Buffalo NAS-Central Forums

Welcome to the Linkstation Wiki community
It is currently Sat Nov 18, 2017 3:58 am

All times are UTC+01:00




Post new topic  Reply to topic  [ 73 posts ]  Go to page Previous 1 2 3 4 5 Next
Author Message
PostPosted: Tue Jan 18, 2011 4:15 pm 
Offline
Total Newbie

Joined: Tue Jan 18, 2011 4:02 pm
Posts: 2
I have got LS-CHL-V2
ATM i have 1.37 firmware runing on it.

I am opening cmd on windows.
When I am pasting there
java -jar C:\Users\Admin\Desktop\acp_commander.jar -t 192.168.80.21 -ip 192.168.80.21 -pw pass123 -c "ls /"
It shows the folders

However in every attempt i get at the end the message
Changing IP: ACP_STATE_PASSWORD_ERROR

Well the next step I am doing is
java -jar C:\Users\Admin\Desktop\acp_commander.jar -t 192.168.80.21 -ip 192.168.80.21 -pw pass123 -c "(echo newrootpass;echo pass123)|passwd"
And I know it changes because I can login with root on webaccess

Then
java -jar C:\Users\Admin\Desktop\acp_commander.jar -t 192.168.80.21 -ip 192.168.80.21 -pw pass123 -c "sed -i 's/UsePAM yes/UsePAM no/g' /etc/sshd_config"

Then
java -jar C:\Users\Admin\Desktop\acp_commander.jar -t 192.168.80.21 -ip 192.168.80.21 -pw pass123 -c "sed -i 's/PermitRootLogin no/PermitRootLogin yes/g' /etc/sshd_config"

And then the last
java -jar C:\Users\Admin\Desktop\acp_commander.jar -t 192.168.80.21 -ip 192.168.80.21 -pw pass123 -c "/etc/init.d/sshd.sh restart"

I am trying to use Putty for the connection. Typing 192.168.80.21 on 22 port

But I am getting the Connection Refused message.

Can you tell me what am I doing wrong?


Top
   
PostPosted: Tue Jan 18, 2011 4:49 pm 
Offline
Moderator

Joined: Mon Apr 26, 2010 10:24 am
Posts: 2691
Administrator for Webinterface and acp_commander.jar = admin

root is only a user for acp_commander.jar! (On Telnet and SSH root is Administrator.)

Use the password for admin with acp_commander.jar


Top
   
PostPosted: Fri Jan 28, 2011 12:43 pm 
Offline
Total Newbie

Joined: Tue Jan 18, 2011 4:02 pm
Posts: 2
Thank you for reply.
but
Are you saying that this line should look like
java -jar C:\Users\Admin\Desktop\acp_commander.jar -t 192.168.80.21 -ip 192.168.80.21 -pw pass123 -c "(echo newrootpass;echo admin)|passwd"

where pass123 is the actual password for webinterference admin account.

thanks


The reason why this is so important for me is that I have veryfast card reader up to 60MBytes/s
And the idea is to attach that reader to buffalo station and upload files from that reader to the hard drive avoiding the network!
If I for instance use my Totalcommander to move files from usbdisk1 to my shared location, files seem to go through my computer which affect the speed of transfer. This is why I want to have SSH so I could use WINSCP to move files straight on the buffalo station.

I think the webaccess is a mistake really ;/


Top
   
PostPosted: Fri Jan 28, 2011 3:30 pm 
Offline
Moderator

Joined: Mon Apr 26, 2010 10:24 am
Posts: 2691
passwd needs 2x the new password for root
->
(echo pass123;echo pass123)

now you an login as root with password pass123

Your line is bad (echo newrootpass;echo admin)


Top
   
PostPosted: Sat Jan 29, 2011 2:32 am 
Offline
Newbie

Joined: Fri Aug 27, 2010 5:41 am
Posts: 6
markjamie wrote:
Hi

I've recently got a Buffalo Linkstation Live 1TB LS-CHLv2 running buffalo f/w v1.37 and would like to enable ssh access. Looking at the main nas-central website, this method for the XHL *should* work on the CHLv2 (stop me here if I'm going wrong!).

I followed the steps in the original post, including the additional step for v1.37 (which my LS-CHLv2 is running), without errors.

Quote:
First you can test if your nas will accept the following comands, just do a "ls /" and see the result. If you see your "/" folders, its ok:
java -jar acp_commander.jar -t 192.168.0.10 -ip 192.168.0.10 -pw adminpasswordhere -c "ls /"

change root password:
java -jar acp_commander.jar -t 192.168.0.10 -ip 192.168.0.10 -pw adminpasswordhere -c "(echo newrootpass;echo newrootpass)|passwd"

allow root to login on ssh - (this is one way to do it, the other way i know is to remove root from /etc/ftpusers)
java -jar acp_commander.jar -t 192.168.0.10 -ip 192.168.0.10 -pw adminpasswordhere -c "sed -i 's/UsePAM yes/UsePAM no/g' /etc/sshd_config"

Only for fw 1.37 - execute this additional command to enable root login on ssh
java -jar acp_commander.jar -t 192.168.0.10 -ip 192.168.0.10 -pw adminpasswordhere -c "sed -i 's/PermitRootLogin no/PermitRootLogin yes/g' /etc/sshd_config"

restart ssh service
java -jar acp_commander -t 192.168.0.10 -ip 192.168.0.10 -pw adminpasswordhere -c "/etc/init.d/sshd.sh restart"


I should state that the "ls /" command works fine and shows me the directories on my NAS, so it must be connecting properly.

Once complete I downloaded PuTTy to ssh into the NAS as I run WinXP, however when I type the NAS ip (192.168.0.10) into the host name box and click open, I get a "Network Error: Connection Refused" error message. Stating the obvious, I'm assuming that my ssh access hasn't worked......?

Can anyone advise on whether the above method should work for the CHLv2, where I'm going wrong, and what I can do to fix this?

I've seen many posts (perhaps not directly related) which use the -o flag with acp_commander. I haven't used this at all - should I have done?

Many thanks in advance

Mark


It seems that your nas firmware doesnt have ssh enabled by default, and maybe other things that i dont know because i dont have this model to test. XHL models have ssh enabled, the procedure above is to change the root password and allow it to login on ssh.


Top
   
PostPosted: Sat Jan 29, 2011 8:32 am 
Offline
Newbie

Joined: Sat Nov 27, 2010 1:11 pm
Posts: 63
tenchinho wrote:
... I get a "Network Error: Connection Refused" error message...

I can only tell you that this error is when there is no ssh running on the specified port.


Top
   
PostPosted: Wed Feb 02, 2011 11:07 pm 
Offline
Newbie

Joined: Thu Feb 18, 2010 12:22 pm
Posts: 19
I can confirm, it works on 1.40 on an LS-WXL!

Thanks for that, just made a batch file for easy use in the future!


Top
   
PostPosted: Fri Feb 11, 2011 12:34 am 
Offline
Newbie

Joined: Fri Jan 28, 2011 2:57 am
Posts: 9
Procedure for FW 1.37 works OK for FW 1.40 also.


Top
   
PostPosted: Fri Mar 11, 2011 10:42 pm 
Offline
Newbie
User avatar

Joined: Thu Feb 24, 2011 9:59 am
Posts: 43
Location: Southampton, UK
tenchinho wrote:
Hi all, my first post here, hope it helps.

Enabling ssh login - Tested in FW 1.34 and 1.37
...

Moderator: Replaced full quote.

Thank you very much for this. VERY easy to follow. I managed to get SSH access on my LS-VL in no time at all after spending half an hour messing around with keys and putty following the dreadful guide on the wiki. I would recommend that this is used to replace it!


Top
   
PostPosted: Sat Mar 12, 2011 8:16 am 
Offline
Moderator

Joined: Fri Jun 29, 2007 10:39 am
Posts: 2604
SANGERA2 wrote:
...
I managed to get SSH access on my LS-VL in no time at all after spending half an hour messing around with keys and putty following the dreadful guide on the wiki. I would recommend that this is used to replace it!

First: Please do not quote complete posts.
Second: Please do not put this onto the wiki.

Only because you failed to use Putty does not mean,
that everybody should rip a hole in his security settings
too.
With the changes in this post, EVERYBODY can connect
to your box as root using ssh, as long as he can access
the IP address of the box.
I would not recommend this, if you plan to connect the
box to the internet.
Maybe you should have spent some more minutes to ask
for help with Putty in this forum, so you could use key
based authorisation?

_________________
Please do not use private mail (PN/M) to ask questions. Use the proper forum instead. (me)

If there is no verified backup of a dataset, the dataset, by definition, is unimportant. (c't 2012)

RAID (no matter which level) never ever substitutes a backup. (me)


Top
   
PostPosted: Sat Mar 12, 2011 9:55 am 
Offline
Newbie
User avatar

Joined: Thu Feb 24, 2011 9:59 am
Posts: 43
Location: Southampton, UK
kenatonline wrote:
First: Please do not quote complete posts.
...
...

I am a home user and I don't have my NAS exposed to the Internet. I also don't have any sensitive data on there. I imagine most people who buy one of these will be the same. Businesses etc would buy one with RAID and all the bells and whistles like AD. As long as there is a decent password set for root then this method should be perfectly satisfactory for the majority of users. Especially as many of them are using this to download and stream illegal torrents. That doesn't seem like something I would like to have forwarded through my router!

I wouldn't edit the wiki myself as I don't feel I have the right! But I do this this should be put up there as an option for those who are not needing as much security.

There are lots of options in the way the keys can be created in Putty and which options should be used are not stated in the wiki here. I read the guide thoroughly on the puttygen site and tried the different combinations in the procedures, but still had no joy. I prefer to try to work things out myself that bug people with questions that are usually answered elsewhere. The guide on the wiki is more of a quick description of what the OP did that a guide that can be followed by everyone as there are several points he is not clear on and seems to assume quite a bit of previous knowledge!


Top
   
PostPosted: Sat Mar 12, 2011 10:59 am 
Offline
Newbie

Joined: Sat Nov 27, 2010 1:11 pm
Posts: 63
My NAS is exposed to the internet and I have keyboad Auth activated, but i changed the port number of ssh from 22 to ??? :).
I know this is still unsecure, but in my logfiles i never saw any attack since I changed the port number.
Before (with port 22 and keyfile auth) I had many, many attempts to login unauthorized.

On another server with sensitive data i have changed the port and use keyfile auth.


Top
   
PostPosted: Sat Mar 12, 2011 12:14 pm 
Offline
Moderator

Joined: Fri Jun 29, 2007 10:39 am
Posts: 2604
SANGERA2 wrote:
I am a home user and I don't have my NAS exposed to the Internet. I also don't have any sensitive data on there. I imagine most people who buy one of these will be the same.

Unfortunately most of the people asking for telnet or ssh access do exactly that,
exposing their box to the internet.

SANGERA2 wrote:
...
As long as there is a decent password set for root then this method should be perfectly satisfactory for the majority of users.
...

That is a fallacy.
If you use password authentication, you expose your box to dictionary attacks.
Then everything depends on the quality of the password and the ordinary user,
especially those who are only able to follow an idiot proofed step by step guide,
are not well known for choosing a "good" quality password.

SANGERA2 wrote:
I wouldn't edit the wiki myself as I don't feel I have the right! But I do this this should be put up there as an option for those who are not needing as much security.

The wiki depends on everyone who might have something to contribute.
You shouldn't think you are not invited to add stuff to the wiki.
I intentionally do not show users "unsecure" ways of opening their box,
but I also do not blame them if they want to do this.
The problem lies in the awareness of the "step-by-step" users for security.
That you do not intentionally expose your box to the internet does not
automatically means that you do not UNintentionally. Some Windows software
drills a hole into the firewall without asking for proper permission by the
user. Combined with an unsecure box, opens the way for hackers.
This does not mean that this happens all day long, but the myriads of hyjacked
PC have to come from somewhere, haven't they?


SANGERA2 wrote:
There are lots of options in the way the keys can be created in Putty and which options should be used are not stated in the wiki here. I read the guide thoroughly on the puttygen site and tried the different combinations in the procedures, but still had no joy. I prefer to try to work things out myself that bug people with questions that are usually answered elsewhere.

That is a nice way to do, but if you then still failed, you shouldn't be shy to ask
for help here.
We won't rip off your head, if you asked something already asked somewhere
else (as long as it shows at least a little bit of effort to do a search beforehand).
;)

SANGERA2 wrote:
The guide on the wiki is more of a quick description of what the OP did that a guide that can be followed by everyone as there are several points he is not clear on and seems to assume quite a bit of previous knowledge!

You are absolutely right (I can make a judgement on this, because I am the original
author of the guide for the VL ;) ).
That is the point where others could step in and make the guide more "idiot
proofed". There already was a user making the guide more robust for others
to follow if they used Puttygen for key creation.

_________________
Please do not use private mail (PN/M) to ask questions. Use the proper forum instead. (me)

If there is no verified backup of a dataset, the dataset, by definition, is unimportant. (c't 2012)

RAID (no matter which level) never ever substitutes a backup. (me)


Top
   
PostPosted: Mon Apr 18, 2011 3:40 am 
Offline
Moderator

Joined: Mon Apr 26, 2010 10:24 am
Posts: 2691
Successfully tested with FW 1.41 on LS-XHL
http://www.buffalotech.com/support/getfile/ls_series-141.zip

Quote:
[Firmware Release Note]
* Ver.1.41 [2011.4.13]
- Add online firmware update feature.
- Support hard drives larger than 2TB capacity.
- Fix an issue that when backup task runs while LinkStation is in the standby mode by Sleep Timer, LinkStation does not go to the standby mode after the backup task completes.
- Fixed an issue that LinkStation does not wake up at designated time set on Sleep Timer when the time zone is set other than Japan.
- Fixed an issue that Direct Copy fails when copying files from a digital camera via PTP mode.
- Fixed an issue that rebuilding RAID10 array may fail.
- Fixed an issue that deleting RAID0 array may fail.
- Fixed an issue that RAID array rebuild may fail when enabling Flickr support.
- Fixed an issue that E16 displays while LinkStation boots up.
- Fixed an issue that the seek bar does not work when playing wma file on Squeezebox.
- Update WebAccess to ver.3.3.
- Fixed an issue that the file download may fail on Internet Explorer.


Top
   
PostPosted: Mon Apr 18, 2011 6:19 am 
Offline
Moderator

Joined: Fri Jun 29, 2007 10:39 am
Posts: 2604
What kernel do Buffalo use with 1.41?
The same as before or a newer one?
I am asking because of the support for
disks > 2TB.

_________________
Please do not use private mail (PN/M) to ask questions. Use the proper forum instead. (me)

If there is no verified backup of a dataset, the dataset, by definition, is unimportant. (c't 2012)

RAID (no matter which level) never ever substitutes a backup. (me)


Top
   
Display posts from previous:  Sort by  
Post new topic  Reply to topic  [ 73 posts ]  Go to page Previous 1 2 3 4 5 Next

All times are UTC+01:00


Who is online

Users browsing this forum: No registered users and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Powered by phpBB® Forum Software © phpBB Limited