Buffalo NAS-Central Forums

Welcome to the Linkstation Wiki community
It is currently Fri Jul 28, 2017 11:45 am

All times are UTC+01:00




Post new topic  Reply to topic  [ 18 posts ]  Go to page 1 2 Next
Author Message
 Post subject: Root access on LS210D?
PostPosted: Fri Aug 22, 2014 5:59 pm 
Offline
Total Newbie

Joined: Fri Aug 22, 2014 5:55 pm
Posts: 2
Hi,
can anyone tell me the procedure to get root access to my new LS210D NAS? I couldn't find anything on internet about it. Thank you


Top
   
PostPosted: Fri Aug 22, 2014 7:09 pm 
Offline
Total Newbie

Joined: Thu Aug 21, 2014 9:04 pm
Posts: 4
Try the gui version of the ACP_Commander program. You can find it here http://advanxer.com/blog/2013/02/buffal ... ander-gui/

It even has a "Reset Root PW" button on it. If it works, let me know. I'm having problems getting it to work with my TS Pro2. I think it is because of the firmware.


Top
   
PostPosted: Fri Aug 22, 2014 7:42 pm 
Offline
Total Newbie

Joined: Fri Aug 22, 2014 5:55 pm
Posts: 2
Just tried it - the root password reset works, however the enable ssh doesn't. And some commands do not work from the ACP commander prompt - like cd . Will keep on experimenting and will write here about the outcome. Thank you !


Top
   
PostPosted: Fri Aug 22, 2014 8:16 pm 
Offline
Total Newbie

Joined: Thu Aug 21, 2014 9:04 pm
Posts: 4
What version of the LS firmware are you using?


Top
   
PostPosted: Wed Aug 27, 2014 4:39 am 
Offline
Newbie

Joined: Sat Sep 17, 2011 4:34 pm
Posts: 14
vvvasilev wrote:
Just tried it - the root password reset works, however the enable ssh doesn't. And some commands do not work from the ACP commander prompt - like cd . Will keep on experimenting and will write here about the outcome. Thank you !


It should be the same as LS400 series mentioned in this forum already, you need to comment out the check for SUPPORT_SFTP in etc/init.d/sshd.sh as well.

_________________
LS421
LS-WXL


Top
   
PostPosted: Wed Nov 26, 2014 8:18 pm 
Offline
Total Newbie

Joined: Wed Nov 26, 2014 7:50 pm
Posts: 1
To grant acces to root and up sshd service do next (tested on firmware 1.43):

With acp commander and i guest that your ip s 192.168.0.10 do next
1.- java -jar acp_commander.jar -t 192.168.0.10 -ip 192.168.0.10 -pw Password -c "(echo newrootpass;echo newrootpass)|passwd"
2.- java -jar acp_commander.jar -t 192.168.0.10 -ip 192.168.0.10 -pw Password -c "sed -i 's/SUPPORT_SFTP=0/SUPPORT_SFTP=1/g' /etc/nas_feature" or java -jar acp_commander.jar -t 192.168.0.10 -ip 192.168.0.10 -pw Password -c "sed -i 's/SFTP=0/SFTP=1/g' /etc/nas_feature"
3.- java -jar acp_commander.jar -t 192.168.0.10 -ip 192.168.0.10 -pw Password -c "sed -i 's/PermitRootLogin no/PermitRootLogin yes' /etc/sshd_config"
4.- Review with java -jar acp_commander.jar -t 192.168.0.10 -ip 192.168.0.10 -pw Password -c "cat /etc/sshd_config" if the line PermitRootLogin is commented. If it's is then
java -jar acp_commander.jar -t 192.168.0.10 -ip 192.168.0.10 -pw Password -c "sed -i 's/#PermitRootLogin/PermitRootLogin/g' /etc/sshd_config" or java -jar acp_commander.jar -t 192.168.0.10 -ip 192.168.0.10 -pw Password -c "sed -i 's/#PermitRootLogin no/PermitRootLogin yes' /etc/sshd_config"
5.- java -jar acp_commander.jar -t 192.168.0.10 -ip 192.168.0.10 -pw Password -c "/etc/init.d/sshd.sh restart"

Remember "Password" is your nas admin password

After this.. you can access via ssh to your nas with root user.

p.d. After reboot of your nas (power off & power on), the ssh service is lost. i don't know why this happen, but only do this step:

1.- java -jar acp_commander.jar -t 192.168.0.10 -ip 192.168.0.10 -pw Password -c "sed -i 's/SUPPORT_SFTP=0/SUPPORT_SFTP=1/g' /etc/nas_feature" or java -jar acp_commander.jar -t 192.168.0.10 -ip 192.168.0.10 -pw Password -c "sed -i 's/SFTP=0/SFTP=1/g' /etc/nas_feature"
2.- java -jar acp_commander.jar -t 192.168.0.10 -ip 192.168.0.10 -pw Password -c "/etc/init.d/sshd.sh restart"


Top
   
PostPosted: Mon Dec 15, 2014 1:46 pm 
Offline
Total Newbie

Joined: Mon Dec 15, 2014 1:38 pm
Posts: 1
Guys,

As I was having the same problem, I used the excellent sequence of commands from jpflores, but was not working, (i'm using 1.61 firmware) and I understood why, a command is missing... so for me works doing this:

With acp commander and i guest that your ip s 192.168.0.10 do next
1.- java -jar acp_commander.jar -t 192.168.0.10 -ip 192.168.0.10 -pw Password -c "(echo newrootpass;echo newrootpass)|passwd"

new step:
java -jar acp_commander.jar -t 192.168.0.10 -o -addons

(this command install SSH package when you don´t have one pre-installed(in my case)

2.- java -jar acp_commander.jar -t 192.168.0.10 -ip 192.168.0.10 -pw Password -c "sed -i 's/SUPPORT_SFTP=0/SUPPORT_SFTP=1/g' /etc/nas_feature" or java -jar acp_commander.jar -t 192.168.0.10 -ip 192.168.0.10 -pw Password -c "sed -i 's/SFTP=0/SFTP=1/g' /etc/nas_feature"

3.- java -jar acp_commander.jar -t 192.168.0.10 -ip 192.168.0.10 -pw Password -c "sed -i 's/PermitRootLogin no/PermitRootLogin yes' /etc/sshd_config"

4.- Review with java -jar acp_commander.jar -t 192.168.0.10 -ip 192.168.0.10 -pw Password -c "cat /etc/sshd_config" if the line PermitRootLogin is commented. If it's is then
java -jar acp_commander.jar -t 192.168.0.10 -ip 192.168.0.10 -pw Password -c "sed -i 's/#PermitRootLogin/PermitRootLogin/g' /etc/sshd_config" or java -jar acp_commander.jar -t 192.168.0.10 -ip 192.168.0.10 -pw Password -c "sed -i 's/#PermitRootLogin no/PermitRootLogin yes' /etc/sshd_config"

5.- java -jar acp_commander.jar -t 192.168.0.10 -ip 192.168.0.10 -pw Password -c "/etc/init.d/sshd.sh restart"

Remember "Password" is your nas admin password

Thanks jpflores, for the code!!! :up:


Top
   
PostPosted: Wed Feb 04, 2015 3:36 am 
Offline
Total Newbie

Joined: Tue May 24, 2011 1:39 pm
Posts: 2
Hey guys - I'm trying to get root/ssh access to my LS 210D running firmware 1.62. I tried all the ACP Commander commands but still can't get SSH to work. Do you guys have any idea what extra commands/steps I might need to take to get SSH enabled?


Top
   
PostPosted: Sun Mar 01, 2015 6:58 am 
Offline
Total Newbie

Joined: Sun Mar 01, 2015 4:41 am
Posts: 1
(My first post, please point out breaches of etiquette and style, no offense will be taken. TIA)

First, thanks for the information in the previous posts! With this info and some tweaking, I can now successfully ssh into my LS210!

I have a recently purchased LS210D (1 disk) with firmware upgraded from the LS210 unit itself this week to 1.62. I am working from an Ubuntu 14.10 system, although I don't think that matters here.

I'm using the acp_commander.jar from here: http://downloads.buffalo.nas-central.or ... mander.jar

A few general notes -
1) the 192.168.0.10 in the commands below should be adjusted to match the IP# of your LS210D unit
2) the "Password" string following the "-pw" flag should be your admin passowrd for the LS210D...similarly "newrootpass" is the password you want to use for root
3) all of the acp_commander commands output the message "Changeing IP: ACP_STATE_PASSWORD_ERROR" but that didn't seem to cause any problems...I assume this comes from the use of the "-ip" option, but taking that off the command lines seemed to prevent successful command execution, so I left it in and ignored that error message
4) sometimes I had to run an acp_commander command several times. Not sure why that is, because I have no idea how the program works at this point. But if something below doesn't result in the expected outcome, try the acp_commander command again.

The first problem I ran into was getting telnet to work. This is supposed to work after running acp_commander with the -o option. I think it did not work for me because the telnetd daemon program is not exposed on the LS210D system (no /usr/sbin/telnetd). But thanks to BusyBox (http://en.wikipedia.org/wiki/BusyBox), you can run it like this:
Code:
java -jar acp_commander.jar -t 192.168.0.10 -ip 192.168.0.10 -pw Password -c "/bin/busybox telnetd &"


Don't forget the ampersand at the end of the command so it will continue to run in the background when the acp command completes.

I used this command to verify the telnetd process was running:
Code:
java -jar acp_commander.jar -t 192.168.0.10 -ip 192.168.0.10 -pw Password -c "ps | grep telnetd"

(This is the output I see from the command when I run it. The interesting section is the command output in the middle.)

Code:
ACP_commander out of the nas-central.org (linkstationwiki.net) project.
Used to send ACP-commands to Buffalo linkstation(R) LS-PRO.

WARNING: This is experimental software that might brick your linkstation!

Using random connID value = ACE33B77993F
Using target:   192.168.0.10
Starting authentication procedure...
Sending Discover packet...   
Found:   LS210DE8C-A (/192.168.0.10)    LS210D(ICHIJO) (ID=00029)    mac: CC:E1:D5:A6:0E:8C   Firmware=  1.620   Key=4D6CDB59
Trying to authenticate EnOneCmd...   ACP_STATE_OK
Trying to authenticate with admin password...   ACP_STATE_OK
>ps | grep telnetd
19568 root     sh -c ps | grep telnetd
19570 root     grep telnetd

Changeing IP:   ACP_STATE_PASSWORD_ERROR
Please note, that the current support for the change of the IP is currently very rudimentary.
The IP has been set to the given, fixed IP, however DNS and gateway have not been set. Use the WebGUI to make appropriate settings.


At this point I was able to telnet in LS210 with my admin login from the LS210. Not root yet, but progress.

The next thing that didn't work for me was the modifications of the /etc/nas_feature and /etc/sshd_config files. The use of sed through acp_commander just didn't work for me, I have no idea why. The work around is pretty cheesy, but worked for me. I enabled write access on the files to world, and then telnet-ted into the LS210 and vi-ed them with my admin account.

Code:
java -jar acp_commander.jar -t 192.168.0.10 -ip 192.168.0.10 -pw Password -c "chmod o+w /etc/nas_feature /etc/sshd_config"
java -jar acp_commander.jar -t 192.168.0.10 -ip 192.168.0.10 -pw Password -c "ls -l     /etc/nas_feature /etc/sshd_config"
...
>ls -l /etc/nas_feature /etc/sshd_config
-rw-r--rw-    1 root     root          3527 Feb 28 18:54 /etc/nas_feature
-rw-r--rw-    1 root     root          3346 Feb 28 17:42 /etc/sshd_config
...


Now I can telnet to my LS210 and use vi to edit the /etc/nas_feature file (change SUPPORT_SFTP=0 to SUPPORT_SFTP=1). And the /etc/sshd_conf file (Uncomment the line containing PermitRootLogin yes). (Here's a link to a vi quick intro if you want it: http://www.washington.edu/computing/unix/vi.html)

After you've gotten these files modified, don't forget to set the permissions back on the files!
Code:
java -jar acp_commander.jar -t 192.168.0.10 -ip 192.168.0.10 -pw Password -c "chmod o-w /etc/nas_feature /etc/sshd_config"
java -jar acp_commander.jar -t 192.168.0.10 -ip 192.168.0.10 -pw Password -c "ls -l     /etc/nas_feature /etc/sshd_config"
...
>ls -l /etc/nas_feature /etc/sshd_config
-rw-r--r--    1 root     root          3527 Feb 28 18:54 /etc/nas_feature
-rw-r--r--    1 root     root          3346 Feb 28 17:42 /etc/sshd_config
...


Now I could start the ssh daemon.

Code:
java -jar acp_commander.jar -t 192.168.0.10 -ip 192.168.0.10 -pw Password -c "/etc/init.d/sshd.sh restart"
...
>/etc/init.d/sshd.sh restart
load_info ItemValue = off
LoadConfFileStringEx:key=[ad_dns] not found in /etc/melco/info.
LoadConfFileOnOffEx:key=[info_visible] not found in /etc/melco/info.
file:/etc/sftponly_config
userinfo finished
groupname guest
groupname admin
groupname hdusers
file:/etc/pam.d/sshd
...
java -jar acp_commander.jar -t 192.168.0.10 -ip 192.168.0.10 -pw Password -c "ps | grep sshd"
...
>ps | grep sshd
23031 root     /usr/sbin/sshd
23069 root     sh -c ps | grep sshd
23071 root     grep sshd
...


Now I should have been able to login as root with ssh. But, one last hurdle, resetting the root password was causing me some trouble. I'm not sure if the passwd command on my LS210 is somehow different, but I think it was prompting for the existing root password before accepting the new root password, and confirmation. So I got around this by temporarily making the root login have no password.

Here are the commands I ran, with explanation following the code.
Code:
java -jar acp_commander.jar -t 192.168.0.10 -ip 192.168.0.10 -pw Password -c "passwd -S root"
...
>passwd -S root
root P 12/31/1969 -1 -1 -1 -1
...
java -jar acp_commander.jar -t 192.168.0.10 -ip 192.168.0.10 -pw Password -c "passwd -d root"
...
>passwd -d root
passwd: password expiry information changed.
...
java -jar acp_commander.jar -t 192.168.0.10 -ip 192.168.0.10 -pw Password -c "passwd -S root"
...
>passwd -S root
root NP 03/01/2015 -1 -1 -1 -1
...
java -jar acp_commander.jar -t 192.168.0.10 -ip 192.168.0.10 -pw Password -c "(echo newrootpass;echo newrootpass)|passwd"
...
>(echo newrootpass;echo newrootpass)|passwd
OK (ACP_STATE_OK)
...
java -jar acp_commander.jar -t 192.168.0.10 -ip 192.168.0.10 -pw Password -c "passwd -S root"
...
>passwd -S root
root P 03/01/2015 -1 -1 -1 -1
...

The passwd -S command shows the status of the password on the account. I used it to verify I was getting changes on each step. The passwd -d command is what removes the password from root (scary, yes - but only until the next command runs to reassign the password).

Finally, it all came together:

Code:
$ ssh root@192.168.0.10
root@192.168.0.10's password: *****
[root@LS210DE8C-A ~]#


Top
   
PostPosted: Sun Mar 01, 2015 8:43 am 
Offline
Moderator

Joined: Mon Apr 26, 2010 10:24 am
Posts: 2676
On LS420 and LS421 is no expiration active

Code:
[root@LS420D ~]# chage -l root
Last password change                                    : Mar 01, 2015
Password expires                                        : never
Password inactive                                       : never
Account expires                                         : never
Minimum number of days between password change          : -1
Maximum number of days between password change          : -1
Number of days of warning before password expires       : -1


but on every reboot the password will be set to a unnown

I set my password every 5 min and cleanup the messages file

Code:
echo "(echo newrootpass;echo newrootpass )|passwd >/dev/null 2>&1" >/mnt/password.sh

echo "sed -i /'pam_unix(passwd:chauthtok)'/d /var/log/messages" >>/mnt/password.sh

echo "sed -i /'pam_unix(cron:session)'/d /var/log/messages" >>/mnt/password.sh

chmod 755 /mnt/password.sh

crontab -l >/tmp/crontab.backup

echo "*/5 * * * * /mnt/password.sh" >>/tmp/crontab.backup

crontab /tmp/crontab.backup

rm /tmp/crontab.backup


from
http://forum.nas-hilfe.de/buffalo-technology-nas-anleitungen/ls420-serie-root-kennwort-wird-von-buffalo-ueberschrieben-t2232.html


Top
   
PostPosted: Mon Aug 24, 2015 4:05 pm 
Offline
Total Newbie

Joined: Mon Aug 24, 2015 3:21 pm
Posts: 1
Thanks for the great tips so far. I'm working my way through them but have run into a couple of issues. It was nice to see openbsd on the nas, so I feel at home, but obviously it's heavily modded for use in the nas.

1. Running the commander utility on my nas does not seem to accept the 'addons' option. I get an error message that the addons.tar file was not found after it was downloaded. I tried to ls the directories, and couldn't find the one that should have been created by the commander utility.

2. My inet.conf has sshd disabled, and I cannot find an ssh binary anywhere on the box, either in the bin, sbin, user/bin, user/sbin or as an alias from busybox.

I guess my next task would be to try to manually create the path needed for the addons.tar file, then try that part again. I just ran out of time before work this morning.

Any other suggestions? Do I need to get telnet working before ssh? Is there any reason not to just use telnet if I cannot get ssh working, other than it is less secure than ssh?


Top
   
PostPosted: Tue Oct 06, 2015 9:53 pm 
Offline
Total Newbie

Joined: Tue Oct 06, 2015 9:51 pm
Posts: 1
oxygen8 wrote:
On LS420 and LS421 is no expiration active

Code:
[root@LS420D ~]# chage -l root
Last password change                                    : Mar 01, 2015
Password expires                                        : never
Password inactive                                       : never
Account expires                                         : never
Minimum number of days between password change          : -1
Maximum number of days between password change          : -1
Number of days of warning before password expires       : -1


but on every reboot the password will be set to a unnown

I set my password every 5 min and cleanup the messages file

Code:
echo "(echo newrootpass;echo newrootpass )|passwd >/dev/null 2>&1" >/mnt/password.sh

echo "sed -i /'pam_unix(passwd:chauthtok)'/d /var/log/messages" >>/mnt/password.sh

echo "sed -i /'pam_unix(cron:session)'/d /var/log/messages" >>/mnt/password.sh

chmod 755 /mnt/password.sh

crontab -l >/tmp/crontab.backup

echo "*/5 * * * * /mnt/password.sh" >>/tmp/crontab.backup

crontab /tmp/crontab.backup

rm /tmp/crontab.backup


from
http://forum.nas-hilfe.de/buffalo-technology-nas-anleitungen/ls420-serie-root-kennwort-wird-von-buffalo-ueberschrieben-t2232.html


Can you please explain how this works? Is it a script that runs on the NAS?


Top
   
PostPosted: Wed Oct 07, 2015 12:55 pm 
Offline
Moderator

Joined: Mon Apr 26, 2010 10:24 am
Posts: 2676
Yes
but this ar all comands to create and activate the script.
the real script is

/mnt/password.sh

Code:
echo newrootpass;echo newrootpass )|passwd >/dev/null 2>&1
sed -i /'pam_unix(passwd:chauthtok)'/d /var/log/messages
sed -i /'pam_unix(cron:session)'/d /var/log/messages



Quote:
(echo newrootpass;echo newrootpass )|passwd >/dev/null 2>&1

sets the password

Quote:
sed -i /'pam_unix(passwd:chauthtok)'/d /var/log/messages
sed -i /'pam_unix(cron:session)'/d /var/log/messages

cleans up the log


Top
   
PostPosted: Mon Dec 28, 2015 12:23 pm 
Offline
Newbie
User avatar

Joined: Sun Aug 27, 2006 9:36 am
Posts: 15
Location: United Kingdom (Great Britain)
Thanks onyxgen8 for this, it got me on the right path to getting my LS210D root'd and getting SSH access.

Just wanted to add my own part to this, to help people get root at boot-time without needing the cron script to keep writing the root password.
In reality it is just at boot-time that the tricky part comes in, so what I did was modify /etc/init.d/sshd.sh to include the password reset for root, and to force enable SFTP, so edit /etc/init.d/sshd.sh and just below the shebang line (#!/bin/sh) put in:

Code:
sed -i 's/SUPPORT_SFTP=0/SUPPORT_SFTP=1/g' /etc/nas_feature
(echo myrootpassword;echo myrootpassword )|passwd root


Make sure that goes in above the /etc/nas_feature line, as at boot-time /etc/init.d/rcS gets called by inittab, and the sshd.sh script is already in there so it'll be called at system boot.

As an extra security check, I've also added it to the daemon watch system built-in to the Linkstation, if you edit /etc/daemonwatch.list you can add in applications that the built-in watcher will check, so by adding a line like this:

Code:
/var/run/sshd.pid      /var/run/active_sshd      30   /etc/init.d/sshd.sh restart


NOTE: To make the above work you do need to add a couple of extra lines into the /etc/init.d/sshd.sh script to ensure the file /var/run/active_sshd is created, you do that as follows to the /etc/init.d/sshd.sh script:

Code:
line78 add:
touch /var/run/active_sshd

line 82 add:
rm -f /var/run/active_sshd


Next boot (or stop and restart the daemonwatch process) it'll watch sshd and restart it if needed. The added bonus is when it restarts it'll re-force your root password just to be sure.

Hope this helps people out too, I'm now onto trying to get kernel compilation for nfsd working...

_________________
Andy Brown
Linux / Network Engineer for UK ISP

Buffalo LS210D 3Tb running 1.63-0.04 Marvell PJ4Bv7 @795.44 BogoMIPS
- telnet enabled
- SSHD enabled
- root'd

OLD: LS2 version 2.05 MIPS (399.76 bogomips)
- Dual IDE HDD's (original 160Gb and additional 200Gb)
- SNMPD and NFS exports


Top
   
PostPosted: Thu Aug 11, 2016 7:33 am 
Offline
Newbie

Joined: Mon Apr 02, 2012 3:56 am
Posts: 15
Ok - so the date is now August 11, 2016. Things have changed.

1. ACP Commander in GUI mode will kill your NAS if you try to activate ssh - it will never recover - ACP commander will never see the NAS again and you will not even see the NAS in the NAS Navigator - it will be gone - do not run the automated fix
2. The /etc/sshd_config can be used without modifications - Passwords are turend on, Root login is enabled
3. The SSH host keys are missing on the NAS - which is why /usr/sbin/sshd refuses to start
4. The /etc/nas_feature is restored on each reboot, so sshd does not run on boot. Even if you change the init script. No dice.

Steps:
1. Set the new admin password in the GUI and enable the first shared folder
2. Set the IP address to fixed - make sure you set the DNS (but you will have to fix this again later)
3. Generate ssh_host_key (dsa), ssh_host_dsa_key, ssh_host_rsa_key (all files are separate invocations of ssh-keygen) on a linux computer (ssh-keygen -t <type> -f <filename> -N "" - create key without a passphrase)
4. Copy the files into the primary share (share).
5. Create a file called "adjust.sh" in any text editor
5a. Add commands to move the ssh_host* files from /mnt/disk1/share to /etc
5b. Add commands to set the file mode of the /etc/ssh*key files to 600
5c. Add commands to set the owner and group of the /etc/ssh*key files to root
5d. Add the following command, replace X.X.X.X with your DNS server: echo "nameserver X.X.X.X" > /etc/resolv.conf
5e. Save adjust.sh
6. Copy adjust.sh into the primary share
7. Use ACP commander to set the root password
8. Use ACP commander to execute "sh /mnt/disk1/share/adjust.sh"
9. Use ACP commander this time (and every subsequent time) to run /usr/sbin/sshd
10. SSH into your LS210D

1-8 are a one time set of instructions.
9 and 10 are on every reboot.
You could try to use ACP commander to generate the ssh-keys in "adjust.sh" directly into /etc - YMMV.

For me, simpler steps in an more controlled environment is saner.

Also, you will want to make the adjust.sh comments be the verbose version so you can see output.

I leave it to someone else to post the files mentioned above. There is enough detail to create them.

If you want to login via ssh keys, you can set them up just as you would any other ssh server.


Top
   
Display posts from previous:  Sort by  
Post new topic  Reply to topic  [ 18 posts ]  Go to page 1 2 Next

All times are UTC+01:00


Who is online

Users browsing this forum: Bing [Bot] and 14 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Powered by phpBB® Forum Software © phpBB Limited