SSH / Telnet on Webif settings

Cancunia

Member
Anyone noticed that the button to enable / disable Telnet does not seem to work properly? Would be good in any case to change the Disable Telnet options to yes / no as opposed to on & off. Non urgent, but just happened to notice some odd behavior on that button.
 
Which button are you referring to? is it "Expert mode telnet server?" if so, what is wrong with it? It seems to work properly for me.
 
No, it's in the SSH section "Disable telnet server?" buttons with options of 'on/off'. Perhaps I'm on an older version of Webif (am using 10.0-2) and this has been fixed.
 
I don't seem to have that button, what section is it in? I am using 0.10.0-5

Edit: I don't have an SSH section
 
No, it's in the SSH section "Disable telnet server?" buttons with options of 'on/off'. Perhaps I'm on an older version of Webif (am using 10.0-2) and this has been fixed.

Are you referring to the installable package Dropbear SSH 2012.5?
 
Anyone noticed that the button to enable / disable Telnet does not seem to work properly? Would be good in any case to change the Disable Telnet options to yes / no as opposed to on & off. Non urgent, but just happened to notice some odd behavior on that button.
It's always a good idea to include enough context so someone else knows what you are talking about. Firmware version and Web-If versions would be a good start (I know you added the latter later), as would the main Page that you are on. A picture can often be worth a thousand words as well.
 
It's Webif Settings for the SSH Package that I'm referring to. Sorry, thought that was clear from the title in the post. Was going to post an image, but unsure how to do so, presumably via the file uploads?
 

Attachments

  • SSH Image.JPG
    SSH Image.JPG
    18.4 KB · Views: 15
Can you expand on "doesn't work properly"? A reboot is required after changing that setting.
 
Using Firefox 16.0.2, if I select the disable telnet button and then update settings, I get the 'settings updated / effective next boot' message and indeed this does seem to toggle Telnet off and on. The problem seems to be that if you navigate away from that page to another webif page, then back again, the button is back to the default 'off' setting regardless. In my original post I'd mentioned that this is not a major issue as it does indeed toggle Telnet, so more for info and that 'yes / no' might be more straightforward than 'on/off'
 
The confusion arose because Web-If Settings will only display the Dropbear SSH Server setup box if Dropbear SSH has been install, if like Brian (and myself) you haven't installed this package there is nothing to see
 
In my original post I'd mentioned that this is not a major issue as it does indeed toggle Telnet, so more for info and that 'yes / no' might be more straightforward than 'on/off'
Both these things are inelegant. I agree that you cannot pose a question like "Disable telnet server?" and have the answers as "On" or "Off". It just doesn't make sense. Either the answers need changing or the question does. Probably the latter, for consistency with the "Settings" page in the Web-IF which just uses "HTTPS web server?"

In any case, what telnet (should be Telnet IMHO) server is it referring to? I thought this was built into the flash image now, so is it that or something else?
 
The Dropbear package provides a secure server. The basic server in Flash uses as small a footprint as possible.
 
I think it may be best to remove this setting. If someone has the Telnet server disabled it may not be possible to fix a corrupt disk without installing some custom custom firmware. The original reason for having it was a security concern but since the new menu requests a PIN, the requirement for it may no longer apply.
 
In any case, what telnet (should be Telnet IMHO) server is it referring to? I thought this was built into the flash image now, so is it that or something else?

It /is/ referring to the telnet server in flash. The dropbear-ssh package provides SSH access to the box and adds an option to disable the default telnet server to the settings page. It was requested at some point but most people probably don't use it. As xyz321 says, it can complicate recovery, although there are some things built-in to help if anyone gets into that situation.
 
One benefit from this option, which may well no longer be needed with the new telnet package is that it adds some much needed security from the default no password access to Root. SSH in itself is not particularly secure as there's only one password afaik.
 
Another oddly worded option. If "Prevent logins with passwords" is On, does that allow logins without a password or prevent them?
Perhaps it should be "without"?
I haven't used the package in question, but all this negative logic is very confusing.
 
I think it means the password authentication mechanism is disabled when set to 'on' (i.e. it will not accept any password - including no password).
 
I've changed the SSH userid as recommended in another thread by editing the dropbear passwd & shadow files (/mod/etc/dropbear) , password remains the same as I don't know how to create a different one. I'm wondering if it's possible to have certificate / public key based access instead of password based access. For me, remote access via the Internet is needed.
 
I'm wondering if it's possible to have certificate / public key based access instead of password based access. For me, remote access via the Internet is needed.
Yes, you just need to create the directory '/mod/.ssh' and then create the file 'authorized_keys' in that directory containing the public key (or a list of public keys) which is/are allowed to access the Humax.

Edit: If you have edited /mod/etc/dropbear/passwd then you may have a different home directory, in which case the .ssh directory should be created under that home directory.
 
Back
Top