How to get a telnet into R29
This guide is not the definitive super-duper perfect solution for this, but as Linksys did remove telnet.cgi as well as telnetd from the image, I still wanted to have something like a telnet access to it.
Here are the ingredients you need:
Note that I have not flashed anything yet, so everything I describe here does neither need physical access to the NSLU2 (the harddrives can stay plugged in) nor is anything changed within the device, so just a power cycle shall removes everything. Of course you still can kill your device if you don't do it properly or you do something insane on the shell.
1. Prepare a new Ramdisk
I assume you use /bin/bash as your shell.
The file contents of
#!/bin/ash echo "Content-type: text/plain" echo "" i=/etc/inetd.conf if [ ! -s $i ] then echo "[fix]" killall inetd echo "telnet stream tcp nowait root /bin/ash -i" >$i ( /bin/inetd >/dev/null 2>&1 <&1 & ) fi if [ -z "$QUERY_STRING" ] then echo "[set]" set else echo "exec $QUERY_STRING" exec $QUERY_STRING fi
Actually you must pipe this through /bin/sed to get rid if the first space, if you cut'n'paste it from this Wiki page (the Wiki formatting is broken by design):
2. Prepare the TFTP files
Copy ramdisk.gz and vmlinuz to your /tftpboot/ or whereever your TFTP daemon takes the files from.
3. Boot the NSLU2 into RedBoot
The best way I found was to use the Perl script from TelnetIntoRedBoot. You don't need upslug! And remember that RedBoot always uses the IP 192.168.0.1 for the device.
4. Activate telnet
Modern browsers don't think you are mature. They are behaving like screwed up nannys thinking all the children are just to stupid to express their real meaning. They augment your input. Therefor you are not able to use the web interface for commands, which contain arguments. This is because your browser will replace any space with %20, which cannot be understood by the shell. Sadly I did not find any possibility to to an regexp replacement on environment variables in the NSLU2, so we have to live with this problem.
Warning! This step activates telnet access to the box without any user/password prompt or whatsoever! So only do this in your own LAN! You can modify the CGI from step 1 such, that it does not activate inetd. In this case, you only have variant 3 in step 5 to access a shell in the box.
The script from above fixes the inetd setting and restarts inetd. This way you can directly control a shell over the network.
5. Telnet into the box
Well, the world is no perfect place to live in. This is true especially for a shell access without a terminal via inetd.
So you have two choices how to connect there:
telnet 192.168.0.77 80
Now it starts to become funny. You have to always enter an extra ';' at the end of the line to get rid if the CR which is inserted by the protocol handlers. You always will see an error, however you can ignore it. So don't type "ls -al", type "ls -al;" and Return. (If you use netcat, it works as expected, however you must stick to the line mode then.)
6. Get rid of the modifications
As the modifications were not flashed, it's enough to reboot the device to get rid of the modifications presented here. Perhaps somebody can extend this to explain how to make this changes permanently.
7. Final notes
There is a vi command in R29. It's the secret of Linksys why they deploy an interactive visual editor onto a device which lacks the possibility of interaction. However for the first steps it's really convenient to have a vi.