About telnet, ssh, clish, klish in openWrt
It is not required to be authorized to use the connection via Telnet by default. It is enough just to type the following:
$ telnet 192.168.1.100 Trying 192.168.1.100... Connected to 192.168.1.100. Escape character is '^]'. === IMPORTANT ============================ Use 'passwd' to set your login password this will disable telnet and enable SSH ------------------------------------------ BusyBox v1.19.4 (2013-07-08 17:26:11 MSK) built-in shell (ash) Enter 'help' for a list of built-in commands. ----------------------------------------------------- BARRIER BREAKER (Bleeding Edge, r36822) ----------------------------------------------------- * 1/2 oz Galliano Pour all ingredients into * 4 oz cold Coffee an irish coffee mug filled * 1 1/2 oz Dark Rum with crushed ice. Stir. * 2 tsp. Creme de Cacao -----------------------------------------------------
If you want to be authorized in openWrt via telnet, then you need to make changes in the following files:
The file /bin/login.sh should look like this:
#!/bin/sh # Copyright (C) 2006-2011 OpenWrt.org if ( ! grep -qs '^root:[!x]\?:' /etc/shadow || \ ! grep -qs '^root:[!x]\?:' /etc/passwd ) && \ [ -z "$FAILSAFE" ] then echo "authorized access through telnet" busybox login else cat << EOF === IMPORTANT ============================ Use 'passwd' to set your login password ------------------------------------------ EOF exec /bin/ash --login fi
There should be set an option in make menuconfig:
-> Base system -> busybox -> Configuration -> Login/Password Management Utilities [*] login
Using the command adduser we can add a new user to the system:
root@OpenWrt:/# adduser guest
Using the command passwd we can set the password for root and for guest:
root@OpenWrt:/# passwd Changing password for root New password:
After setting a password for root, the start of Telnet will be disabled by starting script etc/init.d/telnet. Therefore the function start can be patched like this:
start() { service_start /usr/sbin/telnetd -l /bin/login.sh }
That's all. After all these operations the authorization via Telnet will look like this:
$ telnet 192.168.1.100 Trying 192.168.1.100... Connected to 192.168.1.100. Escape character is '^]'. authorized access through telnet OpenWrt login:
For access via ssh in openWrt we use dropbear server. The user can be connected via ssh from the console as follows:
$ ssh guest@192.168.1.100 The authenticity of host '192.168.1.100 (192.168.1.100)' can't be established. RSA key fingerprint is 22:bb:9f:3e:47:21:0f:64:7f:57:6b:6c:a1:1b:12:7c. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '192.168.1.100' (RSA) to the list of known hosts. guest@192.168.1.100's password:
Typically, the device access for the guest user needs to be limited by a certain set of commands and the root user gets the unlimited access. Or while root authorization the interpreter /bin/ash is to be run and while guest authorization another shell is to be run.
The utility clish is especially convenient for using as interpreter for the guest user. The clish emulates the CISCO-like command line interface. Special thanks to the man who continued the development of the clish under the title klish.
What should be done to start clish (klish) while guest user authorization via telnet or ssh?
It is nessesary to make changes to the file /etc/passwd for guest user:
guest:x:1000:1000:Linux User,,,:/home/guest:/usr/bin/clish
It is also nessesary to add the utility clish to the list of registered shells in the system. For doing this we should make changes to the file /etc/shells
# cat /etc/shells /bin/ash /usr/bin/clish
Rebooting. As a result, the usual console with the command line will run for the root user and for the guest user clish will run while authorization via telnet or ssh.