # if this is enabled I cant do anything from my LAN!
    $IPTABLES -P OUTPUT DROP

    # Use stateful inspection feature to only allow incoming connections
    # related to connections I have already established myself
    $IPTABLES -A INPUT -m state –state ESTABLISHED,RELATED -j ACCEPT
    $IPTABLES -A OUTPUT -m state –state NEW,ESTABLISHED,RELATED -j ACCEPT
    #what about established FORWARD?

    # Allow the world access to ports 22/80 on my WAG354G,

    $IPTABLES -A INPUT -p tcp –dport 22 -j ACCEPT # internal ssh now works
    $IPTABLES -A INPUT -p tcp –dport 80 -j ACCEPT # internal modem web pages now acce
    $IPTABLES -A INPUT -i ppp0 -p tcp –dport 22 -j ACCEPT #this now works!

    # Other rules may be needed to allow other required ports

    # Included to allow the script to exit gracefully
    exit 0

    This seems to work now :)

    Cheers, Andy

  • Comment by marco v | March 19, 2007 @ 2:47 pm

    So does these last rules work with ssh from wan side?
    I also have to add the possibility to execute a custom script at startup….

  • Comment by Andy Burn | March 19, 2007 @ 3:34 pm

    Yes Marco,
    It works for the WAN side. I logged into an external machine last night and then back into the modem only. Worked nice.
    The only problem I have is my wife unplugged it this morning (to do the ironing) and now I cant get in from work!
    lol!

    Thanks,

    Andy

  • Comment by marco v | March 19, 2007 @ 4:00 pm

    The only problem I have is my wife unplugged it this morning (to do the ironing)

    what about giving her a multiple outlet as present for your next anniversary :) ?

    btw, thank you for your testing.

  • Comment by Andy Burn | March 20, 2007 @ 11:42 am

    No problem Marco, thanks for your firmware :)

    I am able to login from work and use ether-wake to wake up my server now! Top marks!

    However, is it possible to store small scripts in nvram at all?

    Many Thanks,

    Andy

  • Comment by marco v | March 20, 2007 @ 5:38 pm

    it depends on the length of the script, it seems that there is a max length for a variable in nvram; I wasnt able to store the dropbear key (400+ chars)

  • Comment by KwieciK | April 2, 2007 @ 1:36 pm

    Hi.
    Marco,

    First of all, many thanks to you for fw - something different than mass production from linksys.

    Second, I hadn’t noticed any major problems after flashing router with your software. One small problem occurs when I changed wireless settings and press Save - I’ve got a black screen… but after refresh of the web, everything went back to the right and changes was saved properly. Different problem appear when I formated the rw partition. After all I have lost connection (I could find router through WiFi but I couldn’t connect to them) - hard reset makes router available and working.

    NTP works fine! :)

    Till today I haven’t had chance to test SSH but I will do this week.

    I hope I could help you and this small community to improve functionality of WAG354G :)

    BTW, are you providing for some improvments in the wireless for this router?

    Thanks and best wishes to all.

    Konrad vel KwieciK

  • Comment by marco v | April 3, 2007 @ 1:49 pm

    hi! Thank you for using neptune354.

    I know that this version has some bugs/problems, and I have solved them now. The version in SVN is really improved, I have to take the time to put a version online.

    You are welcome to help us to improve neptune354, we really need someone that can help. Check out out mailing list, you will of course be useful in some way!

    About wireless, I had not planned any improvement yet, mainly because my knowledge is not so advanced. Anyway I could try to get some knowledge from other firmware projects.

    cheers

  • Comment by diz POLAND | June 7, 2007 @ 12:40 pm

    Andy Burn: How do you put ether-wake in router? Can you do some instructions and maybe compiled binary?

Leave your comment


Strict Standards: call_user_func_array() expects parameter 1 to be a valid callback, non-static method zrx_captcha::draw_form() should not be called statically in /membri/cyberstorm/blog/wp-includes/plugin.php on line 311
FireStats icon Powered by FireStats