SSH Guide
From WL-HDD Wiki
| WL-HDD Contents |
|---|
| What is the WL-HDD |
| Features |
| Pro's/con's |
| Reviews |
| Hacking |
| Inserting the HDD |
| Hacking Guides |
| Basic setup guides |
| Packages guides |
| Requests |
| Troubleshooting |
| This Wiki |
| Credits |
| Editing help |
| Contact Me |
Contents |
[edit] Prerequisites
To complete this guide, the following is assumed:
| You are running Oleg's firmware (1.9.2.7-6b or later) |
| You have harddisk partitions up and running with an extended filesystem mounted to /opt |
| You have installed the Ipkg package system. |
| You have configured your partitions to automount. |
[edit] Install
First of all, we will make a directory for the dropbear host keys and create a dss and rss host key.
Host keys are not the same as privat/public keys. Dont confuse the two!.
The dss key will take a while to be made.
mkdir -p /usr/local/etc/dropbear dropbearkey -t dss -f /usr/local/etc/dropbear/dropbear_dss_host_key dropbearkey -t rsa -f /usr/local/etc/dropbear/dropbear_rsa_host_key
Now that dropbear is ready to run, we obviously need to configure it to run at startup so that the router is always accessible by SSH when turned on. The WL-HDD has a handy feature in that at startup, just after boot, it can run a post-boot script. This script has already been created in /usr/local/sbin during the automount guide. We just need to add a line to the script to start dropbear.
echo dropbear >>/usr/local/sbin/post-boot
However, the router is not yet available for SSH from the WAN. We need to configure iptables so that WAN access is available. We therefore need to create a post-firewall script that is run on startup in /usr/local/sbin
touch /usr/local/sbin/post-firewall
We then need to create some rules in this file:
echo "#!/bin/sh" >> /usr/local/sbin/post-firewall (identifies the script as a shell script) echo "#SSH" >> /usr/local/sbin/post-firewall (comments the rule so that we know what it does) echo 'iptables -D INPUT -j DROP' >> /usr/local/sbin/post-firewall echo 'iptables -A INPUT -p tcp --dport 22 -j ACCEPT' >> /usr/local/sbin/post-firewall echo 'iptables -t nat -A PREROUTING -i $1 -p tcp --dport 22 -j DNAT --to-destination $4:22' >> /usr/local/sbin/post-firewall echo 'iptables -A INPUT -j DROP' >> /usr/local/sbin/post-firewall
That has created a firewall rule that accepts connections on port 22 and routes it accordingly.
[edit] Save it all
Now we need to save changes to all of the above. /usr/local/sbin is in the internal flash memory of the WL-HDD and will by default be lost on a reboot. To save to flash and keep your changes, enter the following.
flashfs save flashfs commit flashfs enable
[edit] Connecting
[edit] From LAN
To connect to the SSH server whilst on the LAN, you need to open PuTTY and enter your WL-HDD internal IP address (192.168._._). Make sure the radio button is set on SSH and not telnet then connect.
[edit] From WAN
To connect to the SSH server from outside the LAN, determine the IP address of your ADSL/Cable router (provided by your ISP). On this router, forward the port 22 to the ip address of your WL-HDD using the web management page. Here are the settings (settings required and names may differ from router to router).
[edit] Settings
Private IP: IP of your WL-HDD Ports: 22 (or 22 to 22 on some routers that specify a range of ports) Port Map: 22 (if required)
Now, from a PC outside your LAN, open up PuTTY and enter the IP address of the router (to find this out go to this address in a web browser). Connect using SSH. Good Luck :)
[edit] Troubleshooting
If you run into problems for external access, search around for articles on port forwarding using google. Chances are, this will be the source of the problem in most cases.
SSH can be used to connect to WL HDD via terminal and it can be also used to transfer files. But there are two modes of file transfer: SCP and SFTP. If you want to use file transfer over SSH you must either
- Use WinSCP and choose file protocol SCP.
- If you want to use real SFTP (i.e. via Total Commander plugin) you need also to follow the OpenSSH guide.
