NSLU2-Linux
view · edit · print · history

HowTo.UpgradeOpenSSH History

Hide minor edits - Show changes to markup

July 11, 2008, at 10:14 PM by kedalel --
Changed lines 86-91 from:

[ipkg install screen]

[screen -S install]

[ipkg install openssh]

to:

ipkg install screen

screen -S install

ipkg install openssh

Restore
July 11, 2008, at 10:13 PM by kedalel --
Added line 85:
Added line 87:
Added line 89:
Added line 91:
Restore
July 11, 2008, at 10:13 PM by kedalel -- + Screen
Added lines 83-88:

Another solution is to use screen. [ipkg install screen] [screen -S install] [ipkg install openssh] Now the install will continue even if you are disconnected.

Restore
April 17, 2007, at 11:14 PM by skibumatbu --
Changed lines 74-83 from:

@@ cat >> /etc/passwd << EOF

foo:*:101:100:My nonprivilaged acct:/home/foo:/bin/sh

EOF

mkdir /home/foo; chown foo:users /home/foo; chmod 700 /home/foo @@

to:

cat >> /etc/passwd << EOF

foo:*:101:100:My nonprivilaged acct:/home/foo:/bin/sh

EOF

mkdir /home/foo; chown foo:users /home/foo; chmod 700 /home/foo

Restore
April 17, 2007, at 11:12 PM by skibumatbu --
Changed lines 70-71 from:

For those interested in a bit more security, it is usually considered safer to not allow root to ssh into the host, but instead have a non-privilaged user to connect to and then su to root if you need to. For that configuration, you need to create the non-privilaged user and then make sure that the PermitRootLogin? line mentioned above is uncommented and set to no.

to:

For those interested in a bit more security, it is usually considered safer to not allow root to ssh into the host, but instead have a non-privilaged user to connect to and then su to root if you need to. For that configuration, you need to create the non-privilaged user and then make sure that the PermitRootLogin? line mentioned above is uncommented and set to no.

Changed line 74 from:

@@[=

to:

@@

Added line 76:
Added line 78:
Added line 80:
Changed lines 82-83 from:

=]@@

to:

@@

Restore
April 17, 2007, at 11:11 PM by skibumatbu -- Add some ssh security into the howto
Changed lines 68-81 from:

Ok now reboot, when the NSLU2 comes back up openssh should be running on port 22 and dropbear on 10000. You may now want to unistall dropbear or leave it as a backdoor.

to:

Ok now reboot, when the NSLU2 comes back up openssh should be running on port 22 and dropbear on 10000. You may now want to unistall dropbear or leave it as a backdoor.

For those interested in a bit more security, it is usually considered safer to not allow root to ssh into the host, but instead have a non-privilaged user to connect to and then su to root if you need to. For that configuration, you need to create the non-privilaged user and then make sure that the PermitRootLogin? line mentioned above is uncommented and set to no.

Here are the commands I used to set up a user "foo".

cat >> /etc/passwd << EOF foo:*:101:100:My nonprivilaged acct:/home/foo:/bin/sh EOF mkdir /home/foo; chown foo:users /home/foo; chmod 700 /home/foo

101 is the user's ID. This can be anything as long as it isn't already being used. 100 is the group id for the users group. Then you can use passwd foo to change foo's password.

Restore
September 17, 2006, at 07:39 PM by micha --
Changed lines 4-6 from:
to:



Restore
September 17, 2006, at 07:38 PM by micha --
Added lines 5-6:

Or you just install the coreutils package via ipkg install coreutils which gives you the nohup functionality. Then you can start the upgrade with nohup ipkg ... with the -force-defaults option. This option handles the questions raised by ipkg by answering with the default option.

Restore
July 04, 2006, at 05:17 PM by johnmccoyjr -- OpenSlug 3.1 Dropbear to openssh
Changed lines 28-64 from:

notice: following the dropbear-way wont work because it wants to install ssh, which is already installed in a minor version. found no way to ignore this dependency.

to:

notice: following the dropbear-way wont work because it wants to install ssh, which is already installed in a minor version. found no way to ignore this dependency.

OpenSlug 3.1 Dropbear to openssh

First off you can install all the regular openssh client utilities without any issue

ipkg install openssh-ssh openssh-scp openssh-scp openssh-doc openssh-misc

Now first we need to change dropbear's default port

Edit etc/init.d/dropbear

Change:

DROPBEAR_PORT=22

to another unused port (I used 10000)

DROPBEAR_PORT=10000

If you just restart dropbear at this point your connections will be lost, this is what I did and dropbear did not seem to restart ok so I could not reconnect. I then rebooted and was fine.

I suggest you first do this:

ipkg install openssh-sshd --force-depends

This should fail when trying to start sshd but that is ok, edit etc/ssh/sshd_config if you so desire; I suggest that you make sure this is set:

Uncomment:

#PermitRootLogin yes

to:

PermitRootLogin yes

Ok now reboot, when the NSLU2 comes back up openssh should be running on port 22 and dropbear on 10000. You may now want to unistall dropbear or leave it as a backdoor.

Restore
April 14, 2006, at 11:41 AM by oz --
Changed lines 25-28 from:
  1. Stop and/or remove dropbear
to:
  1. Stop and/or remove dropbear

notice: somehow on my nslu with R29 telnet is possible. notice: following the dropbear-way wont work because it wants to install ssh, which is already installed in a minor version. found no way to ignore this dependency.

Restore
January 09, 2006, at 12:14 PM by idsfa -- Do the dropbear hokey pokey
Changed lines 1-3 from:

How can I upgrade OpenSSH if I'm connected to the NSLU2 via SSH? If I try to upgrade whilst connected via SSH, the connection is dropped and then no further login is possible

Upgrading OpenSSH when you're logged in via OpenSSH is unfortunately not a good thing to do. Fortunately there is a solution: enable telnet on the NSLU2 via http://192.168.1.77/Management/telnet.cgi (Note: This has been removed as of R29), then telnet into the NSLU2 and type 'ipkg install openssh' which will reinstall/upgrade OpenSSH.

to:

How can I upgrade OpenSSH if I'm connected to the NSLU2 via SSH? If I try to upgrade whilst connected via SSH, the connection is dropped and then no further login is possible

Upgrading OpenSSH when you're logged in via OpenSSH is unfortunately not a good thing to do. Fortunately there is a solution: enable telnet on the NSLU2 via http://192.168.1.77/Management/telnet.cgi (Note: This has been removed as of R29), then telnet into the NSLU2 and type 'ipkg install openssh' which will reinstall/upgrade OpenSSH.

To do this without having to type the root password over telnet:

  1. ipkg install dropbear (assuming you have removed it)
  2. Change DROPBEAR_PORT parameter in /etc/init.d/dropbear from default 22 to other port number.
  3. Fire up dropbear with /etc/init.d/dropbear start
  4. Log out
  5. Connect to the dropbear ssh daemon (on the port you just configured)
  6. ipkg install openssh
  7. Log out
  8. Connect to the openssh ssh daemon (on the default port, 22)
  9. Stop and/or remove dropbear
Restore
August 22, 2005, at 03:41 PM by tman --
Added lines 1-3:

How can I upgrade OpenSSH if I'm connected to the NSLU2 via SSH? If I try to upgrade whilst connected via SSH, the connection is dropped and then no further login is possible

Upgrading OpenSSH when you're logged in via OpenSSH is unfortunately not a good thing to do. Fortunately there is a solution: enable telnet on the NSLU2 via http://192.168.1.77/Management/telnet.cgi (Note: This has been removed as of R29), then telnet into the NSLU2 and type 'ipkg install openssh' which will reinstall/upgrade OpenSSH.

Restore
view · edit · print · history · Last edited by kedalel.
Based on work by kedalel, skibumatbu, micha, johnmccoyjr, oz, and idsfa.
Originally by tman.
Page last modified on July 11, 2008, at 10:14 PM