NSLU2-Linux
view · edit · print · history

How can I upgrade OpenSSH if I'm connected to the NSLU2 via SSH? If I try to upgrade whilst connected via SSH, the connection is dropped and then no further login is possible

Upgrading OpenSSH when you're logged in via OpenSSH is unfortunately not a good thing to do. Fortunately there is a solution: enable telnet on the NSLU2 via http://192.168.1.77/Management/telnet.cgi (Note: This has been removed as of R29), then telnet into the NSLU2 and type 'ipkg install openssh' which will reinstall/upgrade OpenSSH.


Or you just install the coreutils package via ipkg install coreutils which gives you the nohup functionality. Then you can start the upgrade with nohup ipkg ... with the -force-defaults option. This option handles the questions raised by ipkg by answering with the default option.


To do this without having to type the root password over telnet:

  1. ipkg install dropbear (assuming you have removed it)
  2. Change DROPBEAR_PORT parameter in /etc/init.d/dropbear from default 22 to other port number.
  3. Fire up dropbear with /etc/init.d/dropbear start
  4. Log out
  5. Connect to the dropbear ssh daemon (on the port you just configured)
  6. ipkg install openssh
  7. Log out
  8. Connect to the openssh ssh daemon (on the default port, 22)
  9. Stop and/or remove dropbear

notice: somehow on my nslu with R29 telnet is possible. notice: following the dropbear-way wont work because it wants to install ssh, which is already installed in a minor version. found no way to ignore this dependency.


OpenSlug 3.1 Dropbear to openssh

First off you can install all the regular openssh client utilities without any issue

ipkg install openssh-ssh openssh-scp openssh-scp openssh-doc openssh-misc

Now first we need to change dropbear's default port

Edit etc/init.d/dropbear

Change:

DROPBEAR_PORT=22

to another unused port (I used 10000)

DROPBEAR_PORT=10000

If you just restart dropbear at this point your connections will be lost, this is what I did and dropbear did not seem to restart ok so I could not reconnect. I then rebooted and was fine.

I suggest you first do this:

ipkg install openssh-sshd --force-depends

This should fail when trying to start sshd but that is ok, edit etc/ssh/sshd_config if you so desire; I suggest that you make sure this is set:

Uncomment:

#PermitRootLogin yes

to:

PermitRootLogin yes

Ok now reboot, when the NSLU2 comes back up openssh should be running on port 22 and dropbear on 10000. You may now want to unistall dropbear or leave it as a backdoor.


For those interested in a bit more security, it is usually considered safer to not allow root to ssh into the host, but instead have a non-privilaged user to connect to and then su to root if you need to. For that configuration, you need to create the non-privilaged user and then make sure that the PermitRootLogin? line mentioned above is uncommented and set to no.

Here are the commands I used to set up a user "foo".

cat >> /etc/passwd << EOF

foo:*:101:100:My nonprivilaged acct:/home/foo:/bin/sh

EOF

mkdir /home/foo; chown foo:users /home/foo; chmod 700 /home/foo

101 is the user's ID. This can be anything as long as it isn't already being used. 100 is the group id for the users group. Then you can use passwd foo to change foo's password.


Another solution is to use screen.

ipkg install screen

screen -S install

ipkg install openssh

Now the install will continue even if you are disconnected.

view · edit · print · history · Last edited by kedalel.
Based on work by kedalel, skibumatbu, micha, johnmccoyjr, oz, and idsfa.
Originally by tman.
Page last modified on July 11, 2008, at 10:14 PM