User Tools

Site Tools


inbox:howto:telnet_enable

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Previous revision
inbox:howto:telnet_enable [2012/10/06 14:16]
inbox:howto:telnet_enable [2017/10/22 18:05] (current)
danitool
Line 1: Line 1:
 +====== Enable telnet login with password ======
 +===== (Without dropbear) =====
 +This is useful if you don't mind **security** and you don't have **enough space or resources** for dropbear in your device.
 +Tested succesfully in OpenWrt Backfire 10.03.2 and LEDE 17.01
 +  - Patch your build tree with this file: \\  **a. OpenWrt Backfire** <code diff>
 +Index: package/​base-files/​files/​bin/​login.sh
 +===================================================================
 +--- a/​package/​base-files/​files/​bin/​login.sh (revision:​ 33603)
 ++++ b/​package/​base-files/​files/​bin/​login.sh (copia de trabajo)
 +@@ -2,15 +2,14 @@
 + # Copyright (C) 2006-2010 OpenWrt.org
 + 
 + if grep -qs '​^root:​[^!]'​ /etc/passwd /etc/shadow && [ -z "​$FAILSAFE"​ ]; then
 +- echo "Login failed."​
 +- exit 0
 ++ echo "​WARNING:​ telnet is a security risk"
 ++ busybox login
 + else
 + cat << EOF
 +  === IMPORTANT ============================
 +   Use '​passwd'​ to set your login password
 +-  this will disable telnet and enable SSH
 ++  this will enable telnet login with password
 +  ------------------------------------------
 + EOF
 ++exec /bin/ash --login
 + fi
 +-
 +-exec /bin/ash --login
  
 +</​code>​ **b. LEDE 17.01** <code diff>​diff --git a/​package/​base-files/​files/​bin/​login.sh b/​package/​base-files/​files/​bin/​login.sh
 +new file mode 100755
 +index 0000000..87eae2d
 +--- /dev/null
 ++++ b/​package/​base-files/​files/​bin/​login.sh
 +@@ -0,0 +1,19 @@
 ++#!/bin/sh
 ++# Copyright (C) 2006-2011 OpenWrt.org
 ++
 ++if ( ! grep -qs '​^root:​[!x]\?:'​ /etc/shadow || \
 ++     ! grep -qs '​^root:​[!x]\?:'​ /etc/passwd ) && \
 ++   [ -z "​$FAILSAFE"​ ]
 ++then
 ++ echo "​WARNING:​ telnet is a security risk"
 ++ busybox login
 ++else
 ++cat << EOF
 ++ === IMPORTANT ============================
 ++  Use '​passwd'​ to set your login password
 ++  this will enable telnet login with password
 ++ ------------------------------------------
 ++EOF
 ++exec /bin/ash --login
 ++fi
 ++
 +diff --git a/​package/​base-files/​files/​lib/​preinit/​99_10_failsafe_login b/​package/​base-files/​files/​lib/​preinit/​99_10_failsafe_login
 +index 3147cdc..3c398dd 100644
 +--- a/​package/​base-files/​files/​lib/​preinit/​99_10_failsafe_login
 ++++ b/​package/​base-files/​files/​lib/​preinit/​99_10_failsafe_login
 +@@ -3,8 +3,7 @@
 + # Copyright (C) 2010 Vertical Communications
 + 
 + ​failsafe_netlogin () {
 +- dropbearkey -t rsa -s 1024 -f /​tmp/​dropbear_failsafe_host_key
 +- dropbear -r /​tmp/​dropbear_failsafe_host_key <> /dev/null 2>&1
 ++ telnetd -l /​bin/​login.sh <> /dev/null 2>&1
 + }
 + 
 + ​failsafe_shell() {
 +diff --git a/​package/​utils/​busybox/​Config-defaults.in b/​package/​utils/​busybox/​Config-defaults.in
 +index 1977e7f..d4446c5 100644
 +--- a/​package/​utils/​busybox/​Config-defaults.in
 ++++ b/​package/​utils/​busybox/​Config-defaults.in
 +@@ -2289,19 +2289,19 @@ config BUSYBOX_DEFAULT_TCPSVD
 + ​ default n
 + ​config BUSYBOX_DEFAULT_TELNET
 +  bool
 +- default n
 ++ default y
 + ​config BUSYBOX_DEFAULT_FEATURE_TELNET_TTYPE
 +  bool
 +- default n
 ++ default y
 + ​config BUSYBOX_DEFAULT_FEATURE_TELNET_AUTOLOGIN
 +  bool
 + ​ default n
 + ​config BUSYBOX_DEFAULT_TELNETD
 +  bool
 +- default n
 ++ default y
 + ​config BUSYBOX_DEFAULT_FEATURE_TELNETD_STANDALONE
 +  bool
 +- default n
 ++ default y
 + ​config BUSYBOX_DEFAULT_FEATURE_TELNETD_INETD_WAIT
 +  bool
 + ​ default n
 +diff --git a/​package/​utils/​busybox/​Makefile b/​package/​utils/​busybox/​Makefile
 +index 40bddd6..2e643f6 100644
 +--- a/​package/​utils/​busybox/​Makefile
 ++++ b/​package/​utils/​busybox/​Makefile
 +@@ -119,6 +119,7 @@ define Package/​busybox/​install
 + ​ $(INSTALL_DIR) $(1)/​etc/​init.d
 + ​ $(CP) $(PKG_INSTALL_DIR)/​* $(1)/
 + ​ $(INSTALL_BIN) ./​files/​cron $(1)/​etc/​init.d/​cron
 ++ $(INSTALL_BIN) ./​files/​telnet $(1)/​etc/​init.d/​telnet
 + ​ $(INSTALL_BIN) ./​files/​sysntpd $(1)/​etc/​init.d/​sysntpd
 + ​ $(INSTALL_BIN) ./​files/​ntpd-hotplug $(1)/​usr/​sbin/​ntpd-hotplug
 +  -rm -rf $(1)/lib64
 +diff --git a/​package/​utils/​busybox/​files/​telnet b/​package/​utils/​busybox/​files/​telnet
 +new file mode 100755
 +index 0000000..a1d1cdf
 +--- /dev/null
 ++++ b/​package/​utils/​busybox/​files/​telnet
 +@@ -0,0 +1,38 @@
 ++#!/bin/sh /​etc/​rc.common
 ++# Copyright (C) 2006-2011 OpenWrt.org
 ++
 ++START=50
 ++
 ++USE_PROCD=1
 ++PROG=/​usr/​sbin/​telnetd
 ++
 ++has_root_pwd() {
 ++ local pwd=$([ -f "​$1"​ ] && cat "​$1"​)
 ++       pwd="​${pwd#​*root:​}"​
 ++       pwd="​${pwd%%:​*}"​
 ++
 ++ test -n "​${pwd#​[\!x]}"​
 ++}
 ++
 ++get_root_home() {
 ++ local homedir=$([ -f "​$1"​ ] && cat "​$1"​)
 ++ homedir="​${homedir#​*:​*:​0:​0:​*:​}"​
 ++
 ++ echo "​${homedir%%:​*}"​
 ++}
 ++
 ++has_ssh_pubkey() {
 ++ ( /​etc/​init.d/​dropbear enabled 2> /dev/null && grep -qs "​^ssh-"​ /​etc/​dropbear/​authorized_keys ) || \
 ++ ( /​etc/​init.d/​sshd enabled 2> /dev/null && grep -qs "​^ssh-"​ "​$(get_root_home /​etc/​passwd)"/​.ssh/​authorized_keys )
 ++}
 ++
 ++start_service() {
 ++ if ( ! has_ssh_pubkey && \
 ++      ! has_root_pwd /etc/passwd && ! has_root_pwd /etc/shadow ) || \
 ++    ( ! /​etc/​init.d/​dropbear enabled 2> /dev/null && ! /​etc/​init.d/​sshd enabled 2> /dev/null );
 ++ then
 ++ procd_open_instance
 ++ procd_set_param command "​$PROG"​ -F -l /​bin/​login.sh
 ++ procd_close_instance
 ++ fi
 ++}
 +</​code>​Copy the above content to a file into the build root with the name: //​telnet_enable.patch//​. And patch your build tree \\ <code bash>​patch -p1 -i telnet_enable.patch</​code>​ Ensure the //​login.sh//​ file has execution permissions <code bash>​chmod +x package/​base-files/​files/​bin/​login.sh</​code>​
 +  - Configure the build tree \\ <code bash>
 +make menuconfig
 +</​code>​ Enable **//​login//​** at Location: <​code>​
 +-> Base system ​
 +   -> busybox
 +     -> Configuration ​
 +        -> Login/​Password Management Utilities
 +</​code>​ <​code>​
 +┌──────────────────────── Login/​Password Management Utilities ────────────────────────┐
 +│ ┌─────────────────────────────────────────────────────────────────────────────────┐ │  ​
 +│ │ [ ] Support for shadow passwords ​                                               │ │  ​
 +│ │ [ ] Use internal password and group functions rather than system functions ​     │ │  ​
 +│ │ [ ] Use internal crypt functions ​                                               │ │  ​
 +│ │ [ ] addgroup ​                                                                   │ │  ​
 +│ │ [ ] delgroup ​                                                                   │ │  ​
 +│ │ [ ] adduser ​                                                                    │ │  ​
 +│ │ [ ] deluser ​                                                                    │ │  ​
 +│ │ [ ] getty                                                                       │ │  ​
 +│ │ [ ]   ​Support utmp file (NEW)                                                   │ │  ​
 +│ │ [ ]   ​Support wtmp file (NEW)                                                   │ │  ​
 +│ │ [*] login                                                                       │ │  ​
 +│ │ [ ]   ​Support for PAM (Pluggable Authentication Modules) (NEW)                  │ │  ​
 +│ │ [ ]   ​Support for login scripts (NEW)                                           │ │  ​
 +│ │ [ ]   ​Support for /​etc/​nologin (NEW)                                            │ │  ​
 +│ │ [ ]   ​Support for /​etc/​securetty (NEW)                                          │ │  ​
 +│ │ [*] passwd ​                                                                     │ │  ​
 +│ │ [ ]   Check new passwords for weakness ​                                         │ │  ​
 +│ │ [ ] cryptpw ​                                                                    │ │  ​
 +│ └─v(+)────────────────────────────────────────────────────────────────────────────┘ │  ​
 +├─────────────────────────────────────────────────────────────────────────────────────┤  ​
 +│                          <​Select> ​   < Exit >    < Help >                           ​│  ​
 +└─────────────────────────────────────────────────────────────────────────────────────┘ ​
 +</​code>​ Disable **//​dropbear//​** at Location: <​code>​ -> Base system
 +</​code>​ <​code>​
 +┌──────────────────────────────────── Base system ────────────────────────────────────┐
 +│ ┌─────────────────────────────────────────────────────────────────────────────────┐ │  ​
 +│ │ <*> base-files................................... Base filesystem for OpenWrt ​  │ │  ​
 +│ │ < > block-hotplug...................... Automount and autocheck block devices ​  │ │  ​
 +│ │ < > br2684ctl.................... ATM Ethernet bridging configuration utility ​  │ │  ​
 +│ │ < > bridge........................... Ethernet bridging configuration utility ​  │ │  ​
 +│ │ <*> busybox................................ Core utilities for embedded Linux  -│ │  ​
 +│ │ < > dnsmasq................................ A lightweight DNS and DHCP server ​  │ │  ​
 +│ │ < > dropbear........................................ Small SSH2 client/​server ​  │ │  ​
 +│ │ < > ead.............................................. Emergency Access Daemon ​  │ │  ​
 +│ │ < > firewall................................................ OpenWrt firewall ​  │ │  ​
 +│ │ <*> hotplug2 ​                                                                   │ │  ​
 +│ │ <*> libc........................................................... C library ​  │ │  ​
 +│ │ <*> libgcc............................................... GCC support library ​  │ │  ​
 +│ │ --- libpthread.......................................... POSIX thread library ​  │ │  ​
 +│ │ --- librt................................ POSIX.1b RealTime extension library ​  │ │  ​
 +│ │ < > libstdcpp.................................... GNU Standard C++ Library v3   │ │  ​
 +│ │ <*> mtd............................... Update utility for trx firmware images ​  │ │  ​
 +│ │ <*> opkg...................................... opkg package management system ​  │ │  ​
 +│ └─v(+)────────────────────────────────────────────────────────────────────────────┘ │  ​
 +├─────────────────────────────────────────────────────────────────────────────────────┤  ​
 +│                          <​Select> ​   < Exit >    < Help >                           ​│  ​
 +└─────────────────────────────────────────────────────────────────────────────────────┘ ​
 +</​code>​
 +  - Now compile OpenWrt <code bash>​make V=s</​code>​
 +  - Flash the built firmware into your device. Set a password with **passwd**. Next time you login via telnet it will prompt your root password.