-
The forum software that supports hummy.tv has been upgraded to XenForo 2.3!
Please bear with us as we continue to tweak things, and feel free to post any questions, issues or suggestions in the upgrade thread.
SSH / Telnet on Webif settings
- Thread starter Cancunia
- Start date
Ezra Pound
Well-Known Member
Are you referring to the installable package Dropbear SSH 2012.5?
prpr
Well-Known Member
It's always a good idea to include enough context so someone else knows what you are talking about. Firmware version and Web-If versions would be a good start (I know you added the latter later), as would the main Page that you are on. A picture can often be worth a thousand words as well.
Using Firefox 16.0.2, if I select the disable telnet button and then update settings, I get the 'settings updated / effective next boot' message and indeed this does seem to toggle Telnet off and on. The problem seems to be that if you navigate away from that page to another webif page, then back again, the button is back to the default 'off' setting regardless. In my original post I'd mentioned that this is not a major issue as it does indeed toggle Telnet, so more for info and that 'yes / no' might be more straightforward than 'on/off'
Ezra Pound
Well-Known Member
The confusion arose because Web-If Settings will only display the Dropbear SSH Server setup box if Dropbear SSH has been install, if like Brian (and myself) you haven't installed this package there is nothing to see
prpr
Well-Known Member
Both these things are inelegant. I agree that you cannot pose a question like "Disable telnet server?" and have the answers as "On" or "Off". It just doesn't make sense. Either the answers need changing or the question does. Probably the latter, for consistency with the "Settings" page in the Web-IF which just uses "HTTPS web server?"
In any case, what telnet (should be Telnet IMHO) server is it referring to? I thought this was built into the flash image now, so is it that or something else?
Black Hole
May contain traces of nut
The Dropbear package provides a secure server. The basic server in Flash uses as small a footprint as possible.
I think it may be best to remove this setting. If someone has the Telnet server disabled it may not be possible to fix a corrupt disk without installing some custom custom firmware. The original reason for having it was a security concern but since the new menu requests a PIN, the requirement for it may no longer apply.
It /is/ referring to the telnet server in flash. The dropbear-ssh package provides SSH access to the box and adds an option to disable the default telnet server to the settings page. It was requested at some point but most people probably don't use it. As xyz321 says, it can complicate recovery, although there are some things built-in to help if anyone gets into that situation.
It is secure if the "Prevent logins with passwords" setting is turned on and a password is used for the webif.
I've changed the SSH userid as recommended in another thread by editing the dropbear passwd & shadow files (/mod/etc/dropbear) , password remains the same as I don't know how to create a different one. I'm wondering if it's possible to have certificate / public key based access instead of password based access. For me, remote access via the Internet is needed.
Yes, you just need to create the directory '/mod/.ssh' and then create the file 'authorized_keys' in that directory containing the public key (or a list of public keys) which is/are allowed to access the Humax.
Edit: If you have edited /mod/etc/dropbear/passwd then you may have a different home directory, in which case the .ssh directory should be created under that home directory.