1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

SSH / Telnet on Webif settings

Discussion in 'HD/HDR-FOX T2 Customised Firmware' started by Cancunia, Nov 23, 2012.

  1. Cancunia

    Cancunia Member

    Anyone noticed that the button to enable / disable Telnet does not seem to work properly? Would be good in any case to change the Disable Telnet options to yes / no as opposed to on & off. Non urgent, but just happened to notice some odd behavior on that button.
     
  2. Brian

    Brian Administrator Staff Member

    Which button are you referring to? is it "Expert mode telnet server?" if so, what is wrong with it? It seems to work properly for me.
     
  3. Cancunia

    Cancunia Member

    No, it's in the SSH section "Disable telnet server?" buttons with options of 'on/off'. Perhaps I'm on an older version of Webif (am using 10.0-2) and this has been fixed.
     
  4. Brian

    Brian Administrator Staff Member

    I don't seem to have that button, what section is it in? I am using 0.10.0-5

    Edit: I don't have an SSH section
     
  5. Ezra Pound

    Ezra Pound Well-Known Member

    Are you referring to the installable package Dropbear SSH 2012.5?
     
  6. prpr

    prpr Well-Known Member

    It's always a good idea to include enough context so someone else knows what you are talking about. Firmware version and Web-If versions would be a good start (I know you added the latter later), as would the main Page that you are on. A picture can often be worth a thousand words as well.
     
  7. Cancunia

    Cancunia Member

    It's Webif Settings for the SSH Package that I'm referring to. Sorry, thought that was clear from the title in the post. Was going to post an image, but unsure how to do so, presumably via the file uploads?
     

    Attached Files:

  8. af123

    af123 Administrator Staff Member

    Can you expand on "doesn't work properly"? A reboot is required after changing that setting.
     
  9. Cancunia

    Cancunia Member

    Using Firefox 16.0.2, if I select the disable telnet button and then update settings, I get the 'settings updated / effective next boot' message and indeed this does seem to toggle Telnet off and on. The problem seems to be that if you navigate away from that page to another webif page, then back again, the button is back to the default 'off' setting regardless. In my original post I'd mentioned that this is not a major issue as it does indeed toggle Telnet, so more for info and that 'yes / no' might be more straightforward than 'on/off'
     
  10. Ezra Pound

    Ezra Pound Well-Known Member

    The confusion arose because Web-If Settings will only display the Dropbear SSH Server setup box if Dropbear SSH has been install, if like Brian (and myself) you haven't installed this package there is nothing to see
     
    brian likes this.
  11. prpr

    prpr Well-Known Member

    Both these things are inelegant. I agree that you cannot pose a question like "Disable telnet server?" and have the answers as "On" or "Off". It just doesn't make sense. Either the answers need changing or the question does. Probably the latter, for consistency with the "Settings" page in the Web-IF which just uses "HTTPS web server?"

    In any case, what telnet (should be Telnet IMHO) server is it referring to? I thought this was built into the flash image now, so is it that or something else?
     
  12. Black Hole

    Black Hole Felonius Gru

    The Dropbear package provides a secure server. The basic server in Flash uses as small a footprint as possible.
     
  13. xyz321

    xyz321 Well-Known Member

    I think it may be best to remove this setting. If someone has the Telnet server disabled it may not be possible to fix a corrupt disk without installing some custom custom firmware. The original reason for having it was a security concern but since the new menu requests a PIN, the requirement for it may no longer apply.
     
  14. af123

    af123 Administrator Staff Member

    It /is/ referring to the telnet server in flash. The dropbear-ssh package provides SSH access to the box and adds an option to disable the default telnet server to the settings page. It was requested at some point but most people probably don't use it. As xyz321 says, it can complicate recovery, although there are some things built-in to help if anyone gets into that situation.
     
  15. Cancunia

    Cancunia Member

    One benefit from this option, which may well no longer be needed with the new telnet package is that it adds some much needed security from the default no password access to Root. SSH in itself is not particularly secure as there's only one password afaik.
     
  16. xyz321

    xyz321 Well-Known Member

    It is secure if the "Prevent logins with passwords" setting is turned on and a password is used for the webif.
     
  17. prpr

    prpr Well-Known Member

    Another oddly worded option. If "Prevent logins with passwords" is On, does that allow logins without a password or prevent them?
    Perhaps it should be "without"?
    I haven't used the package in question, but all this negative logic is very confusing.
     
  18. xyz321

    xyz321 Well-Known Member

    I think it means the password authentication mechanism is disabled when set to 'on' (i.e. it will not accept any password - including no password).
     
  19. Cancunia

    Cancunia Member

    I've changed the SSH userid as recommended in another thread by editing the dropbear passwd & shadow files (/mod/etc/dropbear) , password remains the same as I don't know how to create a different one. I'm wondering if it's possible to have certificate / public key based access instead of password based access. For me, remote access via the Internet is needed.
     
  20. xyz321

    xyz321 Well-Known Member

    Yes, you just need to create the directory '/mod/.ssh' and then create the file 'authorized_keys' in that directory containing the public key (or a list of public keys) which is/are allowed to access the Humax.

    Edit: If you have edited /mod/etc/dropbear/passwd then you may have a different home directory, in which case the .ssh directory should be created under that home directory.