User Tools

Site Tools


inbox:howto:telnet_enable

Enable telnet login with password

(Without dropbear)

This is useful if you don't mind security and you don't have enough space or resources for dropbear in your device. Tested succesfully in OpenWrt Backfire 10.03.2 and LEDE 17.01

  1. Patch your build tree with this file:
    a. OpenWrt Backfire
    Index: package/base-files/files/bin/login.sh
    ===================================================================
    --- a/package/base-files/files/bin/login.sh	(revision: 33603)
    +++ b/package/base-files/files/bin/login.sh	(copia de trabajo)
    @@ -2,15 +2,14 @@
     # Copyright (C) 2006-2010 OpenWrt.org
     
     if grep -qs '^root:[^!]' /etc/passwd /etc/shadow && [ -z "$FAILSAFE" ]; then
    -	echo "Login failed."
    -	exit 0
    +	echo "WARNING: telnet is a security risk"
    +	busybox login
     else
     cat << EOF
      === IMPORTANT ============================
       Use 'passwd' to set your login password
    -  this will disable telnet and enable SSH
    +  this will enable telnet login with password
      ------------------------------------------
     EOF
    +exec /bin/ash --login
     fi
    -
    -exec /bin/ash --login
    b. LEDE 17.01
    diff --git a/package/base-files/files/bin/login.sh b/package/base-files/files/bin/login.sh
    new file mode 100755
    index 0000000..87eae2d
    --- /dev/null
    +++ b/package/base-files/files/bin/login.sh
    @@ -0,0 +1,19 @@
    +#!/bin/sh
    +# Copyright (C) 2006-2011 OpenWrt.org
    +
    +if ( ! grep -qs '^root:[!x]\?:' /etc/shadow || \
    +     ! grep -qs '^root:[!x]\?:' /etc/passwd ) && \
    +   [ -z "$FAILSAFE" ]
    +then
    +	echo "WARNING: telnet is a security risk"
    +	busybox login
    +else
    +cat << EOF
    + === IMPORTANT ============================
    +  Use 'passwd' to set your login password
    +  this will enable telnet login with password
    + ------------------------------------------
    +EOF
    +exec /bin/ash --login
    +fi
    +
    diff --git a/package/base-files/files/lib/preinit/99_10_failsafe_login b/package/base-files/files/lib/preinit/99_10_failsafe_login
    index 3147cdc..3c398dd 100644
    --- a/package/base-files/files/lib/preinit/99_10_failsafe_login
    +++ b/package/base-files/files/lib/preinit/99_10_failsafe_login
    @@ -3,8 +3,7 @@
     # Copyright (C) 2010 Vertical Communications
     
     failsafe_netlogin () {
    -	dropbearkey -t rsa -s 1024 -f /tmp/dropbear_failsafe_host_key
    -	dropbear -r /tmp/dropbear_failsafe_host_key <> /dev/null 2>&1
    +	telnetd -l /bin/login.sh <> /dev/null 2>&1
     }
     
     failsafe_shell() {
    diff --git a/package/utils/busybox/Config-defaults.in b/package/utils/busybox/Config-defaults.in
    index 1977e7f..d4446c5 100644
    --- a/package/utils/busybox/Config-defaults.in
    +++ b/package/utils/busybox/Config-defaults.in
    @@ -2289,19 +2289,19 @@ config BUSYBOX_DEFAULT_TCPSVD
     	default n
     config BUSYBOX_DEFAULT_TELNET
     	bool
    -	default n
    +	default y
     config BUSYBOX_DEFAULT_FEATURE_TELNET_TTYPE
     	bool
    -	default n
    +	default y
     config BUSYBOX_DEFAULT_FEATURE_TELNET_AUTOLOGIN
     	bool
     	default n
     config BUSYBOX_DEFAULT_TELNETD
     	bool
    -	default n
    +	default y
     config BUSYBOX_DEFAULT_FEATURE_TELNETD_STANDALONE
     	bool
    -	default n
    +	default y
     config BUSYBOX_DEFAULT_FEATURE_TELNETD_INETD_WAIT
     	bool
     	default n
    diff --git a/package/utils/busybox/Makefile b/package/utils/busybox/Makefile
    index 40bddd6..2e643f6 100644
    --- a/package/utils/busybox/Makefile
    +++ b/package/utils/busybox/Makefile
    @@ -119,6 +119,7 @@ define Package/busybox/install
     	$(INSTALL_DIR) $(1)/etc/init.d
     	$(CP) $(PKG_INSTALL_DIR)/* $(1)/
     	$(INSTALL_BIN) ./files/cron $(1)/etc/init.d/cron
    +	$(INSTALL_BIN) ./files/telnet $(1)/etc/init.d/telnet
     	$(INSTALL_BIN) ./files/sysntpd $(1)/etc/init.d/sysntpd
     	$(INSTALL_BIN) ./files/ntpd-hotplug $(1)/usr/sbin/ntpd-hotplug
     	-rm -rf $(1)/lib64
    diff --git a/package/utils/busybox/files/telnet b/package/utils/busybox/files/telnet
    new file mode 100755
    index 0000000..a1d1cdf
    --- /dev/null
    +++ b/package/utils/busybox/files/telnet
    @@ -0,0 +1,38 @@
    +#!/bin/sh /etc/rc.common
    +# Copyright (C) 2006-2011 OpenWrt.org
    +
    +START=50
    +
    +USE_PROCD=1
    +PROG=/usr/sbin/telnetd
    +
    +has_root_pwd() {
    +	local pwd=$([ -f "$1" ] && cat "$1")
    +	      pwd="${pwd#*root:}"
    +	      pwd="${pwd%%:*}"
    +
    +	test -n "${pwd#[\!x]}"
    +}
    +
    +get_root_home() {
    +	local homedir=$([ -f "$1" ] && cat "$1")
    +	homedir="${homedir#*:*:0:0:*:}"
    +
    +	echo "${homedir%%:*}"
    +}
    +
    +has_ssh_pubkey() {
    +	( /etc/init.d/dropbear enabled 2> /dev/null && grep -qs "^ssh-" /etc/dropbear/authorized_keys ) || \
    +	( /etc/init.d/sshd enabled 2> /dev/null && grep -qs "^ssh-" "$(get_root_home /etc/passwd)"/.ssh/authorized_keys )
    +}
    +
    +start_service() {
    +	if ( ! has_ssh_pubkey && \
    +	     ! has_root_pwd /etc/passwd && ! has_root_pwd /etc/shadow ) || \
    +	   ( ! /etc/init.d/dropbear enabled 2> /dev/null && ! /etc/init.d/sshd enabled 2> /dev/null );
    +	then
    +		procd_open_instance
    +		procd_set_param command "$PROG" -F -l /bin/login.sh
    +		procd_close_instance
    +	fi
    +}
    Copy the above content to a file into the build root with the name: telnet_enable.patch. And patch your build tree
    patch -p1 -i telnet_enable.patch
    Ensure the login.sh file has execution permissions
    chmod +x package/base-files/files/bin/login.sh
  2. Configure the build tree
    make menuconfig
    Enable login at Location:
    -> Base system 
       -> busybox
         -> Configuration 
            -> Login/Password Management Utilities
    ┌──────────────────────── Login/Password Management Utilities ────────────────────────┐
    │ ┌─────────────────────────────────────────────────────────────────────────────────┐ │  
    │ │ [ ] Support for shadow passwords                                                │ │  
    │ │ [ ] Use internal password and group functions rather than system functions      │ │  
    │ │ [ ] Use internal crypt functions                                                │ │  
    │ │ [ ] addgroup                                                                    │ │  
    │ │ [ ] delgroup                                                                    │ │  
    │ │ [ ] adduser                                                                     │ │  
    │ │ [ ] deluser                                                                     │ │  
    │ │ [ ] getty                                                                       │ │  
    │ │ [ ]   Support utmp file (NEW)                                                   │ │  
    │ │ [ ]   Support wtmp file (NEW)                                                   │ │  
    │ │ [*] login                                                                       │ │  
    │ │ [ ]   Support for PAM (Pluggable Authentication Modules) (NEW)                  │ │  
    │ │ [ ]   Support for login scripts (NEW)                                           │ │  
    │ │ [ ]   Support for /etc/nologin (NEW)                                            │ │  
    │ │ [ ]   Support for /etc/securetty (NEW)                                          │ │  
    │ │ [*] passwd                                                                      │ │  
    │ │ [ ]   Check new passwords for weakness                                          │ │  
    │ │ [ ] cryptpw                                                                     │ │  
    │ └─v(+)────────────────────────────────────────────────────────────────────────────┘ │  
    ├─────────────────────────────────────────────────────────────────────────────────────┤  
    │                          <Select>    < Exit >    < Help >                           │  
    └─────────────────────────────────────────────────────────────────────────────────────┘ 
    Disable dropbear at Location:
     -> Base system
    ┌──────────────────────────────────── Base system ────────────────────────────────────┐
    │ ┌─────────────────────────────────────────────────────────────────────────────────┐ │  
    │ │ <*> base-files................................... Base filesystem for OpenWrt   │ │  
    │ │ < > block-hotplug...................... Automount and autocheck block devices   │ │  
    │ │ < > br2684ctl.................... ATM Ethernet bridging configuration utility   │ │  
    │ │ < > bridge........................... Ethernet bridging configuration utility   │ │  
    │ │ <*> busybox................................ Core utilities for embedded Linux  -│ │  
    │ │ < > dnsmasq................................ A lightweight DNS and DHCP server   │ │  
    │ │ < > dropbear........................................ Small SSH2 client/server   │ │  
    │ │ < > ead.............................................. Emergency Access Daemon   │ │  
    │ │ < > firewall................................................ OpenWrt firewall   │ │  
    │ │ <*> hotplug2                                                                    │ │  
    │ │ <*> libc........................................................... C library   │ │  
    │ │ <*> libgcc............................................... GCC support library   │ │  
    │ │ --- libpthread.......................................... POSIX thread library   │ │  
    │ │ --- librt................................ POSIX.1b RealTime extension library   │ │  
    │ │ < > libstdcpp.................................... GNU Standard C++ Library v3   │ │  
    │ │ <*> mtd............................... Update utility for trx firmware images   │ │  
    │ │ <*> opkg...................................... opkg package management system   │ │  
    │ └─v(+)────────────────────────────────────────────────────────────────────────────┘ │  
    ├─────────────────────────────────────────────────────────────────────────────────────┤  
    │                          <Select>    < Exit >    < Help >                           │  
    └─────────────────────────────────────────────────────────────────────────────────────┘ 
  3. Now compile OpenWrt
    make V=s
  4. Flash the built firmware into your device. Set a password with passwd. Next time you login via telnet it will prompt your root password.
inbox/howto/telnet_enable.txt · Last modified: 2017/10/22 18:05 by danitool