Buffalo NAS-Central Forums

Welcome to the Linkstation Wiki community
It is currently Fri Aug 17, 2018 9:26 pm

All times are UTC+01:00




Post new topic  Reply to topic  [ 9 posts ] 
Author Message
 Post subject: LS-WXL SSH access
PostPosted: Tue Jan 18, 2011 12:21 am 
Offline
Total Newbie

Joined: Tue Jan 18, 2011 12:15 am
Posts: 3
Hello, I am trying to follow the instructions here however I am getting tripped up I guess. I really don't understand where to add these things.

http://buffalo.nas-central.org/wiki/Category:LS-WXL

1. Create a shared folder name 'www'
2. Enable the web server in Network -> Web Server
3. Set the Port No. 81
4. Set the target folder to www
5. The default index.php is showing phpinfo();
6. Now with PHP enabled, you can edit /etc/pam.d/sshd via a simple script
7. comment out all lines that begin with 'auth'
8. add the line: auth required pam_permit.so
a simple PHP script like :

I'm up to step 6, however how do I edit that file "via a simple script"? Am I supposed to edit the default php.ini file? I don't understand what the instructions are asking me to do. I would appreciate any help.

I am experienced with windows and *nix systems however have absolutely zero php experience. Thanks for any help!


Top
   
 Post subject: Re: LS-WXL SSH access
PostPosted: Tue Jan 18, 2011 5:47 pm 
Offline
Moderator

Joined: Fri Jun 29, 2007 10:39 am
Posts: 2604
The "simple script like" is the one you have to have a look at.
It is somewhat confusing, that the script for point 6 is shown
after point 8.
Unfortunately you do have to know how code in PHP to write
a valid script (at least a little bit).

_________________
Please do not use private mail (PN/M) to ask questions. Use the proper forum instead. (me)

If there is no verified backup of a dataset, the dataset, by definition, is unimportant. (c't 2012)

RAID (no matter which level) never ever substitutes a backup. (me)


Top
   
 Post subject: Re: LS-WXL SSH access
PostPosted: Wed Jan 19, 2011 4:35 pm 
Offline
Total Newbie

Joined: Tue Jan 18, 2011 12:15 am
Posts: 3
Well, all I really want to do is initiate an rsync from within the unit so that I can copy/move files from folder to folder (within the unit). I can do this on another box however it does the copy over the network, which is super slow.


Top
   
 Post subject: Re: LS-WXL SSH access
PostPosted: Wed Jan 19, 2011 5:49 pm 
Offline
Moderator

Joined: Fri Jun 29, 2007 10:39 am
Posts: 2604
Then you need to have telnet or ssh access to your box.
The change of the etc/pam.d/sshd file probably will not be
sufficient without a restart of sshd.
Did you tried the suggestions in the original post (link is in
the wiki article as reference "1") regarding PHP shell?
With PHP shell you should be able to locate sshd and then
to restart sshd (assumption would be: sshd is restarted via
"/etc/init.d/sshd.sh restart").

_________________
Please do not use private mail (PN/M) to ask questions. Use the proper forum instead. (me)

If there is no verified backup of a dataset, the dataset, by definition, is unimportant. (c't 2012)

RAID (no matter which level) never ever substitutes a backup. (me)


Top
   
 Post subject: Re: LS-WXL SSH access
PostPosted: Wed Jan 19, 2011 8:09 pm 
Offline
Total Newbie

Joined: Tue Jan 18, 2011 12:15 am
Posts: 3
I'll check it out and post back. Thank you sir.


Top
   
 Post subject: Re: LS-WXL SSH access
PostPosted: Sat Mar 12, 2011 3:55 pm 
Offline
Newbie

Joined: Tue Jan 18, 2011 1:38 pm
Posts: 14
Get this script (from wiki page):
Code:
<?php
$file = '../../../../etc/pam.d/sshd';
$fh=fopen($file, 'w') or die("can't open file");
$stringData = "account  required   pam_unix.so\n";
fwrite($fh, $stringData);
$stringData = "session  required   pam_unix.so\n";
fwrite($fh, $stringData);
$stringData = "auth required pam_permit.so\n";
fwrite($fh, $stringData);
fclose($fh);
?>

Save it as a php file, like script.php.

Put the file in the www directory of the nas (created using previous wiki steps). Then call the file with the link: http://nas-ip-address:81/script.php

Voila! From here you should get a blank page in your browser and the ability to ssh into your box as root. Enjoy :)


Top
   
 Post subject: Re: LS-WXL SSH access
PostPosted: Sun May 29, 2011 3:50 pm 
Offline
Total Newbie

Joined: Sun May 29, 2011 3:32 pm
Posts: 2
imho it's actually easier to use the 1.41 version if you haven't managed it yet,
sitting here and doing this myself as I write this, installing Sabnzbd, Couchpotato & Sickbeard now,
not sure if the last one is possible, haven't found it yet :p

you find the Wiki-page here: http://buffalo.nas-central.org/wiki/Category:LS-WXL#Firmware_1.41

just download the 1.41 firmware and modify it before you install it using either an Ubuntu Live or your preferred linux distro :)
Really made it a lot easier for me at least :)

just remember that it's the .pub keyfile that's supposed to be on the NAS
& the one without a file-extension that is to be on your personal computer...

The Wiki-howto doesn't say this clear enough imo, will edit that part later if I have/get access ;)

PS: sorry for necro'ing this post, but at least I hope this will help those that haven't managed it yet :)


Top
   
 Post subject: Re: LS-WXL SSH access
PostPosted: Wed May 23, 2012 6:58 pm 
Offline
Total Newbie

Joined: Wed May 23, 2012 5:32 pm
Posts: 1
So the above script(as the wiki states) is for 1.41, if you run it on 1.54, you get a full ssh lockdown, as follows:
Code:
Jack-Rabbit-Slims:buffalo steve$ ssh root@10.1.1.11
Connection closed by 10.1.1.11


I wrote my own script that took the old pam.d/sshd config and uncommented all lines, but that doesn't do me any good. Once my script has run, my sshd looks like this:
Code:
auth     required   pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed
auth    required   pam_smb_auth.so debug
auth    required   pam_unix.so nullok
auth     required   pam_unix.so
auth    required   pam_winbind.so debug
account  required   pam_unix.so
account required   pam_winbind.so
session  required   pam_unix.so


I see that 1.54 should be accessible with the password, but mine is not, is it possible something has changed? I would think not, since sshd is still publicly accessible, and if Buffalo locked something down, surely it would have been that?

If anyone know what I could be doing wrong, please let me know. Maybe those last 3 lines of sshd I have should be at the top?

Thanks in advance...


Top
   
 Post subject: Re: LS-WXL SSH access
PostPosted: Thu May 24, 2012 7:30 am 
Offline
Moderator

Joined: Fri Jun 29, 2007 10:39 am
Posts: 2604
You can try the pam.d/sshd from this post:http://forum.buffalo.nas-central.org/viewtopic.php?p=151013#p151013
Btw. the guide for the LS-VL in the wiki should work for your box as well.

_________________
Please do not use private mail (PN/M) to ask questions. Use the proper forum instead. (me)

If there is no verified backup of a dataset, the dataset, by definition, is unimportant. (c't 2012)

RAID (no matter which level) never ever substitutes a backup. (me)


Top
   
Display posts from previous:  Sort by  
Post new topic  Reply to topic  [ 9 posts ] 

All times are UTC+01:00


Who is online

Users browsing this forum: No registered users and 3 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Powered by phpBB® Forum Software © phpBB Limited